Jump to content


Photo

Netwrix Account Lockout Examiner - Access Denied


  • Please log in to reply
2 replies to this topic

#1 DaveV

DaveV

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 26 February 2014 - 11:35 AM

I have setup the software with a dedicated account and everything works except when examining a locked account. There is just one line wrong in the details: Examining logon sessions ... Failed due to the following error: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED).
I have followed some tests posted in another post, account is a member of the local admins group on the client computer being used by the locked out user, logged onto the server with the account used for the Netwrix service and able to connect using Services to the client pc.
Any ideas why I'm seeing this single error?

#2 jeffb

jeffb

    Advanced Member

  • Administrators
  • PipPipPip
  • 384 posts
  • Gender:Male

Posted 26 February 2014 - 01:10 PM

Dave,

The error occurs when the Account lockout Examiner service account can`t acces the RDP sessions information of a user. It might happen because the service account has not enough local permissions on the machine (doesn't seem to be the case), or the user that is examined has elevated permissions.

If the error occurs with all users, it is an error of the logon examination module. There is an option to disable this module by setting the value of the “ExamineRPD” key to 0 (HKLM\Software\[Wow6432Node]\NetWrix\Account Lockout Examiner (Wow6432Node only for x64 OS).
Disabling of this module will not result in lack of information because this functionality is replicated in the invalid logon examination list.

-Jeff

#3 jjohnston

jjohnston

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 25 November 2015 - 05:06 PM

I am seeing "Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))" error in the Account Lockout examiner console for new Windows Server 2012 R2 domain controllers. I have a dedicated service account that is a member of the domain administrators group as well as local administrators. I've been trying all of the solutions listed on this site for the past 2 weeks trying to get something to give, but I cannot view lockouts on the new domain controllers.

 

I get this when I am logged in from my Windows 7 workstation as a domain administrator.

 

When logged into the Windows Server 2012 R2 domain controllers, I can only connect to the local domain controller.

 

When logged into a Windows Server 2008 or 2003 R2 domain controller I can see all of the 2008 and 2003 domain controllers, but none of the 2012 R2 domain controllers.

 

Has anyone else experienced this problem?






0 user(s) are reading this topic

0 members, guests, anonymous users