Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.

System.IO.IOException: Pipe is broken

Starting Dec 21st we started seeing a tremendous amount of errors on both our Server Infrastructure and Endpoint devices.  This created issues with certain .NET related applications on end users workstations that required restarting various applications. One application particularly troublesome was Mimecast For Outlook. Upon investigating we found that the only resolution to fix these errors was to completely remove Sophos (obviously that's not a solution nor a risk we're willing to take). 

Sample Errors - 

28-12-2020 09:07:41,964 ERROR [12] HOST: Domain Unhandled Exception: System.IO.IOException: The pipe is being closed.

   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.Pipes.NamedPipeServerStream.BeginWaitForConnection(AsyncCallback callback, Object state)
   at System.IO.Pipes.NamedPipeServerStream.WaitForConnection()
   at Mimecast.Mapi.Remote.NamedPipesServer.AcceptPipeConnection(IAsyncResult asyncResult)
   at System.IO.Pipes.NamedPipeServerStream.AsyncWaitForConnectionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOverlapped)
   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP). IsTerminating: True (Program)

Message=Application: msddsk.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.Pipes.PipeStream.WinIOError(Int32)
   at System.IO.Pipes.NamedPipeServerStream.GetImpersonationUserName()
   at Mimecast.Mapi.Remote.NamedPipesServer.AcceptPipeConnection(System.IAsyncResult)
   at System.IO.Pipes.NamedPipeServerStream.AsyncWaitForConnectionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

Is anyone else seeing this? We'll certainly open a Ticket with support but wanted to also understand the scope. 

Parents
  • New Update from support; :D

    "The issue you are experiencing here caused by our MTR service has been acknowledged by development and a fix is being pushed out momentarily which should resolve this for you. I shall update you once the release is complete."

  • Thanks.  Yes i have had this confirmation (below) that it is now fixed, I have asked for clarification about why they ask to disable controlled update.  My PC must have already updated and the Mimecast issue now fixed.  I suggest you test your other apps that have been affected after applying the update.

    The reported issue has been addressed from backend by sophos .
    MTR query pack has been updated on next update you will receive it. (please disable control update in central if enabled )
    Now you should perform sophos update and check whether .net / Mimecast is crashing or not on system 

  • They mentioned the controlled update function because some folks disable updates via this function; they were just saying to make sure you have controlled updates off so systems get the update.  Did the version(s) of the various components in the endpoint agent change?  I don't think mine have, we have:

    Core Agent: 2.10.8

    Endpoint Advanced: 10.8.9.2

    Intercept X: 2.0.18

    MTR: 1.0.3.11

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • They mentioned the controlled update function because some folks disable updates via this function; they were just saying to make sure you have controlled updates off so systems get the update.  Did the version(s) of the various components in the endpoint agent change?  I don't think mine have, we have:

    Core Agent: 2.10.8

    Endpoint Advanced: 10.8.9.2

    Intercept X: 2.0.18

    MTR: 1.0.3.11

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children