I'm having trouble getting the Event Log COM check to work and am hoping
someone may have some ideas on where I'm going wrong. I'm using v1.0 Build
7 of the COM check and SA Ent Ed. 4.1.1607 running as a console app. and my
test box is running Win2K SP4. I am logged on using an account that has
Admin rights.

For the purpose of the test I'm simply checking for the existence of the
event log entry generated by the Win2K Telnet server starting on the same
server that SA is running on. In the COM check I've defined the parameters
as follows:

Give a down when 'at least one' new event log entry matches the below
query:
Logfile: Application
Source: Tlntsvr
Category: None
Event ID: 1000
User: N/A (have also tried leaving this blank)
Type: Information
Return: All matching entries (have also tried 'first matching entry')
Use Authentication: not checked (have also tried defining a userid/password
but this generated an error 'User credentials cannot be used for local
connections')
Description should contain: <left blank>

Here is the SA log with my comment to indicate steps I took:

Friday, 14 May 2004 8:20:43 AM Servers Alive version 4.1.1607.3
Friday, 14 May 2004 8:20:43 AM Running on Microsoft Windows 2000 Server
(2195) Service Pack 4
Friday, 14 May 2004 8:20:43 AM Oracle
Core40.dll/core35.dll/oracore8.dll/oracore9.dll library not available
Friday, 14 May 2004 8:20:44 AM SQL 7.0/2000 libs available
Friday, 14 May 2004 8:20:44 AM SQL libs found, by default using v7
Friday, 14 May 2004 8:20:44 AM Netware library's not available
Friday, 14 May 2004 8:20:44 AM DUN installed and available for SA

> Manually trigger host check

Friday, 14 May 2004 8:21:35 AM External COM check started (W00000012,0)
Friday, 14 May 2004 8:21:40 AM External COM check (W00000012,0):Initial
check: setting values

> Manually trigger host check

Friday, 14 May 2004 8:23:56 AM External COM check started (W00000012,0)
Friday, 14 May 2004 8:23:58 AM External COM check (W00000012,0): 0 matching
entries

> Stopped and restarted the Telnet service generating an Event ID 1000 in
the Application Event Log
> Manually trigger host check

Friday, 14 May 2004 8:25:41 AM External COM check started (W00000012,0)
Friday, 14 May 2004 8:25:42 AM External COM check (W00000012,0): 0 matching
entries

A point of interest is that everytime the COM check runs I get the
following entry in the Security Event Log twice (some bits removed in
brackets for security purposes):

Event Type: Failure Audit
Event Source:     Security
Event Category:   Privilege Use
Event ID:   578
Date:       14/05/2004
Time:       8:25:41 AM
User:       <my userid>
Computer:   NTTAT2VMW1
Description:
Privileged object operation:
      Object Server:    Eventlog
      Object Handle:    0
      Process ID: 232
      Primary User Name:      NTTAT2VMW1$
      Primary Domain:   <domain>
      Primary Logon ID: (0x0,0x3E7)
      Client User Name: <userid>
      Client Domain:    <domain>
      Client Logon ID:  (0x0,0x13504)
      Privileges: SeSecurityPrivilege

I then changed the check to point to my WinXP SP1 PC so I could try
defining authentication details in case this was the cause of the COM check
problem but I got exactly the same results without the Failure Audit in the
Security Event Log.

Anyone got any suggestions on either what I might be doing wrong or what I
might try next?

Cheers,
Anthony


The information contained in this email message and any attachment is for
intended recipients only.  It may contain confidential, privileged or
copyright material.  If you receive this email in error please delete it
and any attachments and notify the sender immediately by reply email.  Any
use, reading, copying, distributing or disclosure of the information in
this email is strictly prohibited if you are not the intended recipient.

Any views expressed in this email are not necessarily those of TNT.  TNT
does not warrant that this email is free from viruses or other defects.
TNT is not liable for loss, damage or other consequences that may arise
from opening or using this email or any attachments.

âTNTâ means TNT Australia Pty Limited, its related companies and
subsidiaries and includes  McPhee Transport Pty Ltd, Riteway Transport Pty
Limited, TNT Materials Handling Pty Ltd and TNT Logistics (Australia) Pty
Limited.N¬f¢–Çžw~Šï¬zÆò
ç%¹×Š»¬N‹§²æìr¸›yúèb²ÛÖj)fzˁëh–+-²Ú'z{–ŠØm…çè–Z0Šx"žØ^n‡r¡ûazg¬±¨º{.nÇ+‰·’X¯

Reply via email to