Event viewer security log not updating
shows that the settings are all set to No Auditing. repadmin /replsum repadmin /showrepl repadmin /bridgeheads Also has this DC been rebooted? The security of this directory server can be significantly enhanced by configuring the server to reject such binds.Doing a GPUpdate /force creates the events in the attached file. when you run on the DC (not generating security events) do you see the default domain controller policy? So you see any event errors or warnings in the Direcotry Service Event Logs? Hello For the RSOP issue see this https://technet.microsoft.com/en-us/library/cc775785(v=ws.10)The event Error 1053 see this https://technet.microsoft.com/en-us/library/cc727337(v=ws.10)Also check DNS on this server GPO requires DNS working correctly Run these commands post results dcdiag Will, All of those commands returned successful results. For more details and information on how to make this configuration change to the server, please see Summary information on the number of these binds received within the past 24 hours is below.Visit Stack Exchange Last week our Application Log appeared to be corrupt. Edit: Problem appears not to be an isolated incident. Event Viewer said the log was 20MB, and had 18,446,744,073,709,550,735 (0.000000000008674 bits each) records (which can not possibly be true), and , it says the Application Log has 1,985 events (in 3MB), but when we actually click on the log to open it, it says there are zero events. The DNS configuration is sufficient to allow this computer to dynamically register the A record corresponding to its DNS name. MPWADCP2 passed test Register In DNS -------------------------- Thank you.Please clarify: Are you saying that the issue we're experiencing is because of DNS and therefore I should post another question?The other 6 DC's are logging security events without issue.Here are the audit settings: Audit account logon events Success, Failure Audit account management Success, Failure Audit directory service access Success, Failure Audit logon events Success, Failure Audit object access Success, Failure Audit policy change Success, Failure Audit privilege use Success, Failure Audit process tracking Success Audit system events Success, Failure Please advise on possible actions to take or what to look for. Affected DC: Account Management Computer Account Management No Auditing Security Group Management No Auditing Distribution Group Management No Auditing Application Group Management No Auditing Other Account Management Events No Auditing User Account Management No Auditing All other DC's: Account Management Computer Account Management Success and Failure Security Group Management Success and Failure Distribution Group Management Success and Failure Application Group Management Success and Failure Other Account Management Events Success and Failure User Account Management Success and Failure Out of the 7 DC's, 2 have the Custom SD set and they and the others without this set are logging fine. Sounding like your GPO is not applying the settings.
You have many DNS errors in the DCDIAG report This is pointing to a DNS problem, and is beyond the scope of the original question You should open a new question I've run the command: Starting test: Register In DNS DNS configuration is sufficient to allow this domain controller to dynamically register the domain controller Locator records in DNS.I do not want to debug the service since it is a painful process. The messages need to be read by the service and written to a database.This certainly sounds as if the account that your windows service is running under doesn't have enough rights to write to the event log in question.I have a windows service listening to messages from a queue but the messages are not read from the queue.
I created an event log to check for logs during service startup and shutdown but the logs are not written.
:-) So I found the below explicitly stated in addition to the info provided earlier - 'as soon as you start applying Advanced Audit Configuration Policy, legacy policies will be completely ignored.' From: https://blogs.technet.microsoft.com/askds/2011/03/11/getting-the-effective-audit-policy-in-windows-7-and-2008-r2/ If you use advanced audit, don't bother configuring the local policy\audit policy setting as it will be ignored once you set the policy for enabling advanced audit which is: “Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings” Thanks for setting me in the right direction.