Log collection from a Windows domain controller log source failed using TIBCO LogLogic SEM
Article ID: KB0077422
Updated On:
| Products | Versions |
|---|---|
| TIBCO LogLogic Security Event Manager | all versions |
Description
If your log collector is unable to establish successful connection to a Windows Server 2003 Active Directory host then the procedure below should resolve the issue.
Symptoms include:
Denied Communication Connect on Management Interface.
Connection to the windows host via WMI interface failed.
This is caused by log collector connection parameters under user authentication not being properly configured. The user account does not have enough privileges under CIMV2 on target log source.
Symptoms include:
Denied Communication Connect on Management Interface.
Connection to the windows host via WMI interface failed.
This is caused by log collector connection parameters under user authentication not being properly configured. The user account does not have enough privileges under CIMV2 on target log source.
Issue/Introduction
This articles provides the resolution and explanation for why log collection from a Windows Server 2003 domain controller log source can fail.
Resolution
Enabling the Access to the Workstation Events Control:
1. Log on to the computer you want to monitor with an administrator account.
2. Click on Start > Control Panel > System and Maintenance > Administrative Tools >
Double click on Computer Management.
3. In the Computer Management screen, right click on Services and Applications > WMI
Control and select Properties.
4. In the WMI Control Properties screen, click on the Security tab.
5. Select Root > CIMV2.
6. Click on Security screen, then add your account and tick the Enable and Execute Methods
check-boxes in the Allow column.
1. Log on to the computer you want to monitor with an administrator account.
2. Click on Start > Control Panel > System and Maintenance > Administrative Tools >
Double click on Computer Management.
3. In the Computer Management screen, right click on Services and Applications > WMI
Control and select Properties.
4. In the WMI Control Properties screen, click on the Security tab.
5. Select Root > CIMV2.
6. Click on Security screen, then add your account and tick the Enable and Execute Methods
check-boxes in the Allow column.
Feedback
Yes
No
Powered by
