000031412 - How to troubleshoot Windows Agentless Collection with RSA enVision

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000031412
Applies ToRSA Product Set: enVision
RSA Product/Service Type: enVision Core
RSA Version/Condition: 4.1
Product Description: RSA enVision 1000 EPS[ ES/LS]
IssueHow to troubleshoot NIC Windows Agentless collection 
TasksBased on the enVision deployment, which will be either:
  • Single-Appliance [ES]: The commands below can be executed on your enVision ES appliance. 
  • Multi-Appliance [LS]: The commands below can be executed on your Local-Collector [LC] or [CA1] Active collector in a cluster or Remote-Collector [RC].
1.  At the command prompt change to the E:\envision\bin folder and type the following commands:

  • cd /d %_envision%/bin
    wintool -e "show summary; show threads; show list nd 10000" >c:\nicwintshoot.txt


    This will generate a log named nicwinshoot.txt in the root of the C:\drive.
2.  Open the nicwinshoot.txt file with a text editor and look for the examples below (eee the wintool appendix for more information:
1. (1) WAITING 10.xx.xx.xx Security Microsoft Windows 2000 ( 900 + ) Tue Feb 20 17:22:30 2007 (No new events) (Normal)
2. (2) UNRESPONSIVE 10.xx.xx.xx Security Microsoft Windows XP ( 3600 ~ ) Tue Feb 20 18:07:35 2007 (OpenEventLog failed: A required privilege is not held by the client.) (Improper access rights)
3. (3) DISABLED 10.xx.xx.xx System (84600 ~ ) Wed Feb 21 11:37:51 2007 (Unabled to connect to registry: 5 Access is denied.) (remote registry service not running / Improper access rights)
4. (   10)      DISABLED     10.xx.xx.x                  Application                              (84600 ~ ) Sat Sep 26 06:34:59 2015 (Unable to connect to registry: 53 The network path was not found.)
ResolutionIf the software is unable to connect to the registry with the error due to improper access permissions
(2) UNRESPONSIVE 10.xx.xx.xx Security Microsoft Windows XP ( 3600 ~ ) Tue Feb 20 18:07:35 2007 (OpenEventLog failed: A required privilege is not held by the client.) (Improper access rights)

To resolve this issue,
1.  On your enVision server launch Windows Explorer:

a.  Navigate to the E:\envision\bin folder and run the application runeventvieweras.exe.
b.  Enter an account and password that has admin rights (typically this is the same account used to setup the software under “Manage Windows domains”).
c.  Click on the Event Viewer folder.
d.  Click on the Action menu.
e.  Select Connect to remote computer from the drop down list.
f.  Type in the IP of the server.
g. Click OK. If it connects, try and open each of the logs. If you can view log information this account has the proper access rights.

If the software is unable to connect to registry with an error due to network path not found
Unable to connect to registry: 53 The network path was not found

This error shows that there is a network transit problem blocking/disrupting the communication between your enVision and your Microsoft Server event source that needs to be checked with your network/systems team.

Attachments

    Outcomes