Can't collect from Windows devices that once worked
First Verify that the devices are communicating to the enVision server and see if there are any messages in the log using Wintool.
- At the cmd prompt change to the e:\nic\%version%\%hostname%\bin folder. Type the following cmd: "wintool -e "show summary; show threads; show list nd 10000" > ..\logs\%COMPUTERNAME%_windows.txt"
- This will generate a log under e:\envision\logs folder with the envision host name_windows.txt. Open this file up with notepad:
Examples of a log file:
(See the "wintool -h" for more info)
? WAITING 10.10.30.10 Security Microsoft Windows 2000 ( 900 + ) Tue Feb 20 17:22:30 2007 (No new events) ( Normal)
? UNRESPONSIVE 10.10.30.190 Security Microsoft Windows XP ( 3600 ~ ) Tue Feb 20 18:07:35 2007 (OpenEventLog failed: A required privilege is not held by the client.) (Improper access rights)
? DISABLED 10.10.30.118 System (84600 ~ ) Wed Feb 21 11:37:51 2007 (Unabled to connect to registry: 5 Access is denied.) (remote registry service not running / Improper access rights)
- Under manage monitored devices is the Analyze Box checked off for the detected windows server?
- If not :
i) Check the box
ii) Click Analyze. Without this box you can not analyze any reporting data for this machine.
Second, let?s verify you have the proper rights setup.
- Using windows explorer go to e:\nic\%version%\%hostname%\bin folder and run the application runeventvieweras.exe.
- Enter an account and password that has admin rights (same account you setup under ?Manage Windows Domains?).
- Click on the Event Viewer folder.
- Click on the Action menu.
- Select ?Connect to remote computer? from the drop down list.
- Type in the IP of the server.
- Click OK. If it connects try and open each of the logs. If you can view log information this account has the proper access rights.
Third, let?s use Wintool to reset windows collection. It?s possible these devices had a problem at some point and automatically disabled collection.
- At the cmd prompt change to the e:\nic\%version%\%hostname%\bin folder. Type the following cmd: "wintool ?e reset". When this completes please type ?exit? to disconnect wintool.
- Wait a minute or two and see if you have any data coming in through event viewer.
Related Articles
RSA enVision NIC Windows Service stopped working Number of Views When extending the Root General Template for Databases, all Database Connectors using that root template stop working in R… Number of Views Failure to map other accounts collected by MAADC, Only the first collected account is mapped in RSA Governance & Lifecycle Number of Views Identifying Custom Attribute column name in RSA Governance & Lifecycle Number of Views AFX connector doesn't resolve password properly Number of Views
Trending Articles
RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Unable to find valid certification path error when logging on to Help Desk Admin Portal (HDAP) and Self-Service Portal (SS… RSA Authentication Manager 8.9 Release Notes (January 2026)
