The user/system has no admin privilege
Hi everyone I have set up ADAudit Plus on a dedicated domain-joined server and created a dedicated service user (not a member of "Domain Admins") to use as Domain Credentials. Permissions for that service user have been set according to step 1, 2 and 4 in the Audit Permissions guide https://www.manageengine.com/products/active-directory-audit/audit-permissions-configuration-ad-audit-plus.html. Steps 3 and 5 are not considered necessary as we don't have a "Failover Cluster" nor "File Server Auditing"
PGSQL file sizes
We've had AD Audit running for some time now and it seems to be using a lot of disk space. Was hoping someone could point me in the right direction? Archiving is turned on (190 days) and every option is checked. I can see a zip file named "AUDFileAuditInfo_1455258195464.zip" dated 02:00 this morning (17Mb) so this would appear to be working. Folder C:\Program Files (x86)\ManageEngine\ADAudit Plus\pgsql\data\base\ is 40GB in size with files from today all the way back to Sept 2014 The majority of
File Server Audit not excluding ~*
I recently installed the File Server Audit add-on....and even though the default exclusion include files with ~*, I'm still getting large numbers of files showing up in the change or deleted reports that start with ~*. Any one have any suggestions to resolve this? It's cluttering up my reports with a bunch of noise. Thanks
No data available error
We have 8 domain controllers and starting on Monday they won't connect to the DC's and pull any data. is there specific ports that ADAduit Plus relies on. Firewall is turned off on all DC's, we have made not changes to the DC's. We do run Avast on the servers but that has been on the servers for a while now. Any suggestion would be great. Thanks, Matt
Cannot connect to the console
Morning I have setup ADAudit on my server and it is running and collecting. The problem i have is that I have to logon to the server to use it. If i try to go to the address, either http://ip address:8081 or http://fqdn:8081, i get the page cannot be displayed. is there a setting i need to configure? Thanks Wayne
File Server Audting
I have a file server that does not fetch data. I tried to attach a screenshot but it kept failing.
Build 4691 serious interface issues
We upgraded our ADaudit in our Test environment from 4685 to 4691. We saw the new logon screen after starting, but after logging in everything looked the same as the previous version (using Chrome 50). I was having some problems creating a Custom Report, so I opened the site in IE11, and suddenly the interface looks completely new. I went back to Chrome50 browser and the interface changed to the new version. My coworker, who is running the same versions of browser, is stuck in the old interface even
share not adding for auditing
Hi, I have set up file auditing within ADAudit Plus for one of our file servers and its picking up changes fine. However I am unable to add certain shares for monitoring. I have tried to manual add the sacl permissions and add the share but they are never added to the list of shares that are being monitored. Thanks
Filter local groups in report
We were running the Recently Removed Users from Security Groups report, but we noticed that it is pulling in local group membership removals as well. This became infeasible when a web server began adding and removing a local account repeatedly to a local security group, generating 100+ page reports. However, there appears to be no way to exclude specific accounts if they aren't AD accounts. From searching previous forum posts, it appears your reasoning is that this is because ADaudit is for Active
User '-' Created File
Hello, I just installed ADAudit Plus on a new server and have decided to wait to apply our license to check out some of the features we don't have. I was wondering why under File Audit one of the top users who modified files is showing as "-" We have several events that say "User '-' Created File..." Could someone explain why we are seeing this? Thank you!
InetCache folder taking 30gb
Hello all - We have Ad Manager, Ad Audit, Exchange Reporter and AD Self Service all running on one server. Received an alert for the C: drive running out of space. Investigating, I see there are 30gb+ of temp files in the InetCache folder of the user account. C:\Users\ServiceAccount\AppData\Local\Microsoft\Windows\INetCache\IE - 31.6gb's Additionally, I see that service account is running about 50 instances of IE. Question - 1. Is the inetcache safe to delete? If not, how do I do we shrink that
Yet to fetch event data
Hi, I've added two W2012R2 servers to my trial version as file servers. Yet to fetch event data is permanetly displayed. When I select Run now, I'm prompted to refresh the screen to see the status but the data is never fetched. Steps to troubleshoot this: Added a different file server on WS2012R2 - that fetches data immediately. Added all the shares to auditing Set the SACL via GPO Set Object Access policy via GPO Ran auditpol.exe /get /category:* to confirm I've narrowed it down to Windows Firewall
Error Code 35 with NetApp and some Windows FS
Hi All, I've problem when I try to add NetApp or some Windows File Server to auditing. But I've another Windows FS working fine, but other or NetApp shows Error Code 35 : Error in Creating Terminal Services Home Directory/ Error in Creating Home Directory,The network path was not found when try to get shares. Path's exists and servers are power on and are accesibles via NetBIOS, for example \\NAS\share$ or \\FilServeWindows\share$. Thanks & Regards.
