my paMonitor is in Domain A, machine I want to monitor is in Domain B. There does exist a trust between the domains. paMonitor service is running under a local account. We are using a local account on the machine to be monitored in Domain B.

When I attempt to set up a Service Monitor I receive a Access is Denied error that ends with [Err=0x5 (5), CurrUser=J.Michael, Imp={none}]. It appears to not be attempting to use the credentials specified under Type & Credentials.

I tried setting ImpForNetConnect but it had no effect.

asked 24 Jun '15, 15:40

J_Michael's gravatar image

J_Michael
1148
accept rate: 11%


Turns out the answer is telling UAC to get out of the way.

Solution:

  1. Click Start, click Run, type regedit, and then press ENTER.
  2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem
  3. If the LocalAccountTokenFilterPolicy registry entry does not exist, follow these steps:
  4. On the Edit menu, point to New, and then click DWORD Value.
  5. Type LocalAccountTokenFilterPolicy, and then press ENTER.
  6. Right-click LocalAccountTokenFilterPolicy, and then click Modify.
  7. In the Value data box, type 1, and then click OK.
  8. Exit Registry Editor.

Full details: KB951016

link

answered 25 Jun '15, 17:43

J_Michael's gravatar image

J_Michael
1148
accept rate: 11%

edited 25 Jun '15, 17:44

Hi Michael,

I would suggest using a satellite to monitor your machine that is on the other network. Here is a link to the documentation.

Remote and Distributed Server Monitoring

Thanks
Quinn

Please make sure to mark your questions accepted when you have your answer by clicking the gray check mark to the left of the answer.

link

answered 25 Jun '15, 10:31

Quinn's gravatar image

Quinn ♦♦
14.5k3925
accept rate: 35%

Setting up a satellite isn't an option in this environment unfortunately.

What I'd really like to know is why it's not impersonating like it's configured to do.

link

answered 25 Jun '15, 11:30

J_Michael's gravatar image

J_Michael
1148
accept rate: 11%

Michael,

Let's take PA Server Monitor out of the picture and make sure connectivity and rights are working correctly. Get on the server where PA Server Monitor is running, and login using the same credentials that PA Server Monitor is running as. Then run eventvwr.exe (Microsoft Event Viewer) and connect to the server on Domain B using the credentials for that server. If you are unable to do so the permissions is the issues.

Here is a link that you might find helpful. Connecting to Servers NOT in a Domain

Thanks
Quinn

Please make sure to mark your questions accepted when you have your answer by clicking the gray check mark to the left of the answer.

link

answered 25 Jun '15, 14:35

Quinn's gravatar image

Quinn ♦♦
14.5k3925
accept rate: 35%

I did try that, and it works.

link

answered 25 Jun '15, 14:37

J_Michael's gravatar image

J_Michael
1148
accept rate: 11%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×9
×6

Asked: 24 Jun '15, 15:40

Seen: 6,917 times

Last updated: 25 Jun '15, 17:44