The probable reason and the remedial action is:
Probable cause: The device machine RPC (Remote Procedure Call) port is blocked by any other Firewall.
Solution: Unblock the RPC ports in the Firewall.
The probable reasons and the remedial actions are:
Probable cause: The device machine is not reachable from Log360 Cloud Agent machine.
Solution: Check the network connectivity between device machine and Log360 Cloud Agent machine, by using PING command.
Probable cause: The device machine running a System Firewall and REMOTEADMIN service is disabled.
Solution: Check whether System Firewall is running in the device. If System Firewall is running, execute the following command in the command prompt window of the device machine:
netsh firewall set service type=REMOTEADMIN mode=ENABLE profile=all
The probable reasons and the remedial actions are:
Probable cause: By default, WMI component is not installed in Windows 2003 Server
Solution: Win32_Product class is not installed by default on Windows Server 2003. To add the class, follow the procedure given below:
The following are some of the common errors, its causes, and the possible solution to resolve the condition. Feel free to contact our support team for any information.
Port already used by some other application
Cause: Cannot use the specified port because it is already used by some other application.
Solution: This can be solved either by changing the port in the specified application or by using a new port.
If you use a new port, make sure to change the ports in the forwarding device either manually or using auto log forwarding configuration.
Possible remedial actions include:
To turn on Audit Logging, follow either of these two steps.
Cause: This error message is shown if the application password entered has been deleted or expired.
Solution: Create a new application password and update the same in the product's tenant settings.
Cause: This error message is shown if the Azure AD application is deleted.
Solution: Configure a new application in the Azure portal. Follow the steps listed here to configure your application, manually.
Probable cause: The client machine is not reachable from the agent.
Solution: Check if the device machine responds to a ping command. If it does not, then the machine is not reachable. The device machine has to be reachable from the Log360 Cloud Agent in order to collect event logs.
Probable cause: You do not have administrative rights on the device machine
Solution: Edit the device's details, and enter the Administrator login credentials of the device machine. Click Verify Login to see if the login was successful.
Error Code 0x251C
Probable cause: The device was added when importing application logs associated with it. In this case, only the specified application logs are collected from the device, and the device type is listed as unknown.
Solution:
Probable cause: There may be other reasons for the Access Denied error.
Solution: Refer the Cause and Solution for the Error Code you got during Verify login.
Error Code 00x80070005
Scanning of the Windows workstation failed due to one of the following reasons:
Solution: Check if the login name and password are entered correctly.
Solution: Check if Remote DCOM is enabled in the remote workstation. If not enabled, then enable the same in the following way:
To enable DCOM on Windows XP devices:
Solution: Check if the user account is valid in the target machine by opening a command prompt and executing the following commands:
net use \<RemoteComputerName>C$ /u:<DomainNameUserName> "<password>"
net use \<RemoteComputerName>ADMIN$ /u:<DomainNameUserName> "<password>"
If these commands show any errors, the provided user account is not valid on the target machine.
Error Code 0x80041003
The user name provided for scanning does not have sufficient access privileges to perform the scanning operation. This user may not belong to the Administrator group for this device machine.
Solution: Move the user to the Administrator Group of the workstation or scan the machine using an administrator (preferably a Domain Administrator) account.
Error Code 0x800706ba
A firewall is configured on the remote computer. Such exceptions mostly occur in Windows XP (SP 2), when the default Windows firewall is enabled.
Solution:
netsh firewall set service RemoteAdmin
After scanning, you can disable Remote Administration using the following command:
netsh firewall set service RemoteAdmin disable
Error Code 0x80040154
Solution: Install WMI core in the remote workstation.
winmgmt /RegServer.
Error Code 0x80080005
There is some internal execution failure in the WMI service (winmgmt.exe) running in the device machine. The last update of the WMI Repository in that workstation could have failed.
Solution: Restart the WMI Service in the remote workstation:
For any other error codes, refer the MSDN knowledge base.
Error Code 1722, 1726, 1753, 1825
Probable cause: The device machine RPC (Remote Procedure Call) port is blocked by any other Firewall.
Solution: Unblock the RPC ports in the Firewall.
If you are able to view the logs, it means that the packets are reaching the machine, but not to Log360 Cloud Agent. You need to check your Windows firewall or Linux IP tables.
To check if the Log360 Cloud Agent server is reachable, follow the steps given below.
tcpdump -n dst <Log360 Cloud Agent_server_name> and dst port <port_no>
If reachable, it means there was some issue with the configuration. If not reachable, then you are facing a network issue.
Causes
Solutions
Manually install the agent by navigating to the Manage Agent page.
To install agent:
Windows device: Run the Log360CloudAgent.msi. For detailed steps on how to installed an agent, please click here.
Auto log forwarding may fail due to any of the three reasons below.
In the latest Log360 Cloud release, we have enhanced security of our agent to server communication. To confirm the authentication between the agent and Log360 Cloud server, follow the steps below:
Step1 - In the machine where the agent is facing this issue, launch Run, type certlm.msc and hit Enter.
Step2 - Find Trusted Root Certification Authorities in the window that appears.
Step3 - Search for USERTrust RSA Certification Authority. In case the certification is present, the cause for failed authentication could be due to a different reason. Kindly contact our support team to resolve it.
Step4 - If the USERTrust RSA Certification Authority certificate is not found then download this certificate & import it into Trusted Root Certification Authorities store.
Step5 - Restart the agent to check if the connectivity issue is resolved. If not, kindly contact our support team to resolve it.