Central computer is not sending real-time or archival events (NETIQKB72064)

  • 7772064
  • 28-Jan-2010
  • 22-Feb-2010


Security Manager 6.0  

Security Manager 6.5  


No real-time or archival events are being sent from the central computer.

Security Manager application Event Id 21239 will occur.
Security Manager application Event Id 21241 might appear 10 or 15 minutes later depending on the speed of the link between the central computer and the SQL server hosting the one point database.

Com+ errors found in the Windows Event Viewer system logs:
Event id 1001
Event id 5379
Event id 781

The following errors, found in the Security Manager service logs show the process rules are not being committed to the central computer.
Security Manager 6.0 service log: nqsmsvc.mc8 (must have log viewer),
Security Manager 6.5 service log: nqsmsvc.txt
AgntCnf`TDasObject::operator() - ProcessRuleSelectAll`-1308442835`30055406`1/23/2010 5:41:22:452`Caught _com_error in TDasObject::CallDasMethod(ProcessRuleSelectAll) from file .\AgentConfig.cpp, line 874.
AgntCnf`TDasObject::operator() - ProcessRuleSelectAll`-1308442835`30055406`1/23/2010 5:41:22:452` HRESULT = hr = 8004e002
AgntCnf`TDasObject::operator() - ProcessRuleSelectAll`-1308442835`30055406`1/23/2010 5:41:22:452` Message = The root transaction wanted to commit, but transaction aborted


  1. On the Central computer go to component services/computers/my computer/properties/options.  
  2. Increase the timeout setting from the default 60 seconds to 300 seconds.
  3. Restart the ?distributed transaction coordinator? and  ?security manager?  services.
  4. Use the Security Manager UI?s to confirm that events are now being processed.


The network connection between the Central Computer  and the Onepoint DB may be slow. Database calls are taking more then 60 seconds (default DTC timeout) are being killed by DTC on the Central Computer side. The call to load the rules is getting killed and the Central Computer does not have any rules to event on.

Additional Information

Formerly known as NETIQKB72064

Even though this might resolve the issue, a slow link between CC and DB is potential for other data related issues