User-ID Agent - [Error 115]: Cannot open security log for DC..

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

User-ID Agent - [Error 115]: Cannot open security log for DC..

L1 Bithead

These errors just don't make sense to me, I have followed everything as required.

 

I am currently doing this in my lab and I'm stuck with this error about permissions, I have given permisions for event log readers, server operators and distributed com users.

 

Any ideas on what's missing?

 

I have installed the agent on win7 and the AD is on win srv 2012.

 

09/30/18 23:59:40:445[ Info 2145]: ------------Service is being started------------

09/30/18 23:59:40:445[ Info 2152]: Os version is 6.1.1.

09/30/18 23:59:40:445[ Info 608]: Load debug log level Info.

09/30/18 23:59:40:445[ Info 557]: Service version is 8.0.10.7.

09/30/18 23:59:40:445[ Info 611]: Product version is 8.0.10.

09/30/18 23:59:40:460[ Info 1132]: Found 0 ACL config. 0 processed.

09/30/18 23:59:40:460[ Info 1160]: Found 0 VM info source config. 0 processed.

09/30/18 23:59:40:460[ Info 1168]: Found 0 Syslog Profile(s) config.

09/30/18 23:59:40:460[ Info 1230]: Found 1 server config.

09/30/18 23:59:40:460[ Info 1265]: Found 0 include-exclude networks. 0 processed.

09/30/18 23:59:40:460[ Info 1290]: Found 0 custom log format config.

09/30/18 23:59:40:460[ Info 1297]: No xml element servercert.

09/30/18 23:59:40:460[ Info 148]: Load 8 build-in formats and 0 custom formats for parsing security log.

09/30/18 23:59:40:460[ Info 345]: DC security log and session query threads for server dc.akmlab.com(index 0) are started.

09/30/18 23:59:40:460[ Info 707]: Active Directory gets started.

09/30/18 23:59:40:460[ Info 742]: User-ID VM monitor service started.

09/30/18 23:59:40:460[ Warn 923]: Unsupported file format for UserIpMap.txt. We support ANSI and UTF-8 format.

09/30/18 23:59:40:913[Error 115]: Cannot open security log for DC dc.akmlab.com - A required privilege is not held by the client.

 

09/30/18 23:59:41:084[ Info 1241]: New connection 127.0.0.1 : 57678.

09/30/18 23:59:41:084[ Info 1314]: Device thread 0 with 127.0.0.1 : 57678 is started.

09/30/18 23:59:41:178[ Info 3396]: Device thread 0 accept finished

23 REPLIES 23

In my case I removed patch KB5003646 from the User-ID server and it resolved the issue for most but unfortunately our patch team didn't apply the patches to all DC's so it's hit or miss.

Does anyone know if the latest User-ID agent version is unaffected? I'm currently on 10.0.0-30.

Thanks for the KB like and the same level patch working fine for us now

L0 Member

Hi

Same issue... June 2021 Patch. Do you have the KB Number ?

Hi MichaelMelone

Can you give me more detail about the windows patch which solve your issue please ?

Rgds

 

V.

Hi Vince, it was the  June 2021 Cumulative Update for Windows Server

L2 Linker

Looks like latest Windows server patches may be causing this issue again.

windows patch.JPG

L0 Member

2022-03 update same problem  😞 ffs

L0 Member

I encountered this problem one year ago and resole it easily with made last update of windows server.

But now it returned on Windows 2019 server and It's very difficult undestrand wich update cause it, because windows updates are deploy with cumulative release.

 

Anyone resolved it?Advice

 

 

 

  • 28809 Views
  • 23 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!