Link to home
Start Free TrialLog in
Avatar of SpencerSteel
SpencerSteel

asked on

After ADPREP - no access to event viewer !

Hello there,

I've just DCPROMOed a newly cleaned up Windows 2003 into my existing 2000 domain.

For those that know, you have to run ADPREP /forestprep and /domainprep which went well.

Not sure if this is related, but this morning, I cannot view any of the Event Logs (except System) on the machine - I am using the Domain Administrator account.

I'm a little concerned - but I can actually view the events using DAMEWARE tools (3rd party networking tools) from my local machine ... which is perhaps even odder !

I've tried using a MMC from another DC to view them and have the same issue.

The AD itself seems fine and usable from the Windows 2003 machine.

I'm a bit a baffled.

Any ideas ?

S.S.

ASKER CERTIFIED SOLUTION
Avatar of Debsyl99
Debsyl99

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of SpencerSteel
SpencerSteel

ASKER

Hello again Debs,

I'm actually thinking this is a little more serious than this - it's a 'permissions' things - that my 'Administrator' account is somehow screwed

I have another system of SQLAGENT starting and then stopping instantly as a service ... that runs under the ./Administrator account.

I'll post more when I get a chance to look at it properly.

Thanks Debs

S.S.
Had same problem a year and so ago, right click your logs (the ones that you can't see) and check under view if you have checked "all records" or "filter".
The logs are there but you can't see them, they are hidden by a filter.
Just to clarify ...

As soon as I click, say, 'Application' on the right hand pane, the icon changes into one with a red cross on it ... and I get a popup in the left hand side that says

"Unable to complete the operation on "Application". Access is denied"

I'm sorry for the misunderstanding.

Basically, this looks like the Administrator account has lost some of it's 'Enterprise' type priviledges.

I just had a similiar thing with the SQLAGENT - once I changed it to run under SYSTEM account, it started fine.

Therefore I may have to open a new ticket called 'resetting Administrator priviledges' or something

It's quite worrying and very odd, as SQL Server itself and the rest of the server seem to be OK ... can't see anything in the Event log (from looking at it from my software) that seems to be too worrying either.

So, it's 'just' a permissions things, with this Event viewer being a visible 'symptom'

The machines hate me.

All of them.

Thanks

S.S.
The machines hate me - and I can't tell my left from my right ....

As soon as I click, say, 'Application' on the LEFT hand pane, the icon changes into one with a red cross on it ... and I get a popup in the RIGHT hand side that says

"Unable to complete the operation on "Application". Access is denied"


My head hangs in shame

S.S.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Eek - looks like some messed up permissions somewhere for sure - check that the account that you're using is member of the correct groups:

ie Administrators
Domain Admins
Domain Users
etc etc.

I'd also check the permissions on the root drive ie C: - Default is full control everyone - scary I know, but changing this can lead to problems - if it has changed, you'll need to change it back, or I'll post a link on hardening it up,

Deb :))
Just to let you know, i've logged an email 'incident' with MS to look into this, as I want to make sure there is nothing untoward going on with the Administrator account at a low level in the AD.

I'll let you know the results.

S.S.
No probs S.S - Have you checked into the group membership of the admin account, and the assigned priveleges to the various admin related groups? Most of the rights assigments to carry out server based tasks is assigned to the administrators group, of which the Administrator account is a member of.

Have you tried creating a specific user account, then giving it membership of the groups relevant to the built in Administrator account and seeing if that works - Administrators, Domain Admins, Enterprise Admins etc

It's most unusual that rights should just spontaneously change........ Will look forward to seeing what the great MS have to say.

Deb :))
Is this by any chance related to your twin mutant admin accounts? (ROFL - I know it's not funny, sorry!) - Keep us updated!
Deb x
OK - after many, many weeks of twatting around ... we (MS and I) came to the conclusion there was *something* running in the Computer Associates Arceserve 11.01 'trail' software (I was awaiting the keys from an 9.01 upgrade!) ... once the keys came the the software was fully 'unlocked' both the Permissions Denied on the event log and 'mutant admin account' were fine.

No. I have NO IDEA either. But it's all sorted itself out.

And thank God this has been documented by MS or I wouldn't believe it either.

I'm giving the points to Debs because I can't be arsed to find the refund button and she's always there for me.