Service Monitor - Not Authenticating?

J_Michael 28
Viewed 0

my paMonitor is in Domain A, machine I want to monitor is in Domain B. There does exist a trust between the domains. paMonitor service is running under a local account. We are using a local account on the machine to be monitored in Domain B.

When I attempt to set up a Service Monitor I receive a Access is Denied error that ends with [Err=0x5 (5), CurrUser=J.Michael, Imp={none}]. It appears to not be attempting to use the credentials specified under Type & Credentials.

I tried setting ImpForNetConnect but it had no effect.

service credentials
5 Answers

Hi Michael,

I would suggest using a satellite to monitor your machine that is on the other network. Here is a link to the documentation.

Remote and Distributed Server Monitoring

Thanks
Quinn

Please make sure to mark your questions accepted when you have your answer by clicking the gray check mark to the left of the answer.

Quinn2713

Setting up a satellite isn't an option in this environment unfortunately.

What I'd really like to know is why it's not impersonating like it's configured to do.

J_Michael28

Michael,

Let's take PA Server Monitor out of the picture and make sure connectivity and rights are working correctly. Get on the server where PA Server Monitor is running, and login using the same credentials that PA Server Monitor is running as. Then run eventvwr.exe (Microsoft Event Viewer) and connect to the server on Domain B using the credentials for that server. If you are unable to do so the permissions is the issues.

Here is a link that you might find helpful. Connecting to Servers NOT in a Domain

Thanks
Quinn

Please make sure to mark your questions accepted when you have your answer by clicking the gray check mark to the left of the answer.

Quinn2713

I did try that, and it works.

J_Michael28

Turns out the answer is telling UAC to get out of the way.

Solution:

  1. Click Start, click Run, type regedit, and then press ENTER.
  2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem
  3. If the LocalAccountTokenFilterPolicy registry entry does not exist, follow these steps:
  4. On the Edit menu, point to New, and then click DWORD Value.
  5. Type LocalAccountTokenFilterPolicy, and then press ENTER.
  6. Right-click LocalAccountTokenFilterPolicy, and then click Modify.
  7. In the Value data box, type 1, and then click OK.
  8. Exit Registry Editor.

Full details: KB951016

J_Michael28
Related