Heartbeat Monitoring reports "Access is denied" for the status of remote EventSentry agents, even though authentication is set

Article ID: 216
Category: Heartbeat Monitoring
Applies to: All Versions
Updated: 2018-11-07

When configuring authentication in the heartbeat agent, it is important that you are logged in with the same user account under which the "EventSentry Heartbeat Monitor" service is running under. Otherwise, the passwords will not be accessible and you'll receive "Access Denied" errors.

1) Make sure the "EventSentry Heartbeat Monitor" service on your management console computer is configured to run under an account that has administrator rights on your management console computer. To check/change this, open the services manager (Start > run > services.msc) and double-click the "EventSentry Heartbeat Monitor" service, and click the "Log On" tab to see which account is being used, and to change the account if you're not using an account with administrator rights. If you needed to change the account, you have to restart this service when you're done.

2) Make sure the EventSentry management console is not open. Hold the shift button on the keyboard while right-clicking the EventSentry desktop icon to bring up the "run as another user" menu item and then choose to run as another user. Enter the account name and password that you used for the EventSentry Heartbeat Monitor service settings in step 1.

3) Use the toolbar to click Tools > Authentication Manager. Double-click each authentication set and re-type the missing password.

4) Save the EventSentry settings, restart the "EventSentry Heartbeat Monitor" service, and close the EventSentry console.

Background: Passwords are encrypted and stored in the HKEY_CURRENT_USER directory of the registry. Only the user who creates or changes the passwords (when you use "Set Authentication" in the management console) will be able to access and decrypt them. For example, if you use the EventSentry management console as "User A", but the heartbeat agent runs as "User B", then the authentication information will be associated with the windows user "User A", and stored where only "User A" will be able locate and decrypt them.