Beruflich Dokumente
Kultur Dokumente
LepideAuditor Suite
TROUBLESHOOTING GUIDE
This document explains the troubleshooting of the common issues that may appear while using
LepideAuditor Suite.
LepideAuditor Suite Troubleshooting Guide
Copyright
LepideAuditor Suite, LepideAuditor App, LepideAuditor App Server, LepideAuditor Suite (Web
Console), LepideAuditor Logon/Logoff Audit Module, any and all components, any and all
accompanying software, files, data and materials, this Configuration Guide, and other documentation
are copyright of Lepide Software Private Limited, with all rights reserved under the copyright laws.
This user guide cannot be reproduced in any form without the prior written permission of Lepide
Software Private Limited. No Patent Liability is assumed, however, with respect to the use of the
information contained herein.
In addition, in no event does Lepide Software Private Limited authorize you or anyone else to use
LepideAuditor Suite and the above listed accompanying programs in applications or systems where
LepideAuditor Suite and the above listed accompanying programs’ failure to perform can reasonably
be expected to result in a significant physical injury, or in loss of life. Any such use is entirely at your
own risk, and you agree to hold Lepide Software Private Limited harmless from any and all claims or
losses relating to such unauthorized use.
Trademarks
LepideAuditor Suite, LepideAuditor App, LepideAuditor App Server, LepideAuditor Suite (Web
Console), LepideAuditor Logon/Logoff Audit Module, LepideAuditor for Active Directory,
LepideAuditor for Group Policy Object, LepideAuditor for Exchange Server, LepideAuditor for SQL
Server, LepideAuditor SharePoint, Lepide Object Restore Wizard, Lepide Active Directory Cleaner,
Lepide User Password Expiration Reminder, and LiveFeed are registered trademarks of Lepide
Software Pvt Ltd.
All other brand names, product names, logos, registered marks, service marks and trademarks (except
above of Lepide Software Pvt. Ltd.) appearing in this document are the sole property of their
respective owners. These are purely used for informational purposes only. We have compiled a list of
such trademarks but it may be possible that few of them are not listed here.
Windows XP®, Windows 7®, Windows 8®, Windows 8.1®, Windows 10®, Windows 2000 Server®,
Windows 2000 Advanced Server®, Windows Server 2003®, Windows Server 2003 R2®, Windows
Server 2008®, Windows Server 2008 R2®, Windows Server 2012®, Exchange Server 2003®, Exchange
Server 2007®, Exchange Server 2010®, Exchange Server 2013®, SharePoint Server®, SharePoint Server
2010®, SharePoint Foundation 2010®, SharePoint Server 2013® SharePoint Foundation 2013®, SQL
Server 2005®, SQL Server 2008®, SQL Server 2008 R2®, SQL Server 2012®, SQL Server 2014®, SQL
Server 2016®, SQL Server 2005 Express Edition®, SQL Server 2008 Express® SQL Server 2008 R2
Express®, SQL Server 2012 Express®, SQL Server 2014 Express® .NET Framework 4.0, .NET
Framework 2.0, Windows PowerShell® are registered trademarks of Microsoft Corporation.
Contact Information
Email: sales@lepide.com
Website: http://www.lepide.com
Table of Contents
Introduction ........................................................................................................................................................ 6
Why the auditing logs are not being displayed in LepideAuditor Suite after installing it? ................... 7
The user is facing issues in dealing with multiple domain controllers. ................................................... 13
Problem in adding domain controller as LepideAuditor Suite is not resolving the IP Address
automatically. ................................................................................................................................................... 15
The user is facing issues in uninstalling or upgrading the agent on the server. ..................................... 18
The user is not able to perform the change auditing of the added domain(s). ....................................... 18
The auditing of a domain is still not enabled even after clicking “Enable Audit” while adding/
Non-owner accesses to some or all mailboxes are not being audited. ..................................................... 21
Auditing logs are not being generated for Group Policy Management Console. .................................. 21
No logs are being collected or displayed for Health Monitoring of Windows Server 2003 or 2003 R2.
Which Health Monitoring Reports will not be displayed for Exchange Server 2003? ........................... 22
LepideAuditor Suite is not performing any audit. SQL Server Management Studio show “(suspect)”
Error "SharePoint Agent is not running" in Change Capture Current Status in the Dashboard Tab. . 27
Error "The agent could not be connected to SQL Server" appears in Change Capture Current Status
The software is not responding or taking a long time during the data collection. ................................. 28
Reports and alerts are not being generated for SharePoint Server even if software is able to collect
There is no monitoring and no auditing of the particular sites of SharePoint Server. ........................... 29
No Report is being generated for an already added domain. Event Viewer is displaying Event ID 521
"Unable to log events to security log with Status code: 0xc0000008". ...................................................... 30
Support .............................................................................................................................................................. 31
Introduction
Like other software, the users may face some problems and errors while using LepideAuditor Suite.
