Forensic Query fails with NqSmLm.EXE failure. (NETIQKB71513)

  • 7771513
  • 02-Apr-2009
  • 05-Aug-2009


Security Manager 5.6
Security Manager 5.6 SP1
Security Manager 6.0
Security Manager 6.0 SP1
Security Manager 6.0 SP2
Security Manager 6.0 SP3


The purpose of this article is to address an issue with the NQSMLM.exe process while attempting to run a Forensic Query.
Error from the Security Manager Control Center:

The NetIQ Security Manager service or NqSmLm.EXE on the central computer (Central Computer Name) is not started or is not responding. Please wait for a few moments and then resubmit the query. If you contiune to have problems restart the NetIQ Security Manager service on the central computer.

Error from the LogManager.log while in debug mode:

SerialID 0 sent acknowlegement [Failed] 100 PARAMETERS;ErrorCode=10001;ErrorMessage=Core Services: Unable to complete your request because Core Services is initializing.


1. Stop Security Manager Service on all Central Computers

2. Run the following query on the SQL Server hosting your LogManagerConfiguration database:

Warning! When making changes to any database you should backup the database before any changes are made!

select count(*) from LogManagerConfiguration..request where completedDateTime is null

Note: This query will give you a count of all the incomplete requests that the NQSMLM.exe process is attempting to work.

3. Then run the following query:

Warning! When making changes to any database you should backup the database before any changes are made!

UPDATE LogManagerConfiguration..Request SET CompletedDateTime = getDate(), Status = 100 where completedDateTime is null

Note: This query will set the status on all the incomplete requests to failed.

4. Do the following steps on each Central Computer.

  • Open Windows Exporer and browse the following directory:

%:\Program Files\NetIQ Security Manager\OnePoint\

  • Open the file: mk.options
  • Inside the mk.options file, make sure there is no property streameddata\delete=false 
  • Browse to the following directory:

%:\Program Files\NetIQ Security Manager\OnePoint\QREPORTS

  • Delete any files contained in the QREPORTS directory.

5. Restarted the NetIQ Security Manager Service on each Central Computer.

6. Change the Unix Collection Schedule to a longer duration. The recommended default is 12 hours.

7. Make sure all Unix Agents are correctly registeried to their assigned Central Computers.


A situation can exsist where Log Manager for Unix can become back logged to the point where it can no process its queue. This can be caused by a combination of the Unix Log Collection schedule being set to a short interval and Unix Agent secret keys not matching the registration with their assigned central computer.

Note: When Unix Agents are added to Log Manager for Unix in the Configuration Wizard, the Central Computer contact that Unix Agent and sets up an authentication key.

Additional Information

Formerly known as NETIQKB71513