This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Problem monitoring 2008 Server Event Logs in different domain

I am having a problem monitoring Event Logs on a 2008 Windows Server in a different domain from which ipMonitor is installed.  Currently I have ipMonitor installed on a Windows Server 2003 server in Domain A. I can successfully monitor Windows Event Logs on Windows Server 2003 servers in Domain B using local accounts.  But now, I have a Windows Server 2008 server in Domain B and it does not work with local accounts.  I get "Access rights are insufficient" and/or "The RPC server is unavailable; oserror: 0x800706ba".  Any ideas?

  • What options are selected under the usage restrictions for the credential you have configured?

    If you do not have "May be used with NTLM Authentication Schemes (Windows NT Lan Manager)" checked then give that a try.  Uncheck "May be used with Windows Impersonation for use with RPC" when you make this change as that restriction takes precedence over the NTLM option.

    Also make sure there is no firewall in the middle blocking WMI connections.

  • I tried that and it did not work either, I still received "Access rights are insufficient".  However, what I did figure out is this:

    1. The monitor works if I use an ipMonitor credential that is linked to the 'builtin' Local Administrator account on the other domain Windows 2008 server, but I am not allowed to do that per our security policy.

    2. I was also able to get this to work by DISABLING the other domain Windows 2008 server's Local Policies >> Security Options >> User Account Control: Run all administrators in Admin Approval Mode and then using the local administrator user account I created for ipMonitor to use....But even in this case, I may not be able to configure it this way if our company's securlty policy does not allow me to disable UAC.

    Thanks, Rich