How to troubleshoot Windows Agentless Collection with RSA enVision
Originally Published: 2015-10-02
Article Number
Applies To
RSA Product/Service Type: enVision Core
RSA Version/Condition: 4.1
Product Description: RSA enVision 1000 EPS[ ES/LS]
Issue
Tasks
- Single-Appliance [ES]: The commands below can be executed on your enVision ES appliance.
- Multi-Appliance [LS]: The commands below can be executed on your Local-Collector [LC] or [CA1] Active collector in a cluster or Remote-Collector [RC].
-
cd /d %_envision%/bin wintool -e "show summary; show threads; show list nd 10000" >c:\nicwintshoot.txt
This will generate a log named nicwinshoot.txt in the root of the C:\drive.
1. (1) WAITING 10.xx.xx.xx Security Microsoft Windows 2000 ( 900 + ) Tue Feb 20 17:22:30 2007 (No new events) (Normal) 2. (2) UNRESPONSIVE 10.xx.xx.xx Security Microsoft Windows XP ( 3600 ~ ) Tue Feb 20 18:07:35 2007 (OpenEventLog failed: A required privilege is not held by the client.) (Improper access rights) 3. (3) DISABLED 10.xx.xx.xx System (84600 ~ ) Wed Feb 21 11:37:51 2007 (Unabled to connect to registry: 5 Access is denied.) (remote registry service not running / Improper access rights) 4. ( 10) DISABLED 10.xx.xx.x Application (84600 ~ ) Sat Sep 26 06:34:59 2015 (Unable to connect to registry: 53 The network path was not found.)
Resolution
(2) UNRESPONSIVE 10.xx.xx.xx Security Microsoft Windows XP ( 3600 ~ ) Tue Feb 20 18:07:35 2007 (OpenEventLog failed: A required privilege is not held by the client.) (Improper access rights)
To resolve this issue,
1. On your enVision server launch Windows Explorer:
a. Navigate to the E:\envision\bin folder and run the application runeventvieweras.exe.
b. Enter an account and password that has admin rights (typically this is the same account used to setup the software under “Manage Windows domains”).
c. Click on the Event Viewer folder.
d. Click on the Action menu.
e. Select Connect to remote computer from the drop down list.
f. Type in the IP of the server.
g. Click OK. If it connects, try and open each of the logs. If you can view log information this account has the proper access rights.
b. Enter an account and password that has admin rights (typically this is the same account used to setup the software under “Manage Windows domains”).
c. Click on the Event Viewer folder.
d. Click on the Action menu.
e. Select Connect to remote computer from the drop down list.
f. Type in the IP of the server.
g. Click OK. If it connects, try and open each of the logs. If you can view log information this account has the proper access rights.
If the software is unable to connect to registry with an error due to network path not found
Unable to connect to registry: 53 The network path was not found
This error shows that there is a network transit problem blocking/disrupting the communication between your enVision and your Microsoft Server event source that needs to be checked with your network/systems team.
Related Articles
RSA DS100 Deployment Guide Number of Views How to find your Customer ID (Site ID) within the myRSA website Number of Views RSA SecurID Software Token for Android Quick Start (Spanish) Number of Views Where can I find my Partner Site ID if I am an RSA SecurWorld Partner? Number of Views Quick Setup Guide - FIDO Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager Patch Updates How to verify that RSA Authentication Agent for Windows can perform challenge user lookups across different Active Directo… Troubleshooting RSA MFA Agent for Microsoft Windows Replication Showing Internal Replication Error During Upgrade to RSA Authentication Manager 8.2
Don't see what you're looking for?
