Hello!
I would like to monitor a Windows Server 2019 but I'm facing some issues. The hostmonitor tests said Access Denied and Cannot connect to remote registry. I've done these configurations:
1. I made a local user (name: test) with administrators priviliges on the target server
2. I put this "test" user and credentials in hostmonitor connection manager.
3. I turned off the firewall on the target server
4. I tested the 135 and DCOM/RPC port range 1024 to 65536 between the hostmonitor server and the target server and they can communicate.
Why is it still say access denied?
I attach a picture about the settings.
Access denied with local user login
Re: Access denied with local user login
What exactly means "monitor"?
There are over 150 test methods, different test methods require different permissions.
Target system: Windows Server 2019
HostMonitor system: ?
Both systems located in the same domain? Different domains?
HostMonitor started as service? application? What account is used to run HostMonitor?
Regards
Alex
There are over 150 test methods, different test methods require different permissions.
Target system: Windows Server 2019
HostMonitor system: ?
Both systems located in the same domain? Different domains?
HostMonitor started as service? application? What account is used to run HostMonitor?
Regards
Alex
Re: Access denied with local user login
Target system: Windows Server 2019, no domain, no hostmonitor agent.
Hostmonitor system: Windows Server 2019, yes domain member, HostMonService and HMWebService run as a service by 'Local System' user
"monitor" means monitoring the target system C:/, CPU, Memory etc.
So the hostmonitor system is in domain joined server and the target system is not domain joined.
Hostmonitor system: Windows Server 2019, yes domain member, HostMonService and HMWebService run as a service by 'Local System' user
"monitor" means monitoring the target system C:/, CPU, Memory etc.
So the hostmonitor system is in domain joined server and the target system is not domain joined.
Re: Access denied with local user login
We re-tested HostMonitor with non-domain target Windows Server 2019 system, running HostMonitor on domain member, tests work fine.
May be some non-standard policies?
UAC mode on target system?
Normally HostMonitor service should be started under some non-localsystem account, otherwise it will not be able to monitor domain systems using Windows related tests regardless of Connection Manager settings.
We recommend to use Windows Services applet in order to setup account (there are similar options on HostMonitor -> Options -> Service page but it works better on old versions of Windows)
Regards
Alex
May be some non-standard policies?
UAC mode on target system?
Normally HostMonitor service should be started under some non-localsystem account, otherwise it will not be able to monitor domain systems using Windows related tests regardless of Connection Manager settings.
We recommend to use Windows Services applet in order to setup account (there are similar options on HostMonitor -> Options -> Service page but it works better on old versions of Windows)
Regards
Alex
Re: Access denied with local user login
There is another target machine that is not in the domain, which is also monitored with hostmonitor. A local user is also included in the hostmonitor connection manager, and this local user is included in the administrators group on the target server, which is why the monitoring works. If I remove it from the administrators group, I get access denied. On the target machine that is not working, the local user is a member of the administrators group, but I still get access denied. I suspect that some special rights must be set on the target server in order to access it on behalf of the local user, e.g. for remote procedure call processes.
in addition to these, there are 4,000 tests in hostmonitor that apply to domain joined machines, all tests are working.
in addition to these, there are 4,000 tests in hostmonitor that apply to domain joined machines, all tests are working.
Re: Access denied with local user login
Well, in such cases Windows is a black box. It does not tell you what exactly is wrong. It just returns error code to HostMonitor that means "Access is denied". So we cannot tell you what is wrong either.
Different test methods require different permissions. E.g.
- CPU Usage, Performance Counter tests require "Performance Monitor Users" account (Power User works as well)
- WMI tests, Dominant Process and Memory tests require "Distributed COM Users" and "Performance Monitor Users" rights
- NT Event Log test needs account from "Event Log Readers" group
Normally user from admin group can perform these tests.
For Service test - "Log on as a Service" privilege should be assigned to the account. So admin group not always is enough.
Also, if UAC is enabled, then its impossible to check services on non-domain systems
Unless you modify registry, set HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy = 1
If all tests fail with the same error, I assume authentication does not work at all.
You may check Security event log on target system
Fast and reliable workaround - install RMA agent on that system and use it to perform all tests
https://www.ks-soft.net/hostmon.eng/rma-win/index.htm
Regards
Alex
Different test methods require different permissions. E.g.
- CPU Usage, Performance Counter tests require "Performance Monitor Users" account (Power User works as well)
- WMI tests, Dominant Process and Memory tests require "Distributed COM Users" and "Performance Monitor Users" rights
- NT Event Log test needs account from "Event Log Readers" group
Normally user from admin group can perform these tests.
For Service test - "Log on as a Service" privilege should be assigned to the account. So admin group not always is enough.
Also, if UAC is enabled, then its impossible to check services on non-domain systems
Unless you modify registry, set HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy = 1
If all tests fail with the same error, I assume authentication does not work at all.
You may check Security event log on target system
Fast and reliable workaround - install RMA agent on that system and use it to perform all tests
https://www.ks-soft.net/hostmon.eng/rma-win/index.htm
Regards
Alex
Re: Access denied with local user login
Hello!
This is worked: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy = 1
This is worked: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy = 1
Re: Access denied with local user login
Thank you for update
Regards
Alex
Regards
Alex