Huge Collections of Software Manuals and Knowledgebase

GreatManuals.com
Huge Collections of Software Manuals and Knowledgebase
 
Home Contact us Request to publish your help manuals Request to remove your help manuals

Introduction
 » EventMeister
 » Features
 » Quick Start Guide
Exploring User Interfaces
 » Toolbar
 » Feeds Tab
 » Aggregates Tab
 » Notification Manager
 » Satellite Windows
 » Item Values Dialog
 » Manage Groups
 » Service Component
 » Configuration
Working with Event Log Feeds
 » Create New Event Log Feed
 » Create New Aggregate Feed
 » Modify or View Feed's Properties
 » Copying Properties Between Feeds
 » Delete Feed
Viewing & Analyzing Feed Data
 » Viewing Feed's Data
 » Search & Copy Feed Data
 » Hiding, Showing & Reorder Columns
 » Sort by Column & Copy View Settings
Reports & Exporting Feed Data
 » Manual Exports & Reports
 » Exporting
 » Displaying & Printing Reports
 » Other Feed Maintenance Tasks
Working with Notifications
 » Notification Types
 » Poll Failure Notification Object
 » Create New Notification Object
 » Email Scheduling Wizard
 » Modify & Duplicate Notification
 » Delete & Enable/Disable Notification
 » Running as Service
 » Backing Up & Transferring Settings
 » Troubleshooting Guide
 

Troubleshooting Guide

Reading Event Logs

Website monitoring software Website monitor software Website monitoring tool

A single installation of EventMeister can read event logs on the host PC and on other, networked PCs. If you experience problems reading an event log, the following check-list should help.

  1. Ensure that you're running EventMeister under an administrator account.
  2. If reading logs from another computer on the network, make sure that the user and password you have supplied correspond to an administrator account on the target computer. That account MUST have a non-blank password.
  3. Check that DCOM is enabled on both the host and the target PC. Check the following registry value on both computers:
    Key: hklm\Software\Microsoft\OLE, value: EnableDCOM, should be set to 'Y'
  4. Check that WMI is installed.
    EventMeister uses a Microsoft Technology called WMI (Windows Management Instrumentation) to read event logs. This must be present both on the host PC and on the PC whose logs you are trying to read. WMI is present by default in all flavors of Windows 2000 and later operating systems, but must be installed manually on NT4 systems.
    To check for the presence of WMI, type "wbemtest" into the Run box (Start Menu). If the WMI Tester application starts up, then WMI is present, if not, it must be installed:
  5. Ensure that WMI permissions have been set. Specifically, the account used for reading must have
    full permissions for the Root WMI namespace. To check this, view the properties for WMI via the Computer Management console:

    Computer Management Console


    Switch to the Security tab, select "Root" and press the button marked "Security". Check that Allow is ticked for all permissions under the account you're using to read the event logs.
  6. On a Windows XP Pro computer, make sure that remote logons are not being coerced to the GUEST account (aka "ForceGuest", which is enabled by default computers that are not attached to a domain). To do this, open the Local Security Policy editor (e.g. by typing 'secpol.msc' into the Run box, without quotes). Expand the "Local Policies" node and select "Security Options". Now scroll down to the setting titled "Network access: Sharing and security model for local accounts". If this is set to "Guest only", change it to "Classic" and restart your computer.
  7. If you have a firewall installed, make sure that it is not blocking attempts to read the event log. The easiest but least secure way to do this is to configure the firewall to allow all internal network traffic.
    A more secure alternative is to punch a hole in the firewall for internal WMI messages. For the built-in firewall in XP/Vista, this can be done very easily via the following command line (requires full administrator privileges):

    netsh firewall set service RemoteAdmin

    For other firewalls, the situation is complicated by the fact the DCOM, the core technology on which WMI is built, uses dynamic TCP port allocation. In other words, it is a moving target! Fortunately it is possible to constrain DCOM port allocation to a specific range. Below is an example of how this might be done.

    Note#1: Use this procedure at your own discretion and on your own liability. Technology Lighthouse assumes no responsibility for the use of this procedure.

    Note#2: Quotes are used below purely for clarity - omit them from your registry edits.

    a. Open regedt32.exe
    b. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
    c. If there is no subkey titled "Internet", create one.
    d. Inside the Internet key, create a REG_MULTI_SZ value named "Ports". Each line of the Ports value should specify a range of ports available to DCOM. For this example, add a single line that reads "3000-3010".
    e. Add a new REG_SZ value named "PortsInternetAvailable", set it to "Y"
    f. Add a new REG_SZ value named "UseInternetPorts", set it to "Y"
    g. Open up TCP port 135 to internal traffic. (It may also be necessary to open up UDP 135)
    h. Open up the DCOM port range (e.g. 3000-3010) to internal traffic.

»
Home | Contact us | Request to publish your help manuals | Request to remove your help manuals