The heartbeat monitor is reporting "Access is denied" when monitoring the agent status of a remote computer.

Article ID: 41
Category: Heartbeat Monitoring
Applies to: All Versions
Updated: 2023-06-13

This happens when the user account the heartbeat service is running under does not have privileges to query the EventSentry service status on the remote host(s). This is due to enhanced operating system security for all Windows versions, starting with Windows Server 2003 SP1 and Windows Vista.

You can solve this problem by
A) Running the EventSentry Heartbeat Monitor under a user account with elevated permissions (e.g. an account that is a member of the Domain Admins group)
B) Configuring authentication in the EventSentry console, and providing administrator credentials at the global, group, or computer level. Please see:
C) By changing the ACL permissions of the EventSentry service on each remote host.

Option A: Changing the account the EventSentry Heartbeat Monitor service is running under:

  • Navigate to Start -> Programs -> Administrative Tools -> Services
  • Locate the "EventSentry Heartbeat Monitor"
  • Right-Click the entry and select "Properties"
  • Select the "Log On" tab
  • Change the setting to "This Account" and specify a user account that has permissions to query the status of services on the remote host(s). This option is set to "Local System Account" by default, which does not always depending on your network/AD configuration) have the necessary permissions.

Once you change this setting and restart the EventSentry heartbeat agent.

Option C: Changing the ACL entries of the EventSentry service on all monitored hosts

*If you are running EventSentry v2.81.0.22 or newer then execute the following command:

subinacl.exe /service \COMPUTER1\EventSentry /GRANT=MYDOMAIN\ESHOST$=QS

  • If you are running EventSentry v2.81.0.21 or older then execute the following command:

subinacl.exe /service \COMPUTER1\EventSentry /GRANT=MYDOMAIN\ESHOST$=R

Where COMPUTER1 is a computer running the EventSentry agent and DOMAIN is the domain that ESHOST is part of (you may be able to substitute the domain name with the computer name). Repeat this for every computer that is affected by the "Access Denied" error message.