ADAudit+ issue migrating MySQL to MS SQL
I have seen this topic for other products, but not for ADAudit. Running the command prompt as admin logged into the server with the service account that has the access to the MS SQL Server database. After putting in the host name into the ADAudit Plus - DB Configuration application, I get a "Socket Time out while fetching the database instances from host", error. If I ignore this and test the connection with the database name filled out, the command prompt in the background displays a javascript
Exception while checking server status
Hi. We use ADAudit Plus 6.0.0 Build 6010. It is installed on a server that has multiple IP addresses. ADAudit is binding to a single IP address (param "bindaddress=172.16.0.44" is used in "system_properties.conf" file). Also the same ip address is used in "server.xml" file (<Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="100" address="172.16.0.44" name="SSL" port="443" scheme="https" secure="true" .....) Everything works fine, but since I always check log files :), I saw a lot of errors
Report Profile
I may just be low on caffeine this morning but, I cannot figure out how to create a NEW "Report Profile" in ADAudit Plus. Instructions say to Click on Configuration Tab--> New Report Profile. However, when I click on the Configuration tab and look at the menu on the left, under Report Profiles, the only thing that exists is "View/Modify Report Profiles". There is no "New Report Profile". The only thing close is "Create Alert Profile", but that's not what I'm looking for. Anyone have any ideas?
ADAudit Plus Last User Logon per Organisational Unit
Hey guys, I wonder why it is not possible to create a last logon report specifically for a certain OU. This seems to be only possible for the Logon Activity report but the problem is, if I want this report beeing made for the last 3 months the report takes forever to create because he collects all the logons and logoffs from all users in the domain. I want a last logon report only for specific ou and I know this was possible with the admanager product. we use ADAudit Professional Build 6010 August
pgsql_old folder taking up space
Good morning, We have a folder under ManageEngine>ADAudit Plus>Patch>ManageEngine_ADAudit_Plus-5.1.0-SP-2.0.0 called pgsql_old. It is taking up a very large amount of space. I suspect this can be deleted, as it seems to be an old instance of pgsql, hence the name. Can this be deleted to clear up space?
SACL audit issue
Hi, In order to genarate reports about DNS zones and zones I have an error code 57 when trying to configure audit policy automatically. I followed the manually steps to activate audit permission like mentioned in ADAudit Plus documentations but the message of configuring audit enties is still appearing and there is no results shown. I need your help please
big size sql table
Good day. Please tell me what the table is AUDUnusualTimeArchive_# in the sql database AdAuditPlus? it has a very large size, unlike the others.
ADAudit Plus after 6.0.0-SP-0.1.0
After installing ManageEngine_ADAudit_Plus_5_1_0_SP-3_0_0 I continued to ManageEngine_ADAudit_Plus_6_0_0_SP-0_1_0 once completed and rebooted all I get from apache now is: HTTP Status 403 – Forbidden Type Status Report Message / Description The server understood the request but refuses to authorize it. Was working fine previously, running as a service
Deleting users with exchange accounts in AD Manager
I have an interesting issue. When I am delete users out of AD Manager that have exchange accounts it is marking the last update in AD for that user as an exchange user. I noticed this when a ran a recently deleted user report out of AD Audit. The accounts I am deleting are showing as an exchange account instead of my username. Is this by design or do I need to not delete the exchange accounts when removing users from AD and manually go to the server to remove them. See attached image. I removed this
tracking down logon failures without client information
Our ADAuditPlus Server reports for one of our users more than 80k logon failures per day with reason "bad password". The failures occur very regularly, twice every two minutes except for a daily gap from 22:45 to 23:00. The user himself is noticing nothing out of the ordinary. All of his accesses work. Also, the account is not being locked even though we have automatic lockout configured after three bad password attempts, which I verified to work correctly if the user actually enters a bad password
upgrade to 5120 failed
Hi I'm traying to upgrade from 5100 to 5120, it say that it update the PostgreSQL first from 9.7 to 10.3 but it failed. any idea? Thanks, Shlomi
Huge build of logfiles name serverOute"year-date".txt
Hi, need help with som problems! ADAudit Plus 5.0 installation with build 5053. Installed on Windows server 2008 R2 Problem 1 ServerOut log files get up to 50 GB after one day. new log file eatch day that eat up all disk space. Problem 2 Some users get UAC pop up and logon to ADAudit and logon is not possible. The affected users are lokal admins on the server. They have local rights on installation share. This is a random problem that happens now and then Hope you got som god ideas on these ones!
ADAudit Plus search with archived (zip) file
I want to search for Logon Activity for the last 3 months. it shows me up to the oldest log of Jan 6, 2018. And also shows me a list of .zip archived file. How do I make it search within the zip archived files to? Next to of the .zip file, there is check box allows me to check mark it, but it doesn't do anything when i searched for the 3 months data and also checked mark that zip file.