The common errors, problems, and their resolution or workaround steps are detailed in this Guide.
You can refer to the following guides to deal with product’s installation, activation, and configuration.
http://www.lepide.com/installationguide/LepideAuditorSuite.pdf
Configuration Guide –
http://www.lepide.com/configurationguide/auditor-suite-configuration-guide.pdf
System Requirements –
http://www.lepide.com/lepideauditor/documentation/#tab-2
After installing, activating, and configuring LepideAuditor Suite, it can be used for performing change
auditing, health monitoring, and object restoration. You can refer to the preinstalled Help Manual to
Related Documents
Data Sheet - http://www.lepide.com/datasheet/LepideAuditorSuite.pdf
FAQ - http://www.lepide.com/lepideauditor/faq.html
http://www.lepide.com/configurationguide/auditor-suite-enable-auditing-manually.pdf
http://www.lepide.com/configurationguide/auditor-suite-enable-logon-logoff-monitoring.pdf
http://www.lepide.com/configurationguide/auditor-suite-configure-mailbox-auditing.pdf
Let us have a look at the common problems or error messages that may appear while using
LepideAuditor Suite.
1. Go to the Server.
4. If these events are not being generated, then it means auditing is not enabled or being disabled
automatically after a frequent interval. This can be because of a Group Policy applied on the
server.
5. To rectify this issue, run "GPMC.msc" in Run or CMD prompt, to open Group Policy
Management Console.
7. Now, you have to perform the following steps on all Group Policy Object nodes listed under
“Group Policy Objects”.
d. Selecting "Security Options" will list all its Group Policies in the right panel.
e. Double click "Audit: Force audit policy subcategory settings (Windows Vista or later) to
override audit policy category settings". This will open "Properties" box for this policy.
8. Follow the above steps for all nodes under Group Policy Objects. In our case, these steps are
performed again for "Default Domain Policy" and "Logon Logoff by LepideAuditor". In our
case, these steps has to be performed on following policies.
Default Domain Controllers Policy
Default Domain Policy
Logon Logoff by LepideAuditor
10. Now go to software → "Settings" tab → "Component Management", right click on "Domain"
node and click "Properties". This will show the wizard to modify the domain's listing.
12. This will enable domain auditing. If you face any error, then please refer to Guide to Enable
Auditing Manually.
1. Go to "Settings" tab → "Component Management", select the domain that has to be modified.
3. All domain controllers are listed herein the middle section between two headers "Active
Directory and Exchange Servers" and "Group Policy Servers".
4. Each domain controller has the checkboxes for following options. Some may show disable as
these are not applicable.
a. Change Auditing: It shows status for Change Auditing for added server's Active
Directory, Exchange Server, and Group Policy.
b. Health Monitoring: It shows status for Health Monitoring for added server's Active
Directory and Exchange Server.
5. Uncheck the change auditing, health monitoring and non-owner mailbox auditing options for
the domain controllers, which you do not want to audit.
1. While Adding Domain: If you receive the error while adding domain, perform the following
steps.
a. Double click the IP Address fields for the domain controller(s), whose IP Address is being
displayed incorrectly.
2. After Adding Domain: Perform the following steps to replace the incorrect IP Address of
domain.
b. Click "Network Settings" link in "Actions" pane to access following dialog box.
d. Click "OK" to apply this IP Address. This will take you back to "Component Management".
NOTE: Alternatively, you can click "Properties" to view domain properties and click "IP Settings"
to replace the wrong IP Address with a correct one.
1. Go to "Settings" tab → "Component Management", right click on the target domain node.
2. Click "Properties" option to modify the selected domain with the following wizard.
NOTE: You can also select a domain entry and click "Properties" link in "Actions" pane to edit
its listing.
In such cases, you've to enable the auditing settings manually at the Windows Server.
You can download the guide – “Enable Logon/Logoff Monitoring for LepideAuditor Suite” – from
http://www.lepide.com/configurationguide/auditor-suite-enable-auditing-manually.pdf. It illustrates
the detailed steps to enable auditing at any Windows Server manually.
