View New Content
Search Advanced
Search section:

This topic

Forums

Members

Help Files
Members
Forums
More

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Connection and Audit Status: 'Access Is Denied'

Started by rwap , Jul 18 2018 12:02 PM

Access is denied Permissions

Please log in to reply

6 replies to this topic

#1 rwap

Newbie

Members
3 posts

Posted 18 July 2018 - 12:02 PM

I've tried setting up Netwrix Account Lockout Examiner within my infrastructure.

The ALE is running on Windows 2012 (VM) and the DCs are minimum of 2008 with the domain at 2008. I followed the documentation (Quick Start and Administrators Guide).

To restrict unnecessary permissions, I used the service account method as per the KB https://www.netwrix.com/kb/1396 using Group Policy to deploy the firewall and DCOM permissions.

Within the console, all of the DCs are showing as 'Connection and Audit Status: 'Access Is Denied''.

From the DC, using the firewall logs, I can see that the ALE server is hitting the DC but I can't work out whether the access denied is a network issue or an issue with the permissions.

Using event viewer and the service account, I can connect to the DC and look at the logs.

Is anyone able to offer any insight?

Back to top

#2 jeffb

Advanced Member

Administrators
384 posts

Gender:Male

Posted 18 July 2018 - 12:09 PM

Hello!

Are you seeing lockouts? If so, then events are being collected fine. What is most likely getting access denied is when ALE tries to check auditing which requires manage auditing and security rights on the target DC ( Give this a shot and see if it works.

-Jeff

Back to top

#3 rwap

Newbie

Members
3 posts

Posted 18 July 2018 - 02:37 PM

The service account has been been given the auditing and security rights on the DCs via Group Policy (Default Domain Controller Policy). All the other steps described in KB1396 have been followed. The DCOM and WMI settings were also configured using GP.

At the moment, ALE will refresh show momentarily that the connection is OK before then becoming 'Access Is Denied'.

Back to top

#4 AndreyK

Member

Members
15 posts

Posted 19 July 2018 - 05:44 PM

But does the product report any lockouts? 'Access denied' might be just a false positive...

I would also try giving Domain Admin rights temporaritly to see if this works.

Back to top

#5 rwap

Newbie

Members
3 posts

Posted 23 July 2018 - 02:55 PM

I've added the account to domain admin temporarily. The 'access denied' messages don't cease.

Even prior to adding the domain account, I was able to search for a user account in and run the check against a particular PC. I get an error while checking for scheduled tasks (but that is another issue).

Is this proof of the lockout examiner working as expected? I was under the impression that locked out accounts populated the window without searching, I may be wrong.

Back to top

#6 gregsmid

Newbie

Members
1 posts

Posted 19 April 2019 - 12:02 AM

Hi rwap, did you ever figure this out? I'm having the same problem with the same troubleshooting steps. I'm not seeing locked out accounts.

Greg

Back to top

#7 Kirill K

Advanced Member

Administrators
136 posts

Gender:Male

Posted 26 April 2019 - 09:50 AM

Have you seen maybe the errors/warnings at UI of ALE?

Best regards,
Forum Engineer

Back to top

Back to Netwrix Account Lockout Examiner

	Change and Access Auditing Tools → Netwrix Auditor for Windows File Servers Free Community Edition → Errors Configuring Auditor for NetApp CIFS Shares Started by jcail , 20 Apr 2016 File Servers, CIFS, NetAPP and 4 more...		0 replies 21,126 views	jcail 20 Apr 2016
	Identity and Access Management Tools → Netwrix Account Lockout Examiner → Access is Denied 0x80070005 Started by jjohnston , 25 Nov 2015 Windows Server 2012 R2 and 2 more...		1 reply 12,316 views	dsmirnov 26 Nov 2015