Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

After ADPREP - no access to event viewer !

Posted on 2004-10-27
11
Medium Priority
?
152 Views
Last Modified: 2010-04-14
Hello there,

I've just DCPROMOed a newly cleaned up Windows 2003 into my existing 2000 domain.

For those that know, you have to run ADPREP /forestprep and /domainprep which went well.

Not sure if this is related, but this morning, I cannot view any of the Event Logs (except System) on the machine - I am using the Domain Administrator account.

I'm a little concerned - but I can actually view the events using DAMEWARE tools (3rd party networking tools) from my local machine ... which is perhaps even odder !

I've tried using a MMC from another DC to view them and have the same issue.

The AD itself seems fine and usable from the Windows 2003 machine.

I'm a bit a baffled.

Any ideas ?

S.S.

0
Comment
Question by:SpencerSteel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
11 Comments
 
LVL 20

Accepted Solution

by:
Debsyl99 earned 750 total points
ID: 12420134
Hi

So the event viewer actually opens - you just can't read the logs except system?

Have you tried deleting or moving the logs, and recreating them? It maybe worth a try to see if you can get the functionality back,
How to Delete Corrupt Event Viewer Log Files
http://support.microsoft.com/kb/172156/EN-US/

Deb :))
0
 

Author Comment

by:SpencerSteel
ID: 12420580
Hello again Debs,

I'm actually thinking this is a little more serious than this - it's a 'permissions' things - that my 'Administrator' account is somehow screwed

I have another system of SQLAGENT starting and then stopping instantly as a service ... that runs under the ./Administrator account.

I'll post more when I get a chance to look at it properly.

Thanks Debs

S.S.
0
 
LVL 7

Expert Comment

by:corneliup
ID: 12420595
Had same problem a year and so ago, right click your logs (the ones that you can't see) and check under view if you have checked "all records" or "filter".
The logs are there but you can't see them, they are hidden by a filter.
0
Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

 

Author Comment

by:SpencerSteel
ID: 12420737
Just to clarify ...

As soon as I click, say, 'Application' on the right hand pane, the icon changes into one with a red cross on it ... and I get a popup in the left hand side that says

"Unable to complete the operation on "Application". Access is denied"

I'm sorry for the misunderstanding.

Basically, this looks like the Administrator account has lost some of it's 'Enterprise' type priviledges.

I just had a similiar thing with the SQLAGENT - once I changed it to run under SYSTEM account, it started fine.

Therefore I may have to open a new ticket called 'resetting Administrator priviledges' or something

It's quite worrying and very odd, as SQL Server itself and the rest of the server seem to be OK ... can't see anything in the Event log (from looking at it from my software) that seems to be too worrying either.

So, it's 'just' a permissions things, with this Event viewer being a visible 'symptom'

The machines hate me.

All of them.

Thanks

S.S.
0
 

Author Comment

by:SpencerSteel
ID: 12420801
The machines hate me - and I can't tell my left from my right ....

As soon as I click, say, 'Application' on the LEFT hand pane, the icon changes into one with a red cross on it ... and I get a popup in the RIGHT hand side that says

"Unable to complete the operation on "Application". Access is denied"


My head hangs in shame

S.S.
0
 
LVL 7

Assisted Solution

by:corneliup
corneliup earned 750 total points
ID: 12421114
have you checked the rights on:

C:\%SYSTEMROOT%\SYSTEM32\CONFIG\*.EVT

wich are the logs?

On my servers I have only System and Administrators "full controll"

0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12421710
Eek - looks like some messed up permissions somewhere for sure - check that the account that you're using is member of the correct groups:

ie Administrators
Domain Admins
Domain Users
etc etc.

I'd also check the permissions on the root drive ie C: - Default is full control everyone - scary I know, but changing this can lead to problems - if it has changed, you'll need to change it back, or I'll post a link on hardening it up,

Deb :))
0
 

Author Comment

by:SpencerSteel
ID: 12442711
Just to let you know, i've logged an email 'incident' with MS to look into this, as I want to make sure there is nothing untoward going on with the Administrator account at a low level in the AD.

I'll let you know the results.

S.S.
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12442773
No probs S.S - Have you checked into the group membership of the admin account, and the assigned priveleges to the various admin related groups? Most of the rights assigments to carry out server based tasks is assigned to the administrators group, of which the Administrator account is a member of.

Have you tried creating a specific user account, then giving it membership of the groups relevant to the built in Administrator account and seeing if that works - Administrators, Domain Admins, Enterprise Admins etc

It's most unusual that rights should just spontaneously change........ Will look forward to seeing what the great MS have to say.

Deb :))
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12670475
Is this by any chance related to your twin mutant admin accounts? (ROFL - I know it's not funny, sorry!) - Keep us updated!
Deb x
0
 

Author Comment

by:SpencerSteel
ID: 12754185
OK - after many, many weeks of twatting around ... we (MS and I) came to the conclusion there was *something* running in the Computer Associates Arceserve 11.01 'trail' software (I was awaiting the keys from an 9.01 upgrade!) ... once the keys came the the software was fully 'unlocked' both the Permissions Denied on the event log and 'mutant admin account' were fine.

No. I have NO IDEA either. But it's all sorted itself out.

And thank God this has been documented by MS or I wouldn't believe it either.

I'm giving the points to Debs because I can't be arsed to find the refund button and she's always there for me.
0

Featured Post

Tech or Treat! - Giveaway

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Article by: evilrix
Looking for a way to avoid searching through large data sets for data that doesn't exist? A Bloom Filter might be what you need. This data structure is a probabilistic filter that allows you to avoid unnecessary searches when you know the data defin…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question