|Applies To||RSA Product Set: NetWitness Logs & Network, Security Analytics|
RSA Product/Service Type: Windows Legacy Collector
RSA Version/Condition: 10.6.x
|Issue||Windows Legacy Collector (WLC) cannot connect to Windows event sources in RSA NetWitness.|
Errors are found in the Windows Legacy Collector logs in the format: Could not connect to server '\\<IP>\ROOT\CIMV2': error code: 80070005: Access is denied.
|Cause||This issue is caused because the NetWitness Log Collector is unable to connect to the remote machine using WMI.|
These errors are likely because of permissions or policy.
Verify the account permissions on the Windows event source that it allows WMI calls is configured per the Legacy Windows Collection
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.
|Legacy Article ID||a65143|