Highlighted
Aswinkumar
1 Nickel

The Windows event log Security of the vdm vdm0 is full.

Jump to solution

Ho  to resolv bellow error

Severity: Warning Warning
Brief Description: Slot 2: The Windows event log Security of the vdm vdm0 is full.
Full Description: The Windows event log is full. No futher events can be stored and they will be lost.
Recommended Action: Usually this is because the rentention time of the event log is too high, so the first option is to lower it. An alternative is to enable Windows event log archive, so the active event log file will be automatically archived and a brand new empty one will be created to log further events. Another possible reason is because the file system, where the Windows event log file is stored, is full itself. In that case some cleanup must be done or the file system must be extended or the size of the Windows event log must be reduced.
Message ID: 86169550858

How to to enable Windows event log archive?

Celerra:NS-120/480

Nascode :6.x

0 Kudos
1 Solution

Accepted Solutions
christopher_ime
4 Beryllium

Re: Re: The Windows event log Security of the vdm vdm0 is full.

Jump to solution

Aswinkumar,

More often than not, this is an issue when the user trying to connect in the manner you are attempting to is not a Domain Administrator.  By default, they are the only group when the CIFS server is joined to the domain that is added to the local/BuiltIn Administrators group.

When you followed the steps in the KB article, specifically the modifying the option:

server_param server_x -f cifs -modify djAddAdminToLg -value 1

this is a way to auto-assign more than just the Domain Administrators to the local Administrators group.  For instance, sometimes the user have been granted the permissions to add objects to AD; however, they aren't Domain Administrators.  *Upon join*, the account used to join the CIFS server to the domain will also be added. This then lets you manage via the MMC plugins.

So just to be clear, and I will agree that the KB article doesn't necessarily clearly state this for an existing environment, the parameter djAddAdminToLg only applies to future joins.  So for an existing CIFS server this would mean unjoining and rejoining the CIFS server which of course means downtime.  Simply enabling the option won't do resolve it.

Therefore, if your account isn't a Domain Administrator, then you have the following options:

1) With the parameter enabled on the data mover, unjoin and rejoin the CIFS server to the domain; of course this means downtime

or...

2) Have a Domain Administrator connect to the CIFS server via compmgmt.msc

a) Right-click on "Computer Management (Local)" and select: "Connect to another computer..."

b) System Tools > Local Users and Groups > Groups

c) Open up Administrators, then add your domain account

Then you will be able to do the same from that point on.  Does this account for it?

0 Kudos
3 Replies
christopher_ime
4 Beryllium

Re: The Windows event log Security of the vdm vdm0 is full.

Jump to solution

Aswinkumar wrote:

How to to enable Windows event log archive?

Keep in mind that it *is* enabled, but for reference one resource on how to enable it is the following KB article:

emc69251: "Enabling Security Auditing [Event Viewer] on the Celerra CIFS server"

Not provided in the KB article, the "EMC Celerra Management" tool mentioned in the article is available from support.emc.com:

https://support.emc.com/search/?resource=ST&AlloftheseWrds=celerracifsmgmt.zip&SearchWithin=true&adv...

As noted in the Recommended Action of the error message you pasted: "Usually this is because the retention time of the event log is too high, so the first option is to lower it. An alternative is to enable Windows event log archive, so the active event log file will be automatically archived and a brand new empty one will be created to log further".  With auditing enabled you will want to review the retention options just as you would a standard Windows Server.  The KB article above walks you through that (eventvwr > "Connect to another computer")

So while you will still want to review the retention options, you will probably want to increase the size of the security log itself (by default only 512KB).  To do so you can follow the steps in this KB article:

emc69252: "Changing the location of the Celerra Security Log and increasing the log size"

NOTE: This is also mentioned in the "Configuring and Managing CIFS on Celerra" (or VNX) document available on support.emc.com

While unlikely, but possible, also maybe it was extended already, but you ran out of space on the file system the log file resides on.  Something else to keep in mind.

Aswinkumar
1 Nickel

Re: The Windows event log Security of the vdm vdm0 is full.

Jump to solution

Thank you Christopher .

The following error is given whenI try to connect for eventvwr..

"Unable to access the computer <computer name>. The error was: The RPC server is unavailable."

I've reviewed Primus case emc173837 which is exactly what my problem is, but the fix does not solve the problem. Has anyone else run across this problem?

0 Kudos
christopher_ime
4 Beryllium

Re: Re: The Windows event log Security of the vdm vdm0 is full.

Jump to solution

Aswinkumar,

More often than not, this is an issue when the user trying to connect in the manner you are attempting to is not a Domain Administrator.  By default, they are the only group when the CIFS server is joined to the domain that is added to the local/BuiltIn Administrators group.

When you followed the steps in the KB article, specifically the modifying the option:

server_param server_x -f cifs -modify djAddAdminToLg -value 1

this is a way to auto-assign more than just the Domain Administrators to the local Administrators group.  For instance, sometimes the user have been granted the permissions to add objects to AD; however, they aren't Domain Administrators.  *Upon join*, the account used to join the CIFS server to the domain will also be added. This then lets you manage via the MMC plugins.

So just to be clear, and I will agree that the KB article doesn't necessarily clearly state this for an existing environment, the parameter djAddAdminToLg only applies to future joins.  So for an existing CIFS server this would mean unjoining and rejoining the CIFS server which of course means downtime.  Simply enabling the option won't do resolve it.

Therefore, if your account isn't a Domain Administrator, then you have the following options:

1) With the parameter enabled on the data mover, unjoin and rejoin the CIFS server to the domain; of course this means downtime

or...

2) Have a Domain Administrator connect to the CIFS server via compmgmt.msc

a) Right-click on "Computer Management (Local)" and select: "Connect to another computer..."

b) System Tools > Local Users and Groups > Groups

c) Open up Administrators, then add your domain account

Then you will be able to do the same from that point on.  Does this account for it?

0 Kudos