Upgrade to version 5120
Hi I'm tiring to upgrade from version 5100 to 5120. when the process starts it say it will update the postgreSQL. the upgrade process failed. any ideas?
Query Exception Occurred in background Database Issue
Hi, Could you please advise i want to load archived data to generate a report for last 6 months ago but i cannot i got the error below: Query Exception Occurred in background Database Issue
AD Audit Start Server hangs at "Loading Application Layer..."
Good Afternoon, I saw a lot of people have run into this issue. When we hit "Start ADAudit Plus Server" icon, it hangs at "Loading Application Layer............"(picture attached). However, none of the posts included the solution, only to contact your support. I believe it would be very helpful to the community to know what the fix is for this. This began when we stopped and started our ADAudit server process and now the web UI won't load. We have SSL on port 8444 which gives a page cannot be displayed,
how to fix Report error. User Login failures counts 4000 per hour
ADAudit. How to troubleshoot User Login failures Report? The problem is that the user login failure counts 4000 per hour, which is as follows. Event Type: Failure Failure Reason: Account disabled, expired, or locked out Event Number: 4768 Event code: 16 Actually, the user is not locked and can be used normally, or how to avoid being shown in this error in the report. Please help me to fix it thanks
Excessive critical alerts !
I'm receiving excessive erroneous critical alters in AD Audit. I was told to install the latest version which I did. How to make sure they will not come back? Thanks
Scheduled fetch interval
I recently added a number of additional domains to my AD Audit installation bringing my total to 6. Most are working fine, however on 2 domains I am getting RPC 6ba failures on some DC's. Both of the affected domains are root domains with very little activity on them, as such I have 1 DC set to real-time collection and the remaining DC's set to scheduled fetch every 2 hours. The DC's set to scheduled fetch are constantly reporting RPC 6ba errors. If I set the failing DC's to real-time collection
Two alerts for user deletion - a bug?
Hi. The Deleted Users alert records every deletion twice - once as deletion, once as modification. Enabling email notification for this alert sends 2 emails each time a user is deleted, one for each record, which is quite annoying. See below: Any way of preventing it from alerting twice? Thanks in advance
Multiple AD accounts showing when adding
We run in a VMware virtual environment. When I go into ADaudit to add newly created VMs, there are often 5-15 with the exact same name, and I end up having to add all of them, which goes over our license. So then I have to wait until the first successful poll, and go back in and delete the ones that failed. There has to be a better way to do this.
AD Audit Port Conflict
Can I change the port that AD Audit is running on as McAfee was installed on the WIndows server and is conflicting with 8081. Starting ADAudit Plus Client Open a Javascript enabled Web Browser. For example, Internet Explorer, Firefox or Chrome. Type "http://localhost:8081" OR "http://<Host Name>:8081" in the address bar and press "Enter". Note: ADAudit Plus runs on port 8081. In the login page enter a valid user name and password. This provides an authenticated access to ADAudit Plus. By default,
AdAudit / Ad Manager integration
i have a problem with my Ad Audit, i delete 16 users from my AD using Admanager with my personal User "Yvaliente", and the Ad Audit show me this 16 users was eliminated from "Administrator" this is not good.
How do I use "advanced correlations"
I want to set up a custom alert for 3 events, is that possible with the advanced correlation feature? For example I currently have email alerts for: User account created User account modified User account enabled When I create a new account, I get all three alerts. However, I only want to get one alert. So I created an advanced configuration that has all three event IDs for the previously mentioned alerts. Then under advanced correlations, I set to 10 seconds and matching the same domain. I created
Upgrade from 4650 to 5000 killed postgres
The upgrade itself worked fine, but when I attempted to restart the server it exited. This is in the logs: [08:56:25:693]|[07-12-2017]|[StartLog]|[INFO]|[20]: The 'product.home' system property. ..| [08:56:25:693]|[07-12-2017]|[StartLog]|[INFO]|[20]: processInfoFileName ..\conf/TrayIconInfo.xml| [08:56:25:693]|[07-12-2017]|[StartLog]|[INFO]|[20]: processInfoFileName file exists | [08:56:25:990]|[07-12-2017]|[StartLog]|[INFO]|[20]: trayIconProps {DefaultMenuItem=StartClient, ApplicationName=ADAP,
HTTP Security Header Not Detected Security Vulnerability
Greetings, We have an in-house scanner that came back with "HTTP Security Header Not Detected" vulnerability on our ADAudit server. I need to set the necessary headers on the httpd.conf file (see here for examples https://geekflare.com/http-header-implementation/) but can't seem to find it. Is it renamed to something different? Is there any issue with making changes to this file (will it cause any issues with the ADAudit product)? Thanks, Thomas
Problem after migrate MySQL -> MSSQL
Hi! We have a problem after MySQL to MSSQL migration. 1) All historical data showing, but new event not injecting in MSSQL base. 2) And we have problem with Cirilic symbols after migrate. Look like this. We revert back into MySQL from backup and all works fine. Please help!
