Cardlytics
asked on
EventcombMT won't pull 4740 events from a remote domain controller.
We use EventcombMT to scan our domain controllers for Event 4740, which tells us what server/PC is causing a user to get locked out.
It runs fine when we run it from a domain controller.
But when I run it from my Windows 7 laptop logged on as a domain admin it successfully scans the exact same number of events but doesn't show any hits on 4740.
It appears to be the same number of event log entries scanned and the same settings chosen in the search. But it gets results when run from the domain controller but none if we run it from out desktops/laptops.
Ideas?
It runs fine when we run it from a domain controller.
But when I run it from my Windows 7 laptop logged on as a domain admin it successfully scans the exact same number of events but doesn't show any hits on 4740.
It appears to be the same number of event log entries scanned and the same settings chosen in the search. But it gets results when run from the domain controller but none if we run it from out desktops/laptops.
Ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Another alternative, neat, why not. Event-triggering is the best way here, right.
ASKER
Found an alternate process. Google to the rescue!
Powershell is by far more flexible and compatible.
Sorry, I have no idea why it wouldn't work, we dumped eventcomb and dumpel.exe years ago.