|Applies To||enVision 3.7.0|
|Issue||Fix Windows collection to collect logs from Windows machine that once was working.|
Can't collect from Windows devices that once worked
First Verify that the devices are communicating to the enVision server and see if there are any messages in the log using Wintool.
Examples of a log file:
(See the "wintool -h" for more info)
? WAITING 10.10.30.10 Security Microsoft Windows 2000 ( 900 + ) Tue Feb 20 17:22:30 2007 (No new events) ( Normal)
? UNRESPONSIVE 10.10.30.190 Security Microsoft Windows XP ( 3600 ~ ) Tue Feb 20 18:07:35 2007 (OpenEventLog failed: A required privilege is not held by the client.) (Improper access rights)
? DISABLED 10.10.30.118 System (84600 ~ ) Wed Feb 21 11:37:51 2007 (Unabled to connect to registry: 5 Access is denied.) (remote registry service not running / Improper access rights)
i) Check the box
ii) Click Analyze. Without this box you can not analyze any reporting data for this machine.
Second, let?s verify you have the proper rights setup.
Third, let?s use Wintool to reset windows collection. It?s possible these devices had a problem at some point and automatically disabled collection.
|Legacy Article ID||a44619|