Hi,
we use HostMonitor 6.10 on MS Server 2003
my problem is the Reply of the NT Event Log check.
The Reply doesn't contain the whole entry of the Event Viewer Description.
We send with HostMonitor a mail within the Reply of a bad Event entry, but in the Message is not the whole and correct Description like in the Event Viewer.
Is there any way to get the whole message?
Regards
ttewes
NT Event Log
Thangs for your answer, but this doesn't help.
Here are the Message from HostMonitor:
Message from event viewer-check (host changed status)
Test LIN00XX System, Source: IAS
Method check NT Event Log
Status Bad
Date 9/12/2006 9:49:56 AM
Description Message not found. Insertion strings:00-03-47-4A-XX-XX, Domain\00-03-47-4A-XX-XX, 192.168.XXX.XXX, LINXX, %%2147483686, 00-03-47-4A-XX-XX, LINXX, 192.168.XXX.XXX, %%2147483686, %%2147483686, Use Windows authentication for all users, %%2147483688, %%2147483685, %%2147483685, PAP, %%2147483685, 34, %%4130
Folder LIN
and here are the Event Viewer entry
Description:
User 00-03-47-4A-XX-XX was denied access.
Fully-Qualified-User-Name = Domain\00-03-47-4A-XX-XX
NAS-IP-Address = 192.168.XXX.XXX
NAS-Identifier = LINXX
Called-Station-Identifier = <not present>
Calling-Station-Identifier = 00-03-47-4A-XX-XX
Client-Friendly-Name = LINXX
Client-IP-Address = 192.168.XXX.XXX
NAS-Port-Type = <not present>
NAS-Port = <not present>
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = PAP
EAP-Type = <undetermined>
Reason-Code = 34
Reason = Authentication failed because the user account is not enabled. Before the account can be authenticated, a person with administrative rights for either the computer or the domain must enable the user account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Regards
ttewes
Here are the Message from HostMonitor:
Message from event viewer-check (host changed status)
Test LIN00XX System, Source: IAS
Method check NT Event Log
Status Bad
Date 9/12/2006 9:49:56 AM
Description Message not found. Insertion strings:00-03-47-4A-XX-XX, Domain\00-03-47-4A-XX-XX, 192.168.XXX.XXX, LINXX, %%2147483686, 00-03-47-4A-XX-XX, LINXX, 192.168.XXX.XXX, %%2147483686, %%2147483686, Use Windows authentication for all users, %%2147483688, %%2147483685, %%2147483685, PAP, %%2147483685, 34, %%4130
Folder LIN
and here are the Event Viewer entry
Description:
User 00-03-47-4A-XX-XX was denied access.
Fully-Qualified-User-Name = Domain\00-03-47-4A-XX-XX
NAS-IP-Address = 192.168.XXX.XXX
NAS-Identifier = LINXX
Called-Station-Identifier = <not present>
Calling-Station-Identifier = 00-03-47-4A-XX-XX
Client-Friendly-Name = LINXX
Client-IP-Address = 192.168.XXX.XXX
NAS-Port-Type = <not present>
NAS-Port = <not present>
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = <undetermined>
Authentication-Type = PAP
EAP-Type = <undetermined>
Reason-Code = 34
Reason = Authentication failed because the user account is not enabled. Before the account can be authenticated, a person with administrative rights for either the computer or the domain must enable the user account.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Regards
ttewes
-
KS-Soft Europe
- Posts: 2832
- Joined: Tue May 16, 2006 4:41 am
- Contact:
-
KS-Soft Europe
- Posts: 2832
- Joined: Tue May 16, 2006 4:41 am
- Contact:
You should open Registry editor on remote machine, and export the key, located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\<log name>\<event source name>
Import that key onto machine, where HostMonitor is running and copy dll, specified under EventMessageFile value name into appropriate folder.
Regards,
Max
Import that key onto machine, where HostMonitor is running and copy dll, specified under EventMessageFile value name into appropriate folder.
Regards,
Max
It looks good,
but the Reason is not correct,
HostMonitor typed: "%%4130"
instead of: "Authentication failed because the user account is not enabled. Before the account can be authenticated, a person with administrative rights for either the computer or the domain must enable the user account."
here the latest mail:
Message from event viewer-check (host changed status)
Test LIN00XX System, Source: IAS
Method check NT Event Log
Status Bad
Date 9/12/2006 11:31:46 AM
Description User 00-03-47-4A-XX-XX was denied access.
Fully-Qualified-User-Name = Domain\00-03-47-4A-XX-XX
NAS-IP-Address = 192.168.XXX.XXX
NAS-Identifier = LINXX
Called-Station-Identifier = %%2147483686
Calling-Station-Identifier = 00-03-47-4A-XX-XX
Client-Friendly-Name = LINXX
Client-IP-Address = 192.168.XXX.XXX
NAS-Port-Type = %%2147483686
NAS-Port = %%2147483686
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = %%2147483688
Authentication-Server = %%2147483685
Policy-Name = %%2147483685
Authentication-Type = PAP
EAP-Type = %%2147483685
Reason-Code = 34
Reason = %%4130
Folder LIN
Regard
ttewes
but the Reason is not correct,
HostMonitor typed: "%%4130"
instead of: "Authentication failed because the user account is not enabled. Before the account can be authenticated, a person with administrative rights for either the computer or the domain must enable the user account."
here the latest mail:
Message from event viewer-check (host changed status)
Test LIN00XX System, Source: IAS
Method check NT Event Log
Status Bad
Date 9/12/2006 11:31:46 AM
Description User 00-03-47-4A-XX-XX was denied access.
Fully-Qualified-User-Name = Domain\00-03-47-4A-XX-XX
NAS-IP-Address = 192.168.XXX.XXX
NAS-Identifier = LINXX
Called-Station-Identifier = %%2147483686
Calling-Station-Identifier = 00-03-47-4A-XX-XX
Client-Friendly-Name = LINXX
Client-IP-Address = 192.168.XXX.XXX
NAS-Port-Type = %%2147483686
NAS-Port = %%2147483686
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = %%2147483688
Authentication-Server = %%2147483685
Policy-Name = %%2147483685
Authentication-Type = PAP
EAP-Type = %%2147483685
Reason-Code = 34
Reason = %%4130
Folder LIN
Regard
ttewes
As I see parameters have been resolved. Somehow "%%4130" is value of "Reason" parameter
What Windows is installed on system that generated event?
Regards
Alex
I never have seen such valuesInsertion strings:00-03-47-4A-XX-XX, Domain\00-03-47-4A-XX-XX, 192.168.XXX.XXX, LINXX, %%2147483686, 00-03-47-4A-XX-XX, LINXX, 192.168.XXX.XXX, %%2147483686, %%2147483686, Use Windows authentication for all users, %%2147483688, %%2147483685, %%2147483685, PAP, %%2147483685, 34, %%4130
What Windows is installed on system that generated event?Regards
Alex
-
KS-Soft Europe
- Posts: 2832
- Joined: Tue May 16, 2006 4:41 am
- Contact:
Hi. I am having basically the same problem. The main thing I am fighting right now is the problem with "Message not found. Insertion strings: XXXXXX, (0x0,0xXXXXX)," etc. I was looking at your reply here and wondered where exactly you are supposed to import the registry key and put the DLL files.KS-Soft Europe wrote:You should open Registry editor on remote machine, and export the key, located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\<log name>\<event source name>
Import that key onto machine, where HostMonitor is running and copy dll, specified under EventMessageFile value name into appropriate folder.
Regards,
Max
Thanks