After applying a Windows Security Baseline to the Domain Controllers, or after enabling the Attack Surface Reduction Rule, "Block credential stealing from the Windows local security authority subsystem", GUID: 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2, Change Auditor no longer audits AD events and in agents 7.0.4 and later, the agent will fail to start. This will also impact agents installed on member servers resulting in the agent failing to start.
An error similar to the following is logged in the ChangeAuditor.AgentLog.nptlog:
[WARN][CServerControlHandler::TriggerHooking(154)] LDAP control hooking failed: 0x00000022
Or
[WARN][TrogdorLib::Common::CTrogdorService::StartImpl(187)] Error initializing sub-system SonicWALL Auditor (71).
[ERROR][itad2hook::DuplexHolderImpl::InitializeIPC(230)] Error starting pipe client. Unable to open pipe
Vous devez être connecté et disposer d'un contrat de maintenance en cours pour afficher les articles de la base de connaissances avancés.
© 2023 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Conditions d’utilisation Confidentialité Cookie Preference Center