Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

LMS 3.1 Windows security event 560 cwuser and SC_Manager Object

Hi,

I just upgraded an LMS 3.1 server, but the new server has tighter security settings. So far, I have not noticed any problems with the use of CiscoWorks, but the Windows security event log shows a lot of Audit Failures for event 560.

The causers group has "log on as a batch job" as required, and the service daemon manager and all other services start up with no problem.

I was wondering if anyone else has seen these event logs, and if you have noticed any problems due to these.

Thanks!

--Max

___________________________________

Source: Security

Category: Object Access

Type: Failure Aud Event ID: 560

User: CWserver\causer

Computer: CWserver

Object Open:

Object Server: SC Manager

Object Type: SC_MANAGER OBJECT

Object Name: ServicesActive

Handle ID: -

Operation ID: {0,123157396}

Process ID: 584

Image File Name: C:\WINDOWS\system32\services.exe

Primary User Name: CWserver$

Primary Domain: WindowsDomain

Primary Logon ID: (0x0,0xXXX)

Client User Name: casuser

Client Domain: CWserver

Client Logon ID: (0x0,0xXXXXXXX)

Accesses: READ_CONTROL

Connect to service controller

Enumerate services

Query service database lock state

  • Network Management
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: LMS 3.1 Windows security event 560 cwuser and SC_Manager Obj

We never tested LMS with Windows auditing enabled. In fact, certain security restrictions are known to break LMS (i.e. disabling cookies for all using MMC or IEAK users can cause Apache to fail).

However, something which may quell these messages is to add casuser to the Distributed DCOM group on the server.

2 REPLIES
Cisco Employee

Re: LMS 3.1 Windows security event 560 cwuser and SC_Manager Obj

We never tested LMS with Windows auditing enabled. In fact, certain security restrictions are known to break LMS (i.e. disabling cookies for all using MMC or IEAK users can cause Apache to fail).

However, something which may quell these messages is to add casuser to the Distributed DCOM group on the server.

New Member

Re: LMS 3.1 Windows security event 560 cwuser and SC_Manager Obj

Thanks jclarke!

448
Views
0
Helpful
2
Replies
This widget could not be displayed.