Solved

Server Event Log inaccessible from remote server.

Posted on 2007-04-09
3
748 Views
Last Modified: 2012-05-05
A client file server / Domain Controller is giving some strange security problems.  It is running Windows 2003 R2 and in the course of troubeshooting it we tried installing SP2, but it didn't help.  Essentially, we are having problems installing an agent software from their backup application.  However, there are some other issues that seem related to me that may be easier to troubleshoot and get to the root of the problem.  

If I view the event viewer locally on the server, I can view the events.  If I use the MMC and connect to the computer from one of the other Domain Controllers and try to view the Event Log, I get an Access denied error.  Nothing is thrown in the event log of either server when I try to connect so it's not giving me much guidance on what the problem is.  Both servers reside on the same physical subnet.  I can view the event log like this on ANY of the other servers, so I'm guessing this is specific to that server and not the domain itself.  I don't know if this problem existied before, but this domain was renamed about 1 month ago using the domain rename tools.  I have done the following on attempting to troubleshoot:

1. Installed SP2
2. Removed the DC services, remove the server from the domain, re-added it to the domain, re-promoted it.
3. Verified the security on all admin shares
4. Verified file security on the event logs.

None of that helped.  Any suggestions would be greatly appreciated!
0
Comment
Question by:SanDiegoComputer
  • 2
3 Comments
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
ID: 18878404
Try checking the following registry keys on the server in question:

HKLM\SYSTEM\ControlSet001\Control\SecurePipeServers\winreg
HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg

1.  Run REGEDIT and navigate to one of the above subkeys.
2.  Right click the winreg subkey and choose Permissions.
3.  On the Security tab, click Advanced.
4.  On the Permission tab, there should be an item for the "Local Service" account. Select it and click Edit.
5.  Ensure that the "Local Service" account has the following permission for "This Key and Subkeys" (which can be configured in the "Apply To" list box):

Query Value
Enumerate Subkeys
Notify
Read Control

6.  Check the other subkey with the same steps.
0
 
LVL 8

Author Comment

by:SanDiegoComputer
ID: 18880165
Awesome!  I've been doing this for a number of years and worked on this problem for HOURS and that fixed it right away.  The agent software is also installing no problem.  Thanks a bunch!
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 18880414
Glad I could help!  Obviously this is something that is supposed to be set correctly automatically, but I ran across it originally on a system upgrade from Win2K server to Win2K3 server. Missing permissions on these keys prevents all sorts of remote admin functions from working.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

This is my 3rd article on SCCM in recent weeks, the 1st (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html) dealing with installat…
On a regular basis I get questions about slow RDP performance, RDP connection problems, strange errors and even BSOD, remote computers freezing or restarting after initiation of a remote session. In a lot of this cases the quick solutions made b…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now