Fatal stop of data collection ... (DataEngine XNode?)
On the Windows 2019 x64 server, ADAudit Plus (Product Version: 6.0.7, Build No: 6071) is installed using the built-in PostgreSQL database (10.3). This version was raised by patches: 5.3.0, 6.6.0, 7.1.0 (7.1.0 installed after a crash, - the problem was
Server Settings - SMTP
On build 6067, when I try to send a test email, or send an email via the server settings menu, the program will just say "Loading" and won't progress any further?
Time Generated Incorrect by Years?
Hi, I've just finished installing ADAudit and am starting now to configure things but yesterday I switched on all the critical alerts and over night received a few emails. One of them is titled PowerShell Base64 encoded shellcode but something's not
Problem with Enabling SSL
Hello! We are having some problem enable SSL on our ADAP. Followed every step from the guide and after we start ADAP again it still shows unsecure connection. Have tried in the server.xml take away the <!-- --> from that section and after that the loading screen get stuck at "Loading application layer" and nothing more happens after that. I hope someone have some tips up there sleeves that can help us. Sincerely Daniel
Can't delete 3 different member servers in AD Audit Plus
Actually I can delete them, but after a while (hours) they are automatically in the list again. I have tried to delete them 3 times now. When they are in the list, they fails to fetch event log data, because they are deleted from the AD and does not exist anymore. How can they be removed from permanently from AD Audit Plus?
User Work Hours - Last Out Time
First in time seems to be pretty good but the last out time on this report is pretty inaccurate. I assume its because the fetch occurs every 3 hours and if the user switched off or disconnects there machine that another fetch doesn't take place before the crunch and so the last out time is never fetched? It looks like the min fetch time is 3hrs, am I on the right track? Any solutions to this?
ADFS audit stopped working after 6050 upgrade
Hi I updated from 6032 to 6050 and now we receive no ADFS audit info. Is it some known problem with ADFS audit in 6050?
Cannot remove member server
Hi I have a member server I cannot remove. When I try to remove it I get this message: Synced server(s) can not be deleted But I do not know where it is synced from. It show up like this in server list: Because it is synced it does not get imported to Eventlog Analyzer.
Exclude Plug and Play Devices from AD Audit Plus FIM Logging?
Is there a way to exclude certain plug and play devices from ADAudit Plus's File Integrity Logging? We noticed this new feature when we upgraded ADAudit Plus and migrated it to a new server that's logging all plug and play interactions on Member Servers, the issues is it's pushing these to our splunk instance and opening tickets to our On-Call because they're coming through as File Integrity Alerts every time someone logs into the server with printer redirection enabled.
File Audit: No Data Available
I have a problem with File Audit. Nothing is displayed in the reports: (No Data Available) All file\folder actions are logged on the server in the Eventlog Security from Server. auditpol /get /category:* shows correct result (compared with Help-Page) Under "Configured Servers -> Windows File Servers" the status is "Success" and also under "Configured Shares" is all green. "Eventlog Property" from this Server also shows me correct values. The service account of ADAudit has full access rights to server
AD Audit Plus Crashing
Hi, we've been experiencing a crash in AD Audit Plus following the below error. [com.zoho.cp.Txn]|[SEVERE]|[33]: Exception while aborting connections enlisted in txn| Doing a search online has yielded no troubleshooting avenue. I've checked system and applications logs in addition to the AD Audit Plus logs and I've also checked for scheduled tasks around the same time. But nothing jumps out. Any ideas? Regards, Devin
ADAudit+ issue migrating MySQL to MS SQL
I have seen this topic for other products, but not for ADAudit. Running the command prompt as admin logged into the server with the service account that has the access to the MS SQL Server database. After putting in the host name into the ADAudit Plus - DB Configuration application, I get a "Socket Time out while fetching the database instances from host", error. If I ignore this and test the connection with the database name filled out, the command prompt in the background displays a javascript
Exception while checking server status
Hi. We use ADAudit Plus 6.0.0 Build 6010. It is installed on a server that has multiple IP addresses. ADAudit is binding to a single IP address (param "bindaddress=172.16.0.44" is used in "system_properties.conf" file). Also the same ip address is used in "server.xml" file (<Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="100" address="172.16.0.44" name="SSL" port="443" scheme="https" secure="true" .....) Everything works fine, but since I always check log files :), I saw a lot of errors
Report Profile
I may just be low on caffeine this morning but, I cannot figure out how to create a NEW "Report Profile" in ADAudit Plus. Instructions say to Click on Configuration Tab--> New Report Profile. However, when I click on the Configuration tab and look at the menu on the left, under Report Profiles, the only thing that exists is "View/Modify Report Profiles". There is no "New Report Profile". The only thing close is "Create Alert Profile", but that's not what I'm looking for. Anyone have any ideas?
