•  
  • Compliance
  • Troubleshooting Tips
icon-pdfDownload PDF lhs-panel
lhs-panel Click here to expand

Troubleshooting Tips

Rule Status and its definitions

Low/No Risk

Low/No Risk

This status informs that the selected source's configurations have met the recommended/user set compliance value as per their norms.

High Risk

high-risk

This status informs that the selected source's configurations have not met the recommended/user set compliance value as per their norms.

Unable to Verify

high-risk

This status informs that the Log360 server was unable to fetch the required data needed for analyzing the specific rule. It can be due to the following reasons.

Troubleshooting steps for 'Unable to Verify' status:

Active Directory

Possible reasons for the status "Unable to verify" are as follows:

  1. Insufficient domain details
  2. Access denied for SYSVOL folder.

1. Insufficient domain details:

This error occurs when the domain details or credentials haven't been synced properly while integrating with the child components.

Troubleshooting steps:

  • Navigate to Admin → Log360 integration.
  • Make sure any one of the child components has been integrated and at least one domain is configured.
  • Click the Sync Now button.
  • Make sure the credentials have been synced correctly by checking in ADSCredentials table. (To view the table data, you can go to http(s)://<hostname>:<log360 port number>/runQuery.do page and execute the below query.)

    • select * from ADSCredentials;

  • If there is no credentials data in the table, trigger Sync Now button once again.
  • Now, go to the specified compliance/risk posture.
  • Click the Run Now button.

2. Access denied for SYSVOL folder:

This error occurs when a Log360 installed machine was unable to access the SYSVOL folder of the domain controllers of the selected domain. This restriction was made by Microsoft after 2015.

  • Make sure the SYSVOL folder (C:\Windows\SYSVOL\sysvol) of the domain controllers has been shared to the user with which the domain is configured.

Troubleshooting steps:

Using GPO of Log360 installed machine's domain:

  • Go to "Computer Configuration → Administrative Templates → Network → Network Provider " in the Domain Controller.
  • Enable the Hardened UNC Paths.
  • In Options, click the Show button.
  • Add "\\*\SYSVOL" value in "Value Name" Field.
  • Add "RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0" value in the "Value" Field.
  • For immediate results, open Command prompt as administrator and run "gpupdate /force" command in the Log360 installed Machine.
  • Click Ok.

(or)

Using Local Security Policy Editor:

  • Open Local Security Policy Editor with "gpedit.msc" in the Log360 installed Machine.
  • Go to Computer Configuration → Administrative Templates → Network → Network Provider.
  • Enable the Hardened UNC Paths. In Options, click the show button.
  • Add "\\*\SYSVOL" value in "Value Name" Field.
  • Add "RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0" value in "Value" Field.
  • Click Ok.

(or)

Execute the below command in Command Prompt as Administrator in Log360 installed machine :

%COMSPEC% /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths /v "\\*\SYSVOL" /d "RequireMutualAuthentication=0" /t REG_SZ

  • After these troubleshooting steps, go to Compliance → Risk Posture → Active Directory, and click Run Now button.

SQL Server

Possible reasons for the status "Unable to verify" are as follows:

  1. Dependent product down (EventLog Analyzer)
  2. SQL Server down
  3. Insufficient server details/user credentials

Dependent product down:

The analysis requires EventLog Analyzer to be up and running. If the product is down, the analysis cannot be completed. In case of distributed EventLog Analyzer setup, the respective managed server in which the concerned SQL server is configured should also be up and running.

Troubleshooting steps:

  • Make sure EventLog Analyzer is integrated and running smoothly.

SQL server down

The analysis requires SQL Server to be up and running. If the SQL server is down, the analysis cannot be completed.

Troubleshooting steps:

  • Make sure the selected SQL server(s) is up and running.

Insufficient server details/user credentials:

The selected SQL server(s) configuration details and credentials should be up-to-date and valid. Outdated or wrong details will cause analysis to fail. The configured user should have sysadmin role in the selected SQL server for all the rules to succeed.

Troubleshooting steps:

  • Update credentials and server details in EventLog Analyzer → Settings → Log Source Configuration → Database Audit.
  • Refer here for more details.

Possible Reasons for "No SQL Server(s) Configured" in 'Edit Compliance' are as follows:

  1. No SQL server(s) is configured.
  2. Advanced auditing is enabled for the SQL server.

1. No SQL server(s) is configured

To configure MS SQL DB, please refer here.

2. Advanced Auditing not enabled for the SQL server

To enable advanced auditing, please refer here.

On this page

Don't see what you're looking for?

  •  

    Visit our community

    Post your questions in the forum.

     
  •  

    Request additional resources

    Send us your requirements.

     
  •  

    Need implementation assistance?

    Try OnboardPro

     

Copyright © 2025, ZOHO Corp. All Rights Reserved.

Get download link