No security logs getting generted

M

Mayur

Hi,

This is windows 2000 server. I cant see any security logs getting
generted in event viewer. security logs snap-in is completely empty,
howerver other events (application logs etc) are generting properly,
Unable to find solution for this weird problem. can anyone help? You
may directly write me at (e-mail address removed)

Regards,
Mayuresh
 
M

Meinolf Weber [MVP-DS]

Hello Mayur,

Did you configure auditing on the server itself or a GPO for your servers?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
 
M

Mayur

I have already tried enabling auditing from local policy & from domain
policy as well but still no luck... Silly part is other logs like
application, system etc logs are generating properly but only security
logs are troubling... see if u can help...
 
M

Meinolf Weber [MVP-DS]

Hello Mayur,

Please describe in detail what settings you have enabled in the GPO, where
you have linked the policy to and where the server is located in the OU structure.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
 
D

Dave Patrick

The file may be corrupt. Control Panel|Administrative Tools|Services|Event
Log Service|General, set the "Startup Type:" to "Disabled" restart the pc,
then delete (or move) the corrupt *.evt file(s) from
%systemroot%\system32\config then set the Event Log Service "Startup Type:"
back to "Automatic", restart for effect.


--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect
 
M

Mayur

Hello Mayur,

Please describe in detail what settings you have enabled in the GPO, where
you have linked the policy to and where the server is located in the OU structure.
Click to expand...

When i click on Group policy tab in domain controller properties below
error occurs -
The domain controller for Group Policy operations is not available.
You may cancel this operation for this session or retry using one of
the following domain controller choices:
The one with the Operations Master token for the PDC emulator
The one used by the Active Directory Snap-ins
Use any available domain controller

Here i select 3rd option (Use any available domain controller) and it
allows me to edit the group policy from other DC. Policy settings are
as below -
Under computer Configuration | Windows Settings | Security Settings |
Local Policies | Audit Policy |
1) Audit Account Logon Events - Success, Failure
2) Audit Account Management - Success, Failure
3) Audit Directory Access Service - Success, Failure
4) Audit Logon Events- Success, Failure
5) Audit Object Access - Success, Failure
6) Audit Policy Change - Success, Failure
7) Audit Privillage Use - Success, Failure
8) Audit Process Tracking - Success, Failure
9) Audit System Events - Success, Failure

And under Under computer Configuration | Windows Settings | Security
Settings | Event Log | Settings for Event Log | -
1) Retaintion method for Security Logs - As Needed
2) Retaintion method for System Logs - As Needed


This is default domain policy and this server is located in Domain
Controllers OU.
 
M

Mayur

The file may be corrupt. Control Panel|Administrative Tools|Services|Event
Log Service|General, set the "Startup Type:" to "Disabled" restart the pc,
then delete (or move) the corrupt *.evt file(s) from
%systemroot%\system32\config then set the Event Log Service "Startup Type:"
back to "Automatic", restart for effect.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]http://www.microsoft.com/protect



Mayur said:
Hi,
Click to expand...
This is windows 2000 server. I cant see any security logs getting
generted in event viewer. security logs snap-in is completely empty,
howerver other events (application logs etc) are generting properly,
Unable to find solution for this weird problem. can anyone help? You
may directly write me at (e-mail address removed)
Click to expand...
Regards,
Mayuresh- Hide quoted text -
Click to expand...

- Show quoted text -
Click to expand...

Thanks Dave. I tried this but lo luck :-(
 
M

Mayur

Hi,

Group policy porblem is resolved. Problem was RPC service was not
getting started as some depandancies were not started. after started
all these services group policy issue is resolved.

But security logs issue is still there... still security logs are not
gettimg generated. One thing i noticed - If i go to properties of
domain group policy i dont see any domain there. Even no domain is
found if i click "Find Now".

Please help
 
M

Mayur

No errors in systems log... please please some help on urgent basis..
i m ready to give remote of my server using webex
 
M

Meinolf Weber [MVP-DS]

Hello Mayur,

I saw that your problem is solved with opening the GPO's. Please post the
configuration of your GPO linked to the server.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
 
M

Mayur

The problem is i cant see the domain name in GPO link tab. Its not
coming even by doing "Find Now"
 
M

Mayur

Hey Dave.. I applied that hotfix but still no luck... along with the
other hotfix which cam along with that 2 files got extracted. 1 is
eventlog.dbg file and other is eventlog.pdg file. what am i supposed
to do with these?
 
D

Dave Patrick

What other one? Do you have an article ID? If you just applied the rollup
then the EVT file may still be corrupt so follow the same steps to delete
it.



--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect
 
M

Meinolf Weber [MVP-DS]

Hello Mayur,

Seems for me that something is really strange with your system. What SP are
you using on it? Is it full patched from MS? If i seee your other posting
about SP5, did you check your system for malware, virus etc.?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
 
M

Mayur

CHello Meinolf... Currently SP4 is installed. I have already done
complete antivirus/malware scan of this server for more than 5
times... but no virus detected... have no clue on further steps.
 
M

Meinolf Weber [MVP-DS]

Hello Mayur,

First update the computer with all available patches. Then try again. There
is a lot after SP4.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Security logs not getting generated 1
Event Logs 1
Event logs empty 1
windows security log doesn't have any entry 2
Access is Denied to Event Viewer logs 6
Access is Denied to Event Viewer logs 3
No entries in the event log on node in W2k Cluster 1
Cannot view event logs 2

Top