EventSentry

• Overview

• Management

• Event Log Monitoring

• Real-time Event log Monitoring
• Consolidation
• Compliance

• Log File Monitoring

• Health Monitoring

• Services and Processes
• Disk Space
• Performance
• File Monitoring
• Software Monitoring
• Application Scheduler
• Event Log Backups

• Tracking

• Process Tracking
• Logon Tracking
• Print Tracking

• Syslog Daemon

• Network Monitoring

• Environment

• Temperature / Humidity
• Motion / Smoke / Water

• Notifications

• Web Reporting

• Dashboard
• Event Reports
• Heartbeat
• Tracking
• Disk Space
• Performance
• Services
• Software / Systeminfo
• Environment
• Nessus Reporting

---

Applies to: EventSentry (all versions)	Category: Heartbeat Monitoring
Document Created: 2005-02-14	Document Last Modified: 2006-10-12

---

This happens when the user account the heartbeat service is running under does not have privileges to query the EventSentry service status on the remote host(s). You will usually see this on Windows 2003 Servers running SP1 or on computers running Microsoft Vista.

You can solve this problem by either running the EventSentry Heartbeat Monitor under a user account with elevated permissions (e.g. an account that is a member of the Domain Admins group) or by changing the ACL permissions of the EventSentry service.

1. Changing the account the EventSentry Heartbeat Monitor service is running under:

* Navigate to Start -> Programs -> Administrative Tools -> Services
* Locate the "EventSentry Heartbeat Monitor"
* Right-Click the entry and select "Properties"
* Select the "Log On" tab
* Change the setting to "This Account" and specify a user account that has permissions to query the status of services on the remote host(s). This option is set to "Local System Account" by default, which does not always depending on your network/AD configuration) have the necessary permissions.

Once you change this setting and restart the EventSentry heartbeat agent.

2. Changing the ACL entries of the EventSentry service on all monitored hosts

* Download the "subinacl.exe" utility from the Microsoft web site (http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en) and install it
* Determine the computer name of the computer where the EventSentry Heartbeat Monitor service is running on. In our example we will use the computer name ESHOST.
* If you are running EventSentry v2.81.0.21 or older then execute the following command:

subinacl.exe /service \\COMPUTER1\EventSentry /GRANT=MYDOMAIN\ESHOST$=R

where COMPUTER1 is a computer running the EventSentry agent and DOMAIN is the domain that ESHOST is part of (you may be able to substitute the domain name with the computer name). Repeat this for every computer that is affected by the "Access Denied" error message.

If you are running EventSentry v2.81.0.22 or later then execute the following command:

subinacl.exe /service \\COMPUTER1\EventSentry /GRANT=MYDOMAIN\ESHOST$=QS

Additional Links

Running the Heartbeat Service under the NETWORK SERVICE account You receive an error message when you try to access the registry or Event Viewer on a remote computer How to grant users rights to manage services