Suppressing Event Details From Alert
I have been customizing the body of an alert for locked out users. The contents of the alert are: Modified Time: %TIME_GENERATED% User Name: %ACCOUNT_NAME% SID: %ACCOUNT_SID% Machine Name: %CALLER_MACHINE_NAME% User Domain: %CALLER_USER_DOMAIN% Domain Controller: %SOURCE% Event Number: %EVENT_NUMBER% Yet, for some reason, when the email is sent, it is appended with "Event Details", 34 additional lines of data that I do not want in my alert email. How do I prevent this from happening?
Folder logging test
Hi All, We're finding our Folder renames and Folder deletions are not getting logged via the File Audit portion of ADAudit Plus. We're on a Windows 2008 R2 platform. Could folks create a folder, rename a folder, delete a folder then see if all these actions are logged? If you could kindly post what server OS you're running and what results you're seeing? Thanks, Brian
Problem with reports tab in ADAudit
Hi people, I have a problem, when i go to reports tab, the page goes blank and no load. What can i do? Kings regards, Carlos
Print server: The RPC server is unavailable - Error Code:6ba
Hi, We've set up ADAudit Plus and are trying to get a feeling for the product as a whole. AD and file server auditing seems to work fine, but when I try and add our print server (Server 2012, just like the DCs and File servers), I get the dreaded "The RPC server is unavailable - Error Code:6ba " error. Wbemtest runs fine (as found in another thread), DNS works fine, I can open the remote eventlog from the monitoring server. I've added a firewall rule to just allow all traffic from our monitoring
GPOdetails eating up disk space
We have our database on an MS SQL server, however there is almost 20 GB of the local C: on the ADaudit server being eaten up in C:\Program Files(x86)\ManageEngine\AdAudit Plus\webapps\adap\GPODetails . Can this be moved or cleaned? We do not allocate large C: drives on our servers as the databases reside elsewhere.
License - AdAudit
I need a help about licensing AdAudit . After restarting the service, the system has lost the license and changed to free mode . I contacted the resale but he reported that it is necessary to contact directly with ManageEngine .
Client IP Address / Machine name
Hello, when running file audit reports, I can see files deleted or modified but both columns "Client IP Address" and "Client Machine Name" are empty. I don't know what I need to configure to retrieve that information from the fileserver. Could be something to do with the audit policy? Where should I look? Thank you!! Hernan
Resolving ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY error in Chrome version 45
Hi, You will receive the error "ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY" when the server is trying to setup a secure connection due to a disastrous mis-configuration as the connection wouldn’t be secure. As of Chrome version 45, this error message is triggered if the SSL/TLS handshake attempts to use a public key smaller than 1024 bits. Please replace the cipher in the SSL connector to fix it. Please edit the Server.xml file from the "<Installation directory>\ManageEngine\ADAudit Plus\conf\" and add
Aggregate reports - some tables empty
Some of the tables in the Aggregate reports show "No Data Available", but when I navigate to that section under Reports, there is data. For example, in the default Aggregate Report I select "This Month" and the date shows August 01 - 20 11:59pm. The OU Management graph shows "No Data Available". If I click the Reports tab, then go to OU Management > Recently Modified OUs (or Extended Attribute Changes), there is data there from 8/5. It is likewise for the Logon Events tab; I can only get anything
Can not Run ADAudit Plus as Service
I keep getting this error on a Windows 7 64-bit machine when I try to run ADAudit Plus as Service: The ManageEngine ADAudit Plus service terminated with service-specific error %%-1. Any ideas how to fix? Thank you
Error while adding member servers
This morning I tried adding several new servers to the Member Servers, but I received this error: Successfully configured the Member Server(s) and Error while enabling audit policy via GPO (The process cannot access the file because it is being used by another process - Error Code:20 The process cannot access the file because it is being used by another process - Error Code:20 Unspecified error - Error Code:80004005 ) I have tried restarting the AdAudit service but the error persists. This is running
Adding other DNS zones
We have several internal DNS zones on our AD DNS servers. However, only the "base," one, our domain name, shows any records being created/changed. How can we show which records have been changed in the other DNS zones? ie: Our domain name is Corp.local We have a zone for corpname.com We see all records created/changed in corp.local We see any new zones created, such as OtherCorp.net We do not see any record changes recorded under corpname.com, or Othercorp.net How can we see these?