browse
Overview
I know what you're thinking... Why would I need to view WMI or DCOM logs?
The Umbrella connector service connects to Active Directory utilizing WMI and DCOM. If this process fails then typically it's caused by the OpenDNS_Connector user not having correct permissions for DCOM or the WMI namespace. You may receive the following error in the OpenDNS Connector logging:
EventMonitor Attach error: [AccessDenied] Access denied
To fix the above issue, all you really need to do is follow the pre-requisites exactly: https://support.umbrella.com/hc/en-us/articles/230672147-Active-Directory-Integration-Setup-Guide
The above article should fix the problem. But if you need to debug the problem further, or if you want to be sure it is *actually* a permissions problem, then it could be useful to look at logs on the Windows Domain Controller itself. Hopefully this will give you a bit more info than "Access Denied". Read on...
WMI and DCOM event logs
You should get the event logs from the DC you are connecting to (Not necessarily the same as where the connector is installed).
DCOM Logs
Before viewing DCOM logging additional debugging must be enabled on the domain controller:
- Open the Windows Registry (regedit.exe)
- Browse to this registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
- Create a new DWORD called ActivationFailureLoggingLevel with a value of '1'
- Create a new DWORD called CallFailureLoggingLevel with a value of '1'
Next, wait for the 'Access Denied' issue to re-occur. You can force this by restarting the connector.
- Open the Windows Event Viewer (eventvwr.msc)
- Go to 'Windows Logs | System'
- Look for (or filter) events with a source of 'DistributedCOM'
Here is an example of a DCOM permissions issue for OpenDNS_Connector
WMI Logs
- Open the Windows Event Viewer (eventvwr.msc)
- On the View menu, click 'Show Analytic and Debug Logs'.
- Locate the WMI logs within 'Applications and Service Logs | Microsoft | Windows | WMI Activity'
- Three types of log files are available: Debug, Operational and Trace. Permissions problems are usually in the 'Operational' log.
Here is an example of a WMI permissions issue for OpenDNS_Connector
WMI Trace Logs
Trace Logging isn't turned on by default, but can help log the actual WMI queries being received. This includes successful queries as well as errors.
- Open the Windows Event Viewer (eventvwr.msc)
- On the View menu, click 'Show Analytic and Debug Logs'.
- Locate the WMI logs within 'Applications and Service Logs | Microsoft | Windows | WMI Activity'
- Right-Click on the 'Trace' log and select 'Properties'
- Select 'Enable Logging' then click 'OK'
At this point informational events will appear whenever a WMI query is received. Simply restart the OpenDNS_Connector service to attempt to re-attach to the Event Viewer. The Trace log will confirm if this query is received (example below).