Jump to content


Photo

Unable to obtain previous value for change

AD Audit Change Reporter Exeption

  • Please log in to reply
3 replies to this topic

#1 lea2312

lea2312

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 15 January 2018 - 12:27 PM

Hello! I have a problem with ADCR and can't solve it alone.

 

I installed Netwrix AD Auditor, configured domain admin Account for AD auditing, install SQL Server, Created ReportServer and Netwrix_Auditor_Active_Directory databases, configured long-term archive. Configured schedule and finally got my daily report after initial log collection in my domain. All worked fine couple of weeks, after that Netwrix stops to send reports. I tryed to find a problem with Email send, but in netwrix auditor AD reporter there was no data, and Netwrix_Auditor_Active_Directory had no audit data too.

I start to dig deeper and find C:\Program Files (x86)\Netwrix Auditor\Active Directory Auditing\Tracing\ADCR-domainName.txt file.

File starts with lines like "ADCR.exe Information: 0 :" but next, file have some error:

 

"ADCR.exe Error: 0 : [TID: 1, Time: 15.01.2018 10:49:44] Unable to obtain previous value for change e5add9b8-9583-470d-a0ca-64dc596e53ca. The error is: System.IndexOutOfRangeException: Index was outside the bounds of the array.
   at #=q8fNZ0TClxcrA6m6HKo5ODQsfwvsB6p3knVq4oa$v6v4$LqdeXihbuC7iRnyMwuZVj$D73nKV6Exd3kQgSLSbeA==.#=qfQRVFMDigKAqjAZg86iF$Yu0Tb_6PYbKEhtuHT5k_4Q=(String #=qyykuK1G6AlOEdpZzfdA0Jg==)
   at #=qYFDVHaMIcH_VnR9wDHZ2egBMkKoeUuzk6KAj2Jl86o8MdkJ82XpWjQN48dp375$HgTT66Fsx2VsK_f_JjMI6AQ==.GetObjectProperties(Guid #=qUjI02YwC410cRWxuYascHg==)
   at #=qYFDVHaMIcH_VnR9wDHZ2egBMkKoeUuzk6KAj2Jl86o8MdkJ82XpWjQN48dp375$HgTT66Fsx2VsK_f_JjMI6AQ==.#=qpcfl8JDDQ$_a18_LIcqVaMovUXZu_BURlWAg5J$DKII=.MoveNext()
   at Netwrix.ADA.ActiveDirectoryLibrary.RealTimeStorage.#=qGwGyF36fMMHFaObKanbx4Q==()
   at Netwrix.ADA.ActiveDirectoryLibrary.RealTimeStorage.#=q6$DKhp1gv2AeePsBPtvlF9rq3zAdtsEIJJXttqPyc3M=()
   at Netwrix.ADA.ActiveDirectoryLibrary.RealTimeStorage.GetObjectProperties(Guid objectGuid)
   at Netwrix.ADA.ActiveDirectoryLibrary.RealTime.AlertDump.AlertDump.#=qrMLcFQzOJKkHTghV$SJppJlhHj1fTiqqYfyktQVUj2Y=(IList`1 #=q74qMIWbZHNsWWMWgC0nvQA==)"

 

There are a lot of this errors in tracing file. I have no idea what to do with it. :( :(

 

 

 

Thank you in Advance

P.S. Sorry for my English.



#2 Mikey_Ryabukhin

Mikey_Ryabukhin

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 15 January 2018 - 04:38 PM

Hello Lea2312.

 

Could you kindly provide logs from the following location (the entire folder):

C:\Program Files (x86)\Netwrix Auditor\Active Directory Auditing\Tracing

Also, please gather “Netwrix Auditor System Health Log". To do that, please perform following steps:

1. Start "Event Viewer" on the machine where you have Netwrix Auditor installed
2. Expand "Applications and Services Logs" hub
3. Right-click "Netwrix Auditor System Health"
4. Select "Save All Events As..."

Either zip those files and attach them to your reply. Or use netwrix.com/upload form.
For latter, please specify topic name in the "Subject" field.

Best Regards,
Michael.



#3 lea2312

lea2312

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 17 January 2018 - 08:32 AM

Michael, thank for your post!

Here is my tracing log (I had to replace all info about domain name and servers names in log for "domain" "server1") and events from

Netwrix Auditor System Health journal

 

Attached Files

  • Attached File  Logs.zip   11.35KB   1 downloads


#4 lea2312

lea2312

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 25 January 2018 - 02:11 PM

I found solution by myself! ADCR weren't work becouse a corrupted .tmp file in Netwrix\AD Changes\domainName\RealTimeData folder






0 user(s) are reading this topic

0 members, guests, anonymous users