RSA Admin

Sevice Start and Stop Events not Being Logged to Local Windows System Event Log

Discussion created by RSA Admin Employee on Jun 22, 2012
Latest reply on Jul 16, 2012 by securitysavy
Not sure if anyone has seen this or is even having a problem with this, but I noticed that when NIC services were restarted (Locatot, Alerter, Scheduler, etc) that the Windows Service Control Manager (SCM) events were not being written to the System event log (note that the events were captured by enVision and showing up in NIC_System). I resolved this issue by taking the following actions on each of the enVision appliances: From a command prompt, execute: net stop winmgmt Deleted the ‘Repository’ folder in c:\windows\system32\wbem From a command prompt, execute: net start winmgmt After doing that, the SCM events being appearing in the System event log. Just wanted to post this, in case anyone else was having this issue.

Outcomes