Error occurs when attempting to install Active Administrator audit agent: "Test failed for agent service account on domain controller [servername] Failed to open the security log. The network path was not found."
1. Open the local policies on the Domain Controller and grant the service credential explicit user rights assignment to manage the Security.evt log
2. Add a new DWORD registry key (named: RequireSecureNegotiate) in this location:
with a value of "2"
Valid values for the key:
0 – Disabled (Default value)
1 – Required
2 – Enabled if needed.
NOTE: Quest does not provide support for problems that arise from improper modification of the registry. The Windows registry contains information critical to your computer and applications. Make sure you back up the registry before modifying it. For more information on the Windows Registry Editor and how to back up and restore it, refer to Microsoft Article ID 256986 "Description of the Microsoft Windows registry" at Microsoft Support.
3. Ensure the Remote Registry service is enabled and running on the DC
4. If the DC is located on a different network, ensure any firewalls are open. Confirm you can access the volumes on the DC from the AA server as the Audit Agent installer is copied from the AA server to the DC and then run on the DC
5. Check and confirm that all of the machines (DCs and AA server) have the same patches applied. For example, the patch KB5003637 locks down remote access to the Event Viewer. If a machine tries to access the Event Viewer on a remote machine with this patch, it will fail if the calling machine does not have the same updates applied.
© 2021 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Conditions d’utilisation Confidentialité