'An unknown error has occured' / 'Error Code: 800706be' .... is a frustrating occurance! The known error handlers with solutions are documented below to help you have the product up and running in the quickest time possible.
Error Code |
System Message |
Cause |
Solution |
80070005 |
Access is denied |
Not enough user credentials provided to collect audit data. |
|
8004106C |
WMI Quota violation / Memory leak. |
WMI is taking up too much memory. |
Native Mode for event collection is recommended to overcome errors while collecting event log data using WMI service. Also, sometimes the error normally gets fixed in the next event collection itself. |
800706BA |
The RPC server is unavailable. Error Code: 6ba |
The temporary inability of the software (Server Down/Not Reachable/Busy) to connect to the Domain Controller/File Server for collecting event logs and may get fixed during the next event collection schedule. |
Please ensure, these ports are not blocked by any
firewall (Interrupting the communication between ADAudit
plus & Servers). You can also use our free tool DMZ
PORT ANALYZER to find the list of
ports to be opened. |
800706BE |
Remote Procedure Call Failed. Error Code: 6be |
Server Connection lost when attempting a remote procedure call for event collection. |
Usually a retry of the event fetch will solve this issue. If the error still recurs ping the server, from where the product is installed. |
8007200f |
Authentication Error |
When, ADAudit Plus is unable to contact the Domain Controller.
|
Please try to connect/ping all the
Domain Controllers listed under "Domain Settings" link
from the computer where the product is installed.
|
8007203a |
The server is not operational. |
||
522 |
A required privilege is not held by the client. |
The user account provided to ADAudit Plus doesn't have 'Event Log Read permission'. |
Find the privileges required for collecting data from Security Log. |
Error Code |
System Message |
Cause |
Solution |
5 |
Access is Denied. |
No Access Permission. |
Check the Domain Account configured in domain settings has access privilege to the particular machine. |
Access denied error for "Logon Session" |
Access is Denied. |
A missing registry value in the computer from where the error message occurs. |
Please make sure that "AllowRemoteRPC" flag is not set
on the target machine. |
Error Code |
System Message |
Cause |
Solution |
12 |
There are no more files to read. |
When there are no more evt files to be read. |
Check the NetAppEvt file path in the default location:
\\NetApp Filer Name\etc$\log |
2 |
The System cannot find the file specified. |
The NetApp auditing Evt file does not exist in the specified location. |
Check the NetAppEvt file path in the default location: \\NetApp Filer Name\etc$\log. Also, check in the following location: \\NetApp Filer\C$\etc\log Also, please configure in ADAudit Plus. |
3 |
The System can not find the path specified. |
The NetApp auditing Evt file share path configured in ADAudit Plus is incorrect. |
Check the NetAppEvt file path in the default location: \\NetApp Filer Name\etc$\log. Also, check in the following location: \\NetApp Filer\C$\etc\log, configure in ADAudit Plus. |
5 |
Access is Denied. |
Not able to read the evt file on the evt share path. |
Check the Domain Account configured in domain settings page has read privileges. |
- |
Bad username or password / Authorization Failed. |
The username / password given in ADAudit Plus to connect to the NetApp Filer is incorrect. |
Please enter the correct credentials in ADAudit Plus. |
8 |
Not enough storage is available to process this command. |
Not able to load the evt file on the system memory space. |
Check the RAM size. |
1392 |
The file or directory is corrupted and unreadable. |
The evt file on the NetApp Filer is corrupted. |
Repair / delete the corrupted evt file on the Filer. |
ADAudit Plus does not load after installation |
Port already in use. |
ADAudit Plus runs on Port 8081, if another application is occupying 8081 on the same machine, ADAudit plus will not start. |
1. Go to |
ADAudit Plus Service Won’t Start |
1. ADAudit Plus is already running as standalone
software |
1. ADAudit Plus cannot be started as a Windows Service
when ADAudit Plus is already running in console mode. |
Issue 1: |
ADAudit Plus Reports tab shows “No Data Available” |
1. Necessary audit policies are not configured |
1. ADAudit Plus works on the basis of Windows native
auditing for which certain audit policies needs to be
configured. |
Issue 1: |
"Procedure Call failed” on Domain Controllers / Member Servers / Workstations |
1. DNS or NetBIOS name resolving error |
ADAudit Plus uses Remote Procedure Call to remotely
connect to the configured servers and collect the
security log events. RPC is a protocol that one program
can use to request a service from a program located in
another computer in a network. |
Issue 1: |
Database Growth |
|
Unexplained Database Growth. |
Schedule
Archive Events |
No Domain Configuration Available |
|
None of the domains are discovered. |
ADAudit Plus, upon starting, discovers the domains from the DNS Server associated with the machine running the product. If no domain details are available in the DNS Server, it would show this message. |
No Data Available (Event logs) |
"Last Event Read Time" column shows - "Yet to Fetch
event data" |
None of the domains are discovered. |
1. Ensure that the required audit
policy for corresponding Domain Controllers and
Servers have been enabled. |