This application warning occurring on the machine running Active Administrator Server Management Console is reported when the Active Administrator Maintenance service detects a domain controller has not written a security event to the Active Administrator auditing database for a period of 10 minutes. This is a new feature in Active Administrator beginning in version 5.1, and was designed to alert system administrators that there may be an issue with a domain controller and its ability to write recorded security events to the Active Administrator auditing database.
There may not be a single resolution to this issue, so please follow the troubleshooting steps below:
Verify the version/build of the Active Administrator Server Management (ASM) Console. You can verify you have the latest version at: http://www.quest.com/active-administrator/. Ensure the agent version matches the version of the AA server.
Verify that the account used by the Active Administrator services, and the account used to install the agent, is in the AA_Admin group. This group is either local on the SQL server, or global in Active Directory Users folder, depending on what was selected when the database was created.
Run “cliconfg” on the Active Administrator machine via Start > Run:
Verify that TCP/IP and Named Pipes appear in the “Enabled protocols by order” and are in the same order as displayed below. Make sure the “Enabled shared memory protocol” check box is enabled as well.
Captured security events are sent to the database server/instance using TCP/IP port 1433, if you are using the default SQL port in your environment. Can you establish a telnet session from this domain controller to the backend database server, using a command prompt and the following command?
telnet [SQLServerName] 1433
This command should return with a blank window.
Via the Active Administrator Server Management Console, go to Tools > Service Monitoring and Recovery Policy. If you know a Domain Controller has a slow connection you can increase the time the Active Administrator Maintenance Service checks that an event has been written to the database from 30 minutes, to a greater number, such as 60 minutes. Also, if you don’t want to receive these warnings anymore you can disable this functionality by unchecking “Enable Audit Agent monitoring and recovery”.
If the warning persists please provide Quest Software Support with the information below:
Is this the only domain controller that you’re auditing in the Active Administrator Server Management Console that is producing this application warning? If not, how many domain controllers are having this issue?
If only one domain controller is getting this warning, what makes this domain controller unique to the others that are not having this issue? Remote location possibly over a congested WAN link, firewall enabled, etc.?
What is the domain controller(s) operating system, service pack and properties (right click on my computer and select properties)?
Is it possible the domain controller(s) doesn't record security events in its local event viewer logs/security events as frequently as other domain controllers?
Please open the Active Administrator Server Management Console and select the Collection Agents tab. Highlight the Domain Controller in question, right click and choose “Refresh selected”. What is the date and time in the Last Event column for this domain controller? This is the most recent date and time this particular domain controller has written at least one security event to the Active Administrator auditing database. Does this date appear to be correct?
Establish a remote connection to the Domain Controller and open the Security Event log. What is the most recent security event, other than successful logons?
On the Domain Controller re-start the Active Administrator Agent Service. Once started, examine the local event viewer Application log. Is there an application error associated to the startup of the Active Administrator agent service? If so please provide a screen shot or copy the contents to the clipboard, and paste into a text file. Send an e-mail with the error, or call Quest Software Support.
Related Articles or Solutions: