I never really got ALE to work properly, but started paying more attention to it recently. I'd love to get the remote unlock part to work and while troubleshooting in the ALEService log I found it was almost about 550MB in size I stopped the service, deleted the log, restarted and got a fresh log going.
Same errors every few seconds:
ALEService.exe Error: 0 : [TID: 22, Time: 1/12/2017 8:26:02 AM] MONITORING: Server: DC.contoso.com
System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
at System.Management.ManagementScope.InitializeGuts(Object o)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementObjectSearcher.Initialize()
at System.Management.ManagementObjectSearcher.Get()
at ALService.EventWatch.DefaultManagementEventWatcher.ReadLog()
at ALService.EventWatch.DefaultManagementEventWatcher.Run()
at ALService.Entities.MonitoredServers.MonitoredServer.ConnectionLoop(Object stateObj)
ALEService.exe Information: 0 : [TID: 24, Time: 1/12/2017 8:26:02 AM] MONITORING: Init WMI Domain watcher, server: DC5.contoso.com
ALEService.exe Error: 0 : [TID: 24, Time: 1/12/2017 8:26:02 AM] MONITORING: Reading log WMI watcher. DC5.contoso.com:
System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
at System.Management.ManagementScope.InitializeGuts(Object o)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementObjectSearcher.Initialize()
at System.Management.ManagementObjectSearcher.Get()
at ALService.EventWatch.DefaultManagementEventWatcher.ReadLog()
ALEService.exe Error: 0 : [TID: 24, Time: 1/12/2017 8:26:02 AM] MONITORING: Server: DC5.contoso.com
System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
at System.Management.ManagementScope.InitializeGuts(Object o)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementObjectSearcher.Initialize()
at System.Management.ManagementObjectSearcher.Get()
at ALService.EventWatch.DefaultManagementEventWatcher.ReadLog()
at ALService.EventWatch.DefaultManagementEventWatcher.Run()
at ALService.Entities.MonitoredServers.MonitoredServer.ConnectionLoop(Object stateObj)
ALEService.exe Information: 0 : [TID: 11, Time: 1/12/2017 8:26:20 AM] EVENT WATCHING INFO: Logon failure event: #220456467 from DC4.contoso.com. sid NTAccount: S-1-5-21-2887211811-4004433610-1778173099-2838. Time generated: 1/12/2017 1:26:06 PM
ALEService.exe Information: 0 : [TID: 11, Time: 1/12/2017 8:26:54 AM] EVENT WATCHING INFO: Logon failure event: #220456533 from DC4.contoso.com. sid NTAccount: S-1-5-21-2887211811-4004433610-1778173099-2838. Time generated: 1/12/2017 1:26:41 PM
ALE is installed on DC4 if that makes a difference. This started happening when I enabled Success and Failure events in the DC GPO's like it instructs you to do in the admin guide and in the settings under domains. I know it's saying access is denied, which leads me to believe the admin account I put in the Netwrix service account isn't working? I've tried a few different users with domain admin privileges, but still doesn't work.