Jump to content


Photo

Connection and Audit Status: 'Access Is Denied'

Access is denied Permissions

  • Please log in to reply
4 replies to this topic

#1 rwap

rwap

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 18 July 2018 - 12:02 PM

I've tried setting up Netwrix Account Lockout Examiner within my infrastructure.

 

The ALE is running on Windows 2012 (VM) and the DCs are minimum of 2008 with the domain at 2008. I followed the documentation (Quick Start and Administrators Guide).

 

To restrict unnecessary permissions, I used the service account method as per the KB https://www.netwrix.com/kb/1396 using Group Policy to deploy the firewall and DCOM permissions.

 

Within the console, all of the DCs are showing as 'Connection and Audit Status: 'Access Is Denied''.

 

From the DC, using the firewall logs, I can see that the ALE server is hitting the DC but I can't work out whether the access denied is a network issue or an issue with the permissions.

 

Using event viewer and the service account, I can connect to the DC and look at the logs.

 

Is anyone able to offer any insight?



#2 jeffb

jeffb

    Advanced Member

  • Administrators
  • PipPipPip
  • 384 posts
  • Gender:Male

Posted 18 July 2018 - 12:09 PM

Hello!

 

Are you seeing lockouts?  If so, then events are being collected fine.  What is most likely getting access denied is when ALE tries to check auditing which requires manage auditing and security rights on the target DC ( Give this a shot and see if it works.

 

-Jeff



#3 rwap

rwap

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 18 July 2018 - 02:37 PM

The service account has been been given the auditing and security rights on the DCs via Group Policy (Default Domain Controller Policy). All the other steps described in KB1396 have been followed. The DCOM and WMI settings were also configured using GP.

 

At the moment, ALE will refresh show momentarily that the connection is OK before then becoming 'Access Is Denied'.



#4 AndreyK

AndreyK

    Member

  • Members
  • PipPip
  • 15 posts

Posted 19 July 2018 - 05:44 PM

But does the product report any lockouts? 'Access denied' might be just a false positive...

I would also try giving Domain Admin rights temporaritly to see if this works.



#5 rwap

rwap

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 23 July 2018 - 02:55 PM

I've added the account to domain admin temporarily. The 'access denied' messages don't cease.

 

Even prior to adding the domain account, I was able to search for a user account in and run the check against a particular PC. I get an error while checking for scheduled tasks (but that is another issue).

 

Is this proof of the lockout examiner working as expected? I was under the impression that locked out accounts populated the window without searching, I may be wrong.







Also tagged with one or more of these keywords: Access is denied, Permissions

0 user(s) are reading this topic

0 members, guests, anonymous users