Does the given credentials of a Windows device have permission for log collection?
Case 1: The account is a local administrator or a domain administrator.
The credentials will, by default, have the required permissions.
Case 2: The account is a non-admin domain user.
Provide the non-admin domain user with the required permissions. Learn how here.
Verify the credentials using WBEMTEST. Learn more about WBEMTEST.
Open the ELA_HOME\troubleshooting\invokeWBEMTEST.bat file using administrator privileges.
Click Connect, provide credentials of the Windows device, and click Connect once again.
a. Sometimes log collection fails when the device name is used but succeeds when using the IP address or Fully Qualified Domain Name (FQDN). If connection fails, try connecting using the IP address or FQDN.
Once connected, click Query and try the following queries:
a. Select CurrentTimeZone, Version, Name from Win32_OperatingSystem
b. Select * from win32_ntlogevent
These queries should be completed for EventLog Analyzer to successfully collect logs from the Windows device.
New to ADSelfService Plus?
Related Articles
Windows device status: Access denied
The Access denied error indicates that the user account dedicated for log collection does not have the necessary access and permissions to collect logs from the respective devices. There are two approaches to fixing the error: Using a domain admin ...
Log import failure during remote log collection in EventLog Analyzer
Issue description EventLog Analyzer will display an error notification in the UI stating that the log import for selected files has failed. This issue will happen when EventLog Analyzer is unable to import a file during the scheduled log import ...
How to use a Device Group in EventLog Analyzer to update credentials for Windows devices
Objective This article offers detailed information on how to use a Device Group in EventLog Analyzer to update credentials for Windows log sources. Prerequisites You'll need administrator access to EventLog Analyzer. Steps to follow Step 1: Log in to ...
Windows device status: RPC server is unavailable
The RPC server is unavailable error will be displayed in the device status field if there isn’t any communication between the EventLog Analyzer server and the respective machine from which the logs should be collected. This lack of communication ...
Enabling historic log collection in EventLog Analyzer
EventLog Analyzer collects all the logs present in the Windows Event Viewer (i.e., Windows Logs > Application, Security, System) when the historic log collection option is enabled. To enable historic log collection, follow the steps below: Navigate ...