ADAudit Plus Last User Logon per Organisational Unit
Hey guys, I wonder why it is not possible to create a last logon report specifically for a certain OU. This seems to be only possible for the Logon Activity report but the problem is, if I want this report beeing made for the last 3 months the report takes forever to create because he collects all the logons and logoffs from all users in the domain. I want a last logon report only for specific ou and I know this was possible with the admanager product. we use ADAudit Professional Build 6010 August
pgsql_old folder taking up space
Good morning, We have a folder under ManageEngine>ADAudit Plus>Patch>ManageEngine_ADAudit_Plus-5.1.0-SP-2.0.0 called pgsql_old. It is taking up a very large amount of space. I suspect this can be deleted, as it seems to be an old instance of pgsql, hence the name. Can this be deleted to clear up space?
SACL audit issue
Hi, In order to genarate reports about DNS zones and zones I have an error code 57 when trying to configure audit policy automatically. I followed the manually steps to activate audit permission like mentioned in ADAudit Plus documentations but the message of configuring audit enties is still appearing and there is no results shown. I need your help please
big size sql table
Good day. Please tell me what the table is AUDUnusualTimeArchive_# in the sql database AdAuditPlus? it has a very large size, unlike the others.
ADAudit Plus after 6.0.0-SP-0.1.0
After installing ManageEngine_ADAudit_Plus_5_1_0_SP-3_0_0 I continued to ManageEngine_ADAudit_Plus_6_0_0_SP-0_1_0 once completed and rebooted all I get from apache now is: HTTP Status 403 – Forbidden Type Status Report Message / Description The server understood the request but refuses to authorize it. Was working fine previously, running as a service
Deleting users with exchange accounts in AD Manager
I have an interesting issue. When I am delete users out of AD Manager that have exchange accounts it is marking the last update in AD for that user as an exchange user. I noticed this when a ran a recently deleted user report out of AD Audit. The accounts I am deleting are showing as an exchange account instead of my username. Is this by design or do I need to not delete the exchange accounts when removing users from AD and manually go to the server to remove them. See attached image. I removed this
tracking down logon failures without client information
Our ADAuditPlus Server reports for one of our users more than 80k logon failures per day with reason "bad password". The failures occur very regularly, twice every two minutes except for a daily gap from 22:45 to 23:00. The user himself is noticing nothing out of the ordinary. All of his accesses work. Also, the account is not being locked even though we have automatic lockout configured after three bad password attempts, which I verified to work correctly if the user actually enters a bad password
upgrade to 5120 failed
Hi I'm traying to upgrade from 5100 to 5120, it say that it update the PostgreSQL first from 9.7 to 10.3 but it failed. any idea? Thanks, Shlomi
Huge build of logfiles name serverOute"year-date".txt
Hi, need help with som problems! ADAudit Plus 5.0 installation with build 5053. Installed on Windows server 2008 R2 Problem 1 ServerOut log files get up to 50 GB after one day. new log file eatch day that eat up all disk space. Problem 2 Some users get UAC pop up and logon to ADAudit and logon is not possible. The affected users are lokal admins on the server. They have local rights on installation share. This is a random problem that happens now and then Hope you got som god ideas on these ones!
ADAudit Plus search with archived (zip) file
I want to search for Logon Activity for the last 3 months. it shows me up to the oldest log of Jan 6, 2018. And also shows me a list of .zip archived file. How do I make it search within the zip archived files to? Next to of the .zip file, there is check box allows me to check mark it, but it doesn't do anything when i searched for the 3 months data and also checked mark that zip file.
Upgrade to version 5120
Hi I'm tiring to upgrade from version 5100 to 5120. when the process starts it say it will update the postgreSQL. the upgrade process failed. any ideas?
Query Exception Occurred in background Database Issue
Hi, Could you please advise i want to load archived data to generate a report for last 6 months ago but i cannot i got the error below: Query Exception Occurred in background Database Issue
how to fix Report error. User Login failures counts 4000 per hour
ADAudit. How to troubleshoot User Login failures Report? The problem is that the user login failure counts 4000 per hour, which is as follows. Event Type: Failure Failure Reason: Account disabled, expired, or locked out Event Number: 4768 Event code: 16 Actually, the user is not locked and can be used normally, or how to avoid being shown in this error in the report. Please help me to fix it thanks
Excessive critical alerts !
