2 Replies Latest reply on Jun 9, 2010 4:06 PM by erharj

    Problem monitoring 2008 Server Event Logs in different domain

    erharj

      I am having a problem monitoring Event Logs on a 2008 Windows Server in a different domain from which ipMonitor is installed.  Currently I have ipMonitor installed on a Windows Server 2003 server in Domain A. I can successfully monitor Windows Event Logs on Windows Server 2003 servers in Domain B using local accounts.  But now, I have a Windows Server 2008 server in Domain B and it does not work with local accounts.  I get "Access rights are insufficient" and/or "The RPC server is unavailable; oserror: 0x800706ba".  Any ideas?

        • Re: Problem monitoring 2008 Server Event Logs in different domain
          mdiotte

          What options are selected under the usage restrictions for the  credential you have configured?

          If you do not have "May be used with NTLM Authentication Schemes  (Windows NT Lan Manager)" checked then give that a try.  Uncheck "May be  used with Windows Impersonation for use with RPC" when you make this  change as that restriction takes precedence over the NTLM option.

          Also make sure there is no firewall in the middle blocking WMI  connections.

            • Re: Problem monitoring 2008 Server Event Logs in different domain
              erharj

              I tried that and it did not work either, I still received "Access rights are insufficient".  However, what I did figure out is this:

              1. The monitor works if I use an ipMonitor credential that is linked to the 'builtin' Local Administrator account on the other domain Windows 2008 server, but I am not allowed to do that per our security policy.

              2. I was also able to get this to work by DISABLING the other domain Windows 2008 server's Local Policies >> Security Options >> User Account Control: Run all administrators in Admin Approval Mode and then using the local administrator user account I created for ipMonitor to use....But even in this case, I may not be able to configure it this way if our company's securlty policy does not allow me to disable UAC.

              Thanks, Rich