How to troubleshoot Windows Agentless Collection with RSA enVision
Originally Published: 2015-10-02
Article Number
Applies To
RSA Product/Service Type: enVision Core
RSA Version/Condition: 4.1
Product Description: RSA enVision 1000 EPS[ ES/LS]
Issue
Tasks
- Single-Appliance [ES]: The commands below can be executed on your enVision ES appliance.
- Multi-Appliance [LS]: The commands below can be executed on your Local-Collector [LC] or [CA1] Active collector in a cluster or Remote-Collector [RC].
-
cd /d %_envision%/bin wintool -e "show summary; show threads; show list nd 10000" >c:\nicwintshoot.txt
This will generate a log named nicwinshoot.txt in the root of the C:\drive.
1. (1) WAITING 10.xx.xx.xx Security Microsoft Windows 2000 ( 900 + ) Tue Feb 20 17:22:30 2007 (No new events) (Normal) 2. (2) UNRESPONSIVE 10.xx.xx.xx Security Microsoft Windows XP ( 3600 ~ ) Tue Feb 20 18:07:35 2007 (OpenEventLog failed: A required privilege is not held by the client.) (Improper access rights) 3. (3) DISABLED 10.xx.xx.xx System (84600 ~ ) Wed Feb 21 11:37:51 2007 (Unabled to connect to registry: 5 Access is denied.) (remote registry service not running / Improper access rights) 4. ( 10) DISABLED 10.xx.xx.x Application (84600 ~ ) Sat Sep 26 06:34:59 2015 (Unable to connect to registry: 53 The network path was not found.)
Resolution
(2) UNRESPONSIVE 10.xx.xx.xx Security Microsoft Windows XP ( 3600 ~ ) Tue Feb 20 18:07:35 2007 (OpenEventLog failed: A required privilege is not held by the client.) (Improper access rights)
To resolve this issue,
1. On your enVision server launch Windows Explorer:
a. Navigate to the E:\envision\bin folder and run the application runeventvieweras.exe.
b. Enter an account and password that has admin rights (typically this is the same account used to setup the software under “Manage Windows domains”).
c. Click on the Event Viewer folder.
d. Click on the Action menu.
e. Select Connect to remote computer from the drop down list.
f. Type in the IP of the server.
g. Click OK. If it connects, try and open each of the logs. If you can view log information this account has the proper access rights.
b. Enter an account and password that has admin rights (typically this is the same account used to setup the software under “Manage Windows domains”).
c. Click on the Event Viewer folder.
d. Click on the Action menu.
e. Select Connect to remote computer from the drop down list.
f. Type in the IP of the server.
g. Click OK. If it connects, try and open each of the logs. If you can view log information this account has the proper access rights.
If the software is unable to connect to registry with an error due to network path not found
Unable to connect to registry: 53 The network path was not found
This error shows that there is a network transit problem blocking/disrupting the communication between your enVision and your Microsoft Server event source that needs to be checked with your network/systems team.
Related Articles
RSA DS100 Deployment Guide Number of Views How to find your Customer ID (Site ID) within the myRSA website Number of Views RSA SecurID Software Token for Android Quick Start (Spanish) Number of Views Quick Setup Guide - FIDO Number of Views RSA SecurID Authentication Agent 8.1 for PAM Installation and Configuration Guide for AIX (Spanish) Number of Views
Trending Articles
How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device Artifacts to gather in RSA Identity Governance & Lifecycle RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide How to Download OTP Token Seed Files from myRSA
Don't see what you're looking for?
