000017436 - Windows Legacy Collector cannot connect to Windows event sources in RSA NetWitness Platform

[windows.win2003] [processing] [WorkUnit] [processing] Could not connect to server '\\win2003.local.net\ROOT\CIMV2': error code: 80070005: Access is denied.

Verify the account permissions on the Windows event source that it allows WMI calls is configured per the Legacy Windows Collection
Update & Installation Guide.

WMI access from the Windows Legacy Collector server to a remote machine can be tested from the DOS command line using the wmic command.

For example, run over WMI the wmic command to display the remote machine's operating system name.

wmic /node:{IP} /user:{User} os get caption

Substitute

{IP} with the IP address of the remote machine the Windows Legacy Collector server will connect to
{User} with the login that connects to the remote machine (the same login the Log Collector service is configured with)

For example,
 

C:\Users\Administrator>wmic /node:192.168.1.2 /user:sauser os get caption
Enter the password :********

Caption
Microsoft Windows Server 2003 R2 Standard

If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.