Event Log Scrapping connection test shows "Unknown" error after test
search cancel

Event Log Scrapping connection test shows "Unknown" error after test

book

Article ID: 345838

calendar_today

Updated On:

Products

VMware vDefend Firewall

Issue/Introduction

  • When trying to adding a Event Log Scrapping to IDFW LDAP configuration, you get an ERROR when testing the connection in the NSX-T GUI.

    EventLogSerer: connection test status: domain=example.com user="used-in-setup" status=ERROR, Unknown error.

  • Check the NSX-T Manager logs in the /var/log/syslog for this string: EvtRpcRegisterRemoteSubscription return value = 5

    Example in logs;

2022-11-28T19:33:15.016Z WARN http-nio-127.0.0.1-7440-exec-27 ElsStatusUpdater 7304 FIREWALL [nsx@6876 comp="nsx-manager" level="WARNING" reqId="UUID" subcomp="manager

" [email protected]] Couldn't connect to event log server, domain: company.com host: Server.company.com user: LogScrapUser

java.util.concurrent.ExecutionException: jcifs.dcerpc.msrpc.eventing.EventLogException: EvtRpcRegisterRemoteSubscription return value = 5



Environment

VMware NSX-T Data Center

Cause

incorrect permissions applied to the user in AD used for Event Log Scrapping setup.

Resolution

This can be corrected by changing AD permissions for Event Log Scrapping to read security logs like auditing & security logs

Additional Information

 

Impact/Risks:

This may result in not having event log scrapping setup properly and you will see a "Unknown Error" in the NSX-T GUI connection test.

Powered by Wolken Software