RE: [SA-list] Servers Alive on W2K3

[Busalacchi, Eric]

To answer your questions:   1. The remote systems can be either Windows 2000 or Windows 2003.  I am having the same problems with both. 2. SA is running under the Local System account. 3. Yes, the user is setup as domain\user.   I used regmon and tokenmon to watch the access to the server and registry.  I noticed ACCESS DENIED to ANONYMOUS LOGON to several of the important registry keys for remote perfmon (as described in an MS knowledge base article).  That’s why I think it has something to do with how W2K3’s anonymous access works.  When I added ANONYMOUS LOGON to those keys I started getting “Element not found” error messages and I was unable to brose the list of counters.    I know there are several local security policies that can be set that control how W2K3 interacts with W2K servers.  I’ve tried to set those in the group policy, but because our AD domain is W2K I don’t think they’re getting applied correctly (or behaving correctly I should say).  I figured someone out there is running W2K3 w/SA in a W2K AD Domain and has been able to get this to work. Eric     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dirk Bulinckx Sent: Tuesday, December 06, 2005 11:04 AM To: salive@woodstone.nu Subject: RE: [SA-list] Servers Alive on W2K3   The remote system are they also Win2003 systems? How is SA running? Did you include the domainname with the username? (domain\user)   Dirk.     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Busalacchi, Eric Sent: Tuesday, December 06, 2005 4:25 PM To: salive@woodstone.nu Subject: [SA-list] Servers Alive on W2K3 I am having a bit of trouble getting the perfmon checks to work in Servers Alive when accessing a remote server.  I have the latest version of SA running on a standard build of Windows 2003 Standard server.  When I try to check perfmon on any server other than the local one I am getting access denied errors:   Tuesday, November 22, 2005 1:41:44 PM machine.domain.com Perfmon (Processor,% Processor Time,_Total) gave errorAccess is denied. ( 5)   I have configured these tests to authenticate before checking with a user that is a member of Domain Admins AD group (note: we are running a Windows 2000 AD environment).  Additionally, Domain Admins is in the Administrators group on the servers.  I’ve worked with Dirk on this a bit and it seems to be an issue with Windows 2003’s use of ANONYMOUS LOGON and Windows 2000’s use of the EVERYONE logon when the initial connection is made.   I checked the mail list archives and didn’t see anything obvious.  Can anyone running in this configuration (SA on W2K3) give me some ideas?  Hopefully I am missing something real simple. Thank you in advance,   Eric