Access Denied from Sentinel WMS connector when connecting to Windows event source

  • 7006173
  • 01-Jun-2010
  • 26-Apr-2012

Environment


Novell Sentinel 6.1 Collector Manager
Novell Sentinel RD Collector Manager
Novell Sentinel Log Manager Collector Manager
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Enterprise Edition

Situation

An access denied error is returned when attempting to collect event viewer data from Windows based event sources using the Sentinel WMS connector.

Error shown in the Event Source Manager:
"SWMS service exception 'Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))', while connecting to server xxx.xxx.xxx.xxx"

Following the WMS connector documentation, DCOM and Windows event viewer permissions have been properly set on each of the Windows event sources being connected to.

Resolution

In addition to configuring DCOM on the Windows event source, ensure that DCOM is also enabled on the Windows based collector manager server.

Steps to check / enable DCOM on the Windows based collector manager server:
1. Start -> Run. Type "dcomcnfg"
2. In the left pane of the "Component Services" window, select "Component Services" under "Console Root"
3. Double click on the "Computers" folder in the right window pane
4. Right click on the "My Computer" icon (in the right window pane) and select "Properties"
5. Check the "Enable distributed COM on this computer" checkbox under the "Default Properties" tab
6. Click the "Ok" button
3. Reboot the collector manager server

If Microsoft Powershell is installed on the collector manager server, the following Powershell command can be used to test DCOM connectivity between the collector manager server and the windows event source:

"gwmi win32_service -credential domain\username -computer xxx.xxx.xxx.xxx"

Feedback service temporarily unavailable. For content questions or problems, please contact Support.