How to troubleshoot Windows Agentless Collection with RSA enVision
Originally Published: 2015-10-02
Article Number
Applies To
RSA Product/Service Type: enVision Core
RSA Version/Condition: 4.1
Product Description: RSA enVision 1000 EPS[ ES/LS]
Issue
Tasks
- Single-Appliance [ES]: The commands below can be executed on your enVision ES appliance.
- Multi-Appliance [LS]: The commands below can be executed on your Local-Collector [LC] or [CA1] Active collector in a cluster or Remote-Collector [RC].
-
cd /d %_envision%/bin wintool -e "show summary; show threads; show list nd 10000" >c:\nicwintshoot.txt
This will generate a log named nicwinshoot.txt in the root of the C:\drive.
1. (1) WAITING 10.xx.xx.xx Security Microsoft Windows 2000 ( 900 + ) Tue Feb 20 17:22:30 2007 (No new events) (Normal) 2. (2) UNRESPONSIVE 10.xx.xx.xx Security Microsoft Windows XP ( 3600 ~ ) Tue Feb 20 18:07:35 2007 (OpenEventLog failed: A required privilege is not held by the client.) (Improper access rights) 3. (3) DISABLED 10.xx.xx.xx System (84600 ~ ) Wed Feb 21 11:37:51 2007 (Unabled to connect to registry: 5 Access is denied.) (remote registry service not running / Improper access rights) 4. ( 10) DISABLED 10.xx.xx.x Application (84600 ~ ) Sat Sep 26 06:34:59 2015 (Unable to connect to registry: 53 The network path was not found.)
Resolution
(2) UNRESPONSIVE 10.xx.xx.xx Security Microsoft Windows XP ( 3600 ~ ) Tue Feb 20 18:07:35 2007 (OpenEventLog failed: A required privilege is not held by the client.) (Improper access rights)
To resolve this issue,
1. On your enVision server launch Windows Explorer:
a. Navigate to the E:\envision\bin folder and run the application runeventvieweras.exe.
b. Enter an account and password that has admin rights (typically this is the same account used to setup the software under “Manage Windows domains”).
c. Click on the Event Viewer folder.
d. Click on the Action menu.
e. Select Connect to remote computer from the drop down list.
f. Type in the IP of the server.
g. Click OK. If it connects, try and open each of the logs. If you can view log information this account has the proper access rights.
b. Enter an account and password that has admin rights (typically this is the same account used to setup the software under “Manage Windows domains”).
c. Click on the Event Viewer folder.
d. Click on the Action menu.
e. Select Connect to remote computer from the drop down list.
f. Type in the IP of the server.
g. Click OK. If it connects, try and open each of the logs. If you can view log information this account has the proper access rights.
If the software is unable to connect to registry with an error due to network path not found
Unable to connect to registry: 53 The network path was not found
This error shows that there is a network transit problem blocking/disrupting the communication between your enVision and your Microsoft Server event source that needs to be checked with your network/systems team.
Related Articles
How to troubleshoot an RSA Identity Router that is in a Distressed state Number of Views Troubleshooting RSA MFA Agent for Microsoft Windows Number of Views Windows agentless account keeps locking out. Number of Views Windows Agentless ReadEventLog Error 1500 Number of Views How to troubleshoot NTP error Critical Event Notification - Not able to sync time error with RSA Authentication Manager 8.… Number of Views
Trending Articles
Connection fails to Cloud Authentication Service when connecting through a proxy server from RSA Authentication Manager to… Downloading RSA Authentication Manager license files or RSA Software token seed records Unable to login to RSA Authentication Manager Security Console as super admin RSA Authentication Manager 8.9 Release Notes (January 2026) How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device
Don't see what you're looking for?
