ZenOss 4.2.3 running on RHEL5.
We have a 2-server Exchange 2007 environment. Setting the CAS/Hub server up with WMI monitoring was a snap, and the better event logging is keeping us busy but in a good way. Not so much with the mailbox server. No matter what server class we set it up with, even just /Server/Windows, still it's logging constantly like this:
Could not read the Windows event log (ExecNotificationQuery on HOSTNAME.domainname.example (WBEM_E_ACCESS_DENIED)). Check your username/password settings and verify network connectivity.
As mentioned earlier, we've tried using all the different classes within the /Server/Windows tree and all result the same. Further, I've verified that the domain account we use for WMI query activity is a local admin on the Mailbox server.
Here are the steps I performed using wbemtest:
- Logged in to the mailbox server using the WMI query domain account from a remote machine.
- Issued the following query to enumerate all the event logs:
- Select * from Win32_NTEventLogFile
- Select * from Win32_NTEventLogFile
- For each event log returned from the above query, I issued a test query to get any events as follows:
- Select * from Win32_NTLogEvent Where Logfile = 'Filename'
- eg Select * from Win32_NTLogEvent Where Logfile = 'Security'
- eg Select * from Win32_NTLogEvent Where Logfile = 'Security'
- Select * from Win32_NTLogEvent Where Logfile = 'Filename'
It's worth noting that I did not get WBEM_E_ACCESS_DENIED from any of the above queries. Since the mailbox server is configured to all intents and purposes the same way as the CAS/Hub box I'm at a loss to explain what's failing or why.
Is there any way to test the actual query Zenoss is running to find out why it's failing?