It contains the detailed steps to enable the collection and auditing of logon and logoff events for any
Windows Server by LepideAuditor Suite.
http://www.lepide.com/configurationguide/auditor-suite-configure-mailbox-auditing.pdf.
LepideAuditor Suite may face some problem and throw error while performing the Group Policy
auditing of Windows Server 2003. It is necessary to install the hotfix 203455 on the domain controllers
of Windows Server 2003. Without this hotfix, queries against the
Win32_PerfFormattedData_NTDS_NTDS class on domain controllers of Windows Server 2003 will
fail with error 0x80041010. Follow the steps given below:
1. Install the Service Pack 2 of Windows Server 2003 for both 32-bit and 64-bit, if not installed
earlier.
2. Download the hotfix from
wmidap.exe /f
Message Queue
RPC Status
Replication Status
1. Open SQL Server Management Studio of SQL Server, which stores the database(s).
2. Establish the connection using Windows authentication or SQL Server authentication.
3. Expand “Database” node and access the database that is connected with LepideAuditor Suite
for storing logs.
4. Make sure it shows “(suspect)” as its status.
5. Click “New Query” button on the toolbar. Alternatively, you can right click on the database
and select “New Query”.
6. This will display the section at right side for executing a query.
7. Copy and paste the following query in this area. Replace “DATABASE_NAME” with the
name of your database.
Please check whether LepideAuditor Suite is working now and auditing the domain properly.
SharePoint Server can be added only when you have installed Microsoft System CLR Types for SQL
Server 2012 and Microsoft SQL Server 2012 Management Objects Setup at the server where SharePoint
is installed. The setup files to install these two add-ons come pre-installed with the software. Perform
the following steps,
1. Go to the server and browse the folder where LepideAuditor Suite is installed.
2. Open the folder "Redist" which has different setup files.
3. "x64" folder has the setup files for 64-bit Windows Server, whereas "x86" contains the files for
32-bit Windows Server OS.
4. Open the required folder.
5. Run the setup file "SQLSysClrTypes.msi" to install Microsoft System CLR Types for SQL
Server 2012. Follow the onscreen instructions.
6. Run the file "SharedManagementObjects.msi" to install Microsoft SQL Server 2012
Management Objects Setup. Follow the onscreen instructions.
7. Connectivity of LepideAuditor Suite to the Instance of SQL Server, which is interlinked with
SQL Server.
Solution
Make sure the computer containing the agent is started and logged on. In addition, it should be
connected to the other computer where the LepideAuditor for SharePoint is installed. Try to share the
files between these computers for confirming their connectivity.
If SharePoint Server, interlinked SQL Server, and LepideAuditor Suite are on different
computers, please check whether these computers could be connected with each other over
the network.
Either SharePoint Server is not functioning or the agent in it is not deployed at it.
Solution
Please check whether SharePoint Server is working properly or not. If yes, then please check whether
the target SharePoint Server has the Lepide SP Agent installed in it. Follow the below steps for
verifying its existence:
5. If this agent is un-deployed, then kindly deploy the agent from the SharePoint Server Settings.
If it has been deleted or is not being deployed, then kindly uninstall and reinstall the
Agent. Refer to the “Uninstall Agent from SharePoint” page of Help Manual to know about
the steps to uninstall and reinstall SharePoint Agent.
2. Select the relevant SharePoint Server, and click button. This will show "Modify SharePoint"
wizard.
3. Click "Site Collection" in the left panel.
5. Set the Auditing Settings to monitor all the sites or include the required sites.
No report or LiveFeed is generated for an already added domain. Event Viewer for that server is
displaying the Event ID 521 "Unable to log events to security log with Status code: 0xc0000008".
Cause
There can be any of the following listed reasons for this issue.
Event Logs have consumed all available free disk space. There is no enough disk space to
record new events.
Security Event Log has been corrupted.
AutoBackupLogFiles entities may be missing.
Preferred Solution
It is advised to perform the following solutions one by one and check the status of LepideAuditor
Suite after each step.
Support
We have an extensive and efficient support system to assist our customers with all issues related to
using LepideAuditor Suite. The software comes with an embedded help manual that can be accessed
by clicking Help in the software main window. You can also press the F1 key on the keyboard of your
computer to access it.
http://www.Lepide.com/documentation-center.html
We also offer live support wherein you can chat with our software experts at
http://www.Lepide.com/Support.html
Helpline
+91-9818725861
1-866-348-7872 (Toll Free for USA/CANADA)