Gateway server
Hi. I want to implement ADAudit Plus in a multiple forest environment. The forests are separated by firewalls, and opening the required ports between the DCs of every forest to a single server is not possible. Is there a way to implement a gateway per forest/vlan to collect the data and pass it through (point-to-point) to a central ADAudit server? Thanks in advance
The RPC server is unavailable Error Code:6ba
We have started receiving hundreds of alter emails stating the following. They list many different servers. I wanted to understand why these are happening and how I fix it. I am confused as to why ADAudit is collecting event logs from our servers when it's configured to pull from domain controllers. ADAudit Plus Error Error while collecting event log data from : <SERVER NAME> Error Details : The RPC server is unavailable - Error Code:6ba I have done the following troubleshooting.... Ran wbemtest
Reports in AD Audit Plus stuck every time
Every time i try to get reports from my AD Audit Server , it tries to get some data and always stuck ! the progress bar shows its working but after it reaches NEAR the end , it stucks! and it does not matter how much you wait, it wont success. in our environment , we have 4 dc and ad aoudit is connected to them. please help me fix this problem
No Data Available - KB4012216 is NOT installed on Domain Controllers
I get "No Data Available" for "Top User Logon Failures" "Logon Failures - Error Code" and "Logon Peak Hour Usage". I have checked and KB4012216 is NOT installed on our Domain Controllers. For "good measure" i did follow the workaround instructions for that KB with no change. This was fine working Yesterday, but when I logged in today there was "No Data Available". No updates were applied to the server, nor were the domain servers restarted. Only thing I remember doing yesterday was setting up
No data for user accounts in reports
I only see "Logon Failure" and "Bad Password" user history in my reports. All the other reports for user logons have no data:
CryptoGuard / Ransomware - Detected Ransomware for Java Component in ADAudit Plus
Hello Group, I'm having issues with our ADAudit Plus being detected almost daily for "Ransomware" for what appears to be related to "Java" Component for this software. The only indications that our Virus Protection - "Sophos" is that the Java-Process is trying to "encrypt" files. Do you know if this is a legitimate claim for Ransomware or is this apart of the ADAudit Process to "encrypt" information as it's communicating between Servers / Networks? I want to be sure that this is a legit process or
Logon information not available (Security Event Log)
Last tuesday (April 4th, 2017) our 4 Domain Controllers (Windows 2012R2) have been updated with the latest updates from Microsoft and have been seperately rebooted. From that moment our ADAuditPlus server cannot read logon information anymore from our domain. We did not change anything regarding settings in ADAuditPlus (all 4 DC's are available and working), nor did we change anything concerning policies and/or settings on our Domain or it's controllers. There is still some information read from
Archive Events dosn't work - AD Audit
Hi, The archiving doesn’t work. When I start with “Run now”, I become the message “Archiving processed data is started”. But the Archive Folder remains empty. How I must configure the Archive Events? I have already seen several topics related to this but I still can not make it work. Thanks
User Logon Reports - No data available
Hello, I have installed ADAudit Plus and receiving report data for all areas EXCEPT User Logon Reports. Each of the reports states No Data Available. I have checked other sources and there should be data displayed. I stepped through the troubleshooting tips. Confirmed Audit policies were set. User credentials are correct and collecting event information for other areas. Wanted to know if anyone had any ideas on what I can try next. Thanks, Rob.
ADAudit service account locking out at 1am
Hello, The service account for ADAudit plus has been locking out at 1am on one or more of my monitored domains regularly. It is a dedicated service account, 1 per domain, that is only used by ADAudit and the lockouts are coming from the ADAudit server. Any advice on how to troubleshoot how this is happening? Simply unlocking the account allows audit data to be collected, until the next 1am incident. Thanks, Pete
Access Denied
The support articles are extremely vague on details about what an error code means. I have the ADAuditPlus server using a service account that is setup according to this article: http://172.28.100.38:999/help/admin/domain-settings/authentication-for-collecting-audit-data.html The only difference is we've made the service account local admin on the servers placed into the member group for auditing through GPO because we're not individually adding local admins. Also, we're a PCI compliant shop so
Netapp error - not enough resource
I get the following error in getting shares.: Error in getting Shares,Not enough resources are available to complete this operation - Error Code:6b9
Changing service account password
I recently had to change the service account password for the account that runs AdAudit plus. After updating the password for the service I'm still getting logon on failures from that machine. Is there something else I have to change?
Next Page