LockedHot!Event Log Monitor Add-in Issues

Author
rgv75
Beta Users Group
  • Total Posts : 1
  • Reward points: 0
  • Joined: 2010/08/12 11:59:49
  • Status: offline
2021/10/12 18:51:16 (permalink)

Event Log Monitor Add-in Issues

We patched several Windows Server 2016 Standard servers today with the most recent Windows Updates.  IPsentry Event Log Monitor no longer can access the Event Logs for "some" of these updated servers.  We are running IPsentry 7.11.21. We even upgraded to 7.21.60, but the issue persists.
 
This is the error from the plug-in: 
Error during scan: [-2147024891] Error opening event log - Access is denied.
 
Windows Update only installed the following updates on these servers: 
  • 2021-09 Servicing Stack Update for Windows Server 2016 for x64-based Systems (KB5005698)
  • 2021-09 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5005573)
  • Windows Malicious Software Removal Tool x64 (KB890830)
  • VMware, Inc. - Net - 1.9.2.0
 
Here are some troubleshooting steps we took: 
  1. We opened Event Viewer on the server where ipSentry is running. We then do right-click > Connect to Another Computer > selected one of the upgraded servers.  We can still view the event logs.
  2. We can navigate to the UNC path on the remote servers where the Event Logs are stored without any permission issues.
  3. We reverted one of the upgraded servers from a VM snapshot, and ipSentry Event Log Monitor can access the server event logs again.  We re-ran the Windows Update again, and ipSentry cannot view the Event Logs again. This proves the entry is not invalid.
  4. Since Windows Update patched the VM NIC, we removed the VM NIC and reinstalled it, and configured the static IP.
  5. I used the Event Log Monitor entry and scanned another server's Event Log by changing the UNC path.  It works for the non-patched server.
 
What mechanism does the Event Log Monitor add-in use to monitor the remote Event Logs? Any idea on how we can resolve this issue?
 
Thank you.
#1

1 Reply Related Threads

    IPSentrySupport
    Support Guy
    • Total Posts : 2079
    • Reward points: 0
    • Joined: 2006/05/16 21:55:52
    • Status: offline
    Re: Event Log Monitor Add-in Issues 2021/10/13 08:33:39 (permalink)
    Ensure that all computers (ipsentry computer included along with those being monitored) have all updates applied.
    Verify firewall inbound access enabled for Remote Event Log and COM+ Network Access
     

    ---
    IPSentry Support
    RGE, Inc.
    http://www.ipsentry.com
    http://forum.ipsentry.com

    IPSentry® is a Registered Trademark of RGE, Inc.
    #2
    Jump to:
    © 2021 APG vNext Commercial Version 5.5