Troubleshooting Tips


 

For the latest Troubleshooting Tips on EventLog Analyzer, visit the Troubleshooting Tips on the website or the public user forums.

 

General [ Show/Hide All ]

  1. Where do I find the log files to send to EventLog Analyzer Support?

    The log files are located in the <EventLogAnalyzer_Home>/server/default/log directory. Typically when you run into a problem, you will be asked to send the serverout.txt file from this directory to EventLog Analyzer Support.

  2. I find that EventLog Analyzer keeps crashing or all of a sudden stops collecting logs. What could be the reason?
  3. How to create SIF (Support Information File) and send the file to ZOHO Corp., if you are not able to perform the same from the Web client.
  4. How to register dll when message files for event sources are unavailable?

Installation [ Show/Hide All ]

  1. EventLog Analyzer displays "Enter a proper ManageEngine license file" during installation.

  2. Unable to bind EventLog Analyzer server to a specific interface.

Startup and Shut Down [ Show/Hide All ]

  1. MySQL-related errors on Windows machines.

  2. EventLog Analyzer displays "Port 8400 needed by EventLog Analyzer is being used by another application. Please free the port and restart EventLog Analyzer"when trying to start the server.

    Probable cause: The default web server port used by EventLog Analyzer is not free.

    Solution: Kill the other application running on port 8400. If you cannot free this port, then change the web server port used in EventLog Analyzer.

  3. EventLog Analyzer displays "Can't Bind to Port <Port Number>" when logging into the UI.

    Probable causes:
    • The syslog listener port of EventLog Analyzer is not free.
    • The one or more internally used ports 5000, 5001, 5002 may not be free.

    Solution:

    • Check for the process that is occupying the syslog listener port or internally used port, using netstat -anp udp . And if possible, try to free up this port.
    • If you have started the server in UNIX machines, please ensure that you start the server as a root user.
    • or, configure EventLog Analyzer to listen to a different syslog listener port and ensure that all your configured hosts send their syslog to the newly configured syslog listener port of EventLog Analyzer.
  4. When the application is started, configureODBC.vbs throws script error or opens with another application. How to overcome this?

Configuration [ Show/Hide All ]

  1. While adding host for monitoring, the 'Verify Login' action throws RPC server unavailable error
  2. While adding host for monitoring, the 'Verify Login' action throws 'Access Denied' error.
  3. When WBEM test is carried out. it fails and shows error message with code 80041010 in Windows Server 2003.
  4. How to enable Object Access logging in Linux OS?
  5. What are commands to start and stop Syslog Deamon, in Solaris 10?

Log Collection and Reporting [ Show/Hide All ]

  1. I've added a host, but EventLog Analyzer is not collecting event logs from it

  2. I get an Access Denied error for a host when I click on Verify Login but I have given the correct login credentials

    Probable cause: There may be other reasons for the Access Denied error.

    Solution: Refer the Cause and Solution for the Error Code you got during Verify login.

     

    Error Code Cause Solution
    0x80070005 Scanning of the Windows workstation failed due to one of the following reasons:
    The login name and password provided for scanning is invalid in the workstation Check if the login name and password are entered correctly
    Remote DCOM option is disabled in the remote workstation Check if Remote DCOM is enabled in the remote workstation. If not enabled, then enable the same in the following way:
    1. Select Start > Run
    2. Type dcomcnfg in the text box and click OK
    3. Select the Default Properties tab
    4. Select the Enable Distributed COM in this machine checkbox
    5. Click OK

    To enable DCOM on Windows XP hosts:

    1. Select Start > Run
    2. Type dcomcnfg in the text box and click OK
    3. Click on Component Services > Computers > My Computer
    4. Right-click and select Properties
    5. Select the Default Properties tab
    6. Select the Enable Distributed COM in this machine checkbox
    7. Click OK
    User account is invalid in the target machine

    Check if the user account is valid in the target machine by opening a command prompt and executing the following commands:

    net use \\<RemoteComputerName>\C$ /u:<DomainName\UserName> "<password>"
    net use \\<RemoteComputerName>\ADMIN$ /u:<DomainName\UserName> "<password>"

    If these commands show any errors, the provided user account is not valid on the target machine.

    0x80041003 The user name provided for scanning does not have sufficient access privileges to perform the scanning operation. Probably, this user does not belong to the Administrator group for this host machine Move the user to the Administrator Group of the workstation or scan the machine using an administrator (preferably a Domain Administrator) account.
    0x800706ba A firewall is configured on the remote computer. Such exceptions mostly occur in Windows XP (SP 2), when the default Windows firewall is enabled.
    1. Disable the default Firewall in the Windows XP machine:
      1. Select Start > Run
      2. Type Firewall.cpl and click OK
      3. In the General tab, click Off
      4. Click OK
    2. If the firewall cannot be disabled, launch Remote Administration for administrators on the remote machine by executing the following command:
      netsh firewall set service RemoteAdmin

      After scanning, you can disable Remote Administration using the following command:
      netsh firewall set service RemoteAdmin disable
    0x80040154
    1. WMI is not available in the remote windows workstation. This happens in Windows NT. Such error codes might also occur in higher versions of Windows if the WMI Components are not registered properly.
    2. WMI Components are not registered
    1. Install WMI core in the remote workstation. This can be downloaded from the Microsoft web site.
    2. Register the WMI DLL files by executing the following command in the command prompt:
      winmgmt /RegServer
    0x80080005 There is some internal execution failure in the WMI Service (winmgmt.exe) running in the host machine. The last update of the WMI Repository in that workstation could have failed.

    Restart the WMI Service in the remote workstation:

    1. Select Start > Run
    2. Type Services.msc and click OK
    3. In the Services window that opens, select Windows Management Instrumentation service.
    4. Right-click and select Restart
    For any other error codes, refer the MSDN knowledge base
  3. I have added an Custom alert profile and enabled it. But the alert is not generated in EventLog Analyzer even though the event has occured in the host machine

  4. When I create a Custom Report, I am not getting the report with the configured message in the Message Filter

  5. MS SQL server for EventLog Analyzer stopped

  6. I successfully configured Oracle host(s),still cannot view the data

    If Oracle host is Windows, open Event viewer in that machine and check for Oracle source logs under Application type. If Linux, check the appropriate log file to which you are writing Oracle logs. If the Oracle logs are available in the specified file, still ELA is not collecting the logs, contact EventLog Analyzer Support.

For any other issues, please contact EventLog Analyzer Technical Support.

Copyright © 2012, ZOHO Corp. All Rights Reserved.
ManageEngine