I'm receiving excessive erroneous critical alters in AD Audit. I was told to install the latest version which I did. How to make sure they will not come back? Thanks
Scheduled fetch interval
I recently added a number of additional domains to my AD Audit installation bringing my total to 6. Most are working fine, however on 2 domains I am getting RPC 6ba failures on some DC's. Both of the affected domains are root domains with very little activity on them, as such I have 1 DC set to real-time collection and the remaining DC's set to scheduled fetch every 2 hours. The DC's set to scheduled fetch are constantly reporting RPC 6ba errors. If I set the failing DC's to real-time collection
Two alerts for user deletion - a bug?
Hi. The Deleted Users alert records every deletion twice - once as deletion, once as modification. Enabling email notification for this alert sends 2 emails each time a user is deleted, one for each record, which is quite annoying. See below: Any way of preventing it from alerting twice? Thanks in advance
Multiple AD accounts showing when adding
We run in a VMware virtual environment. When I go into ADaudit to add newly created VMs, there are often 5-15 with the exact same name, and I end up having to add all of them, which goes over our license. So then I have to wait until the first successful poll, and go back in and delete the ones that failed. There has to be a better way to do this.
AD Audit Port Conflict
Can I change the port that AD Audit is running on as McAfee was installed on the WIndows server and is conflicting with 8081. Starting ADAudit Plus Client Open a Javascript enabled Web Browser. For example, Internet Explorer, Firefox or Chrome. Type "http://localhost:8081" OR "http://<Host Name>:8081" in the address bar and press "Enter". Note: ADAudit Plus runs on port 8081. In the login page enter a valid user name and password. This provides an authenticated access to ADAudit Plus. By default,
AdAudit / Ad Manager integration
i have a problem with my Ad Audit, i delete 16 users from my AD using Admanager with my personal User "Yvaliente", and the Ad Audit show me this 16 users was eliminated from "Administrator" this is not good.
How do I use "advanced correlations"
I want to set up a custom alert for 3 events, is that possible with the advanced correlation feature? For example I currently have email alerts for: User account created User account modified User account enabled When I create a new account, I get all three alerts. However, I only want to get one alert. So I created an advanced configuration that has all three event IDs for the previously mentioned alerts. Then under advanced correlations, I set to 10 seconds and matching the same domain. I created
Upgrade from 4650 to 5000 killed postgres
The upgrade itself worked fine, but when I attempted to restart the server it exited. This is in the logs: [08:56:25:693]|[07-12-2017]|[StartLog]|[INFO]|[20]: The 'product.home' system property. ..| [08:56:25:693]|[07-12-2017]|[StartLog]|[INFO]|[20]: processInfoFileName ..\conf/TrayIconInfo.xml| [08:56:25:693]|[07-12-2017]|[StartLog]|[INFO]|[20]: processInfoFileName file exists | [08:56:25:990]|[07-12-2017]|[StartLog]|[INFO]|[20]: trayIconProps {DefaultMenuItem=StartClient, ApplicationName=ADAP,
HTTP Security Header Not Detected Security Vulnerability
Greetings, We have an in-house scanner that came back with "HTTP Security Header Not Detected" vulnerability on our ADAudit server. I need to set the necessary headers on the httpd.conf file (see here for examples https://geekflare.com/http-header-implementation/) but can't seem to find it. Is it renamed to something different? Is there any issue with making changes to this file (will it cause any issues with the ADAudit product)? Thanks, Thomas
Problem after migrate MySQL -> MSSQL
Hi! We have a problem after MySQL to MSSQL migration. 1) All historical data showing, but new event not injecting in MSSQL base. 2) And we have problem with Cirilic symbols after migrate. Look like this. We revert back into MySQL from backup and all works fine. Please help!
Gateway server
Hi. I want to implement ADAudit Plus in a multiple forest environment. The forests are separated by firewalls, and opening the required ports between the DCs of every forest to a single server is not possible. Is there a way to implement a gateway per forest/vlan to collect the data and pass it through (point-to-point) to a central ADAudit server? Thanks in advance
The RPC server is unavailable Error Code:6ba
We have started receiving hundreds of alter emails stating the following. They list many different servers. I wanted to understand why these are happening and how I fix it. I am confused as to why ADAudit is collecting event logs from our servers when it's configured to pull from domain controllers. ADAudit Plus Error Error while collecting event log data from : <SERVER NAME> Error Details : The RPC server is unavailable - Error Code:6ba I have done the following troubleshooting.... Ran wbemtest
Reports in AD Audit Plus stuck every time
Every time i try to get reports from my AD Audit Server , it tries to get some data and always stuck ! the progress bar shows its working but after it reaches NEAR the end , it stucks! and it does not matter how much you wait, it wont success. in our environment , we have 4 dc and ad aoudit is connected to them. please help me fix this problem
Next Page