Event ID - 9200

Event Id9200
SourceOnePoint Operations
DescriptionThe socket server on port 1270 received a malformed packet. This may indicate a possible hacking attempt. The binary data for this event contains the data received.
Event InformationAccording to Microsoft:
CAUSE:

This issue may occur if the following conditions are true:
• You have two or more configuration groups that are running MOM 2000 SP1.
• One or more of the MOM agents are multihomed and report to two or more configuration groups.
• You upgrade one of the MOM 2000 SP1 configuration groups to MOM 2005.

When you upgrade a MOM 2000 SP1 configuration group to MOM 2005, all MOM 2000 SP1 agents that report to the upgraded MOM 2005 configuration group are upgraded to MOM 2005. The MOM 2005 agent supports two protocol types for communication: the MOM 2000 SP1 protocol and the MOM 2005 protocol.

When the MOM 2005 service starts, it first tries to communicate with the MOM server by using the MOM 2005 protocol. If this communication attempt is unsuccessful, the MOM 2005 agent then uses the MOM 2000 SP1 protocol. Because the MOM 2000 SP1 server does not understand the MOM 2005 protocol, the MOM 2000 SP1 server generates the 9200 event that is described in the "Symptoms" section. However, when the MOM 2005 agent uses the MOM 2000 SP1 protocol, the MOM 2000 SP1 server accepts communication with the MOM 2005 agent.

Additionally, the MOM 2005 agent service retains the MOM protocol type only while the MOM 2005 service is running. When the MOM 2005 service restarts or encounters network problems, the MOM 2005 agent must redetermine the protocol type. Therefore, the MOM 2005 agent first tries to communicate with the MOM 2000 SP1 server by using the MOM 2005 protocol and then by using the MOM 2000 SP1 protocol. If the server has been upgraded to MOM 2005, the communication attempt is successful, and no error events are logged.
Reference LinksOnePoint Operations 9200 events may be logged in the Application event log on a Microsoft Operations Manager DCAM Server

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.