1 Rookie
•
24 Posts
0
1036
VNX: Event Viewer connect to another computer (NAS server) -> Access denied
I am tried to open eventviewer -> connect to another computer and enter ip of the nas server to view audit events but I get access denied from a computer that is not logged in domain, if i do the same from a machine in domain it works.
1. How can i authenticated to view audit logs in event viewer remotely?
2. What users/permissions can view remote audit logs opening remote event viewer Security tab? How are this permissions configured? because looks like anyone in the domain can open them and the remote registry to NAS server
3. How to autenticate remotely? net use \\ip\\ipc$ or any othe mechanism?
4. I need to query events from system user/task how to authenticate to be able to connect remotely and list events?
DELL-Josh Cr
Moderator
Moderator
•
8.5K Posts
0
November 22nd, 2022 08:00
At this point the best option is to call phone support.
DELL-Josh Cr
Moderator
Moderator
•
8.5K Posts
0
November 22nd, 2022 06:00
Hi,
Thanks for your question. It should block access from non trusted domains. https://dell.to/3i4SHsH
Let us know if there is anything else we can help you with.
alx123
1 Rookie
1 Rookie
•
24 Posts
0
November 22nd, 2022 06:00
1. I can auth and access cifs folder from a machine that is not in domain or trusted domain but i cant read remote logs from event viewer.
2. What is the hidden parameter change needed for this mentioned in the article?
what is the hidden
alx123
1 Rookie
1 Rookie
•
24 Posts
0
November 22nd, 2022 07:00
Per example this command to get remote logs from NAS is working in any computer that is joined domain and has authenticated nas server using net use, but if i run from a machine that is not in domain is not working and gives this error. Any solution for this?
PS > Get-EventLog -ComputerName 10.58.20.66 -LogName Security
Get-EventLog : Cannot open log Security on machine 10.58.20.66. Windows has not provided an error code.
At line:1 char:1
+ Get-EventLog -ComputerName 10.58.20.66 -LogName Security
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-EventLog], InvalidOperationException
+ FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.GetEventLogCommand
PS> net use
New connections will be remembered.
Status Local Remote Network
-------------------------------------------------------------------------------
OK \\10.58.20.66\ipc$ Microsoft Windows Network
The command completed successfully.
DELL-Josh Cr
Moderator
Moderator
•
8.5K Posts
0
November 22nd, 2022 07:00
VNX/VNX2:
First set the parameter with .server_config:
.server_config server_2 -v "param NTsec logonOptions=0x2d"
Then update the param files for all of the active datamovers(Standby datamovers do not need to be set):
vi /nas/server/slot_2/param
Then add the following line to the param file:
param NTsec logonOptions=0x2d
Run build config to ensure the changes persist upon reboot:
/nas/sbin/build_config /nas/server/slot_2 /nas/dos/slot_2
VNXe/Unity:
Get root shell first, then run the .server_config command to change the parameter on the fiy:
/nas/bin/.server_config ALL -v "param NTsec logonOptions=0x2d"
Update the param files for SVDM_A and SVDM_B:
vi /nas/server/slot_2/param
vi /nas/server/slot_3/param
add the following line:
param NTsec logonOptions=0x2d
Run build config to ensure the changes persist upon reboot:
/nas/sbin/build_config /nas/server/slot_2 /nas/dos/slot_2
/nas/sbin/build_config /nas/server/slot_3 /nas/dos/slot_3
alx123
1 Rookie
1 Rookie
•
24 Posts
0
November 22nd, 2022 07:00
I enabled ssh and ssh into the storage but cant run the commands your posted:
15:11:19 service@VIRT2242XPWCV1 spa:~/user# /nas/bin/.server_config ALL -v "param NTsec logonOptions=0x2d"
-rbash: /nas/bin/.server_config: restricted: cannot specify `/' in command names
15:12:12 service@VIRT2242XPWCV1 spa:~/user# cd /
-rbash: cd: restricted
alx123
1 Rookie
1 Rookie
•
24 Posts
0
November 22nd, 2022 08:00
I am testing this in UnityVSA is there something different there?
DELL-Josh Cr
Moderator
Moderator
•
8.5K Posts
0
November 22nd, 2022 09:00
Possibly, VNX is different enough that fixes for one don't always work on Unity.
alx123
1 Rookie
1 Rookie
•
24 Posts
0
November 24th, 2022 03:00
how can we proceed with this? I guess we cant open support for UnityVSA free/community edition
DELL-Josh Cr
Moderator
Moderator
•
8.5K Posts
0
November 28th, 2022 06:00
Right, needs to be paid version or physical unity/vnx hardware. Maybe there is something in an unrelated article that will help. https://dell.to/3u9Mkah and https://dell.to/3u49gHS
alx123
1 Rookie
1 Rookie
•
24 Posts
0
November 30th, 2022 15:00
I cant access those link, dont have permissions
DELL-Sam L
Moderator
Moderator
•
6.9K Posts
0
December 1st, 2022 01:00
Hello alx123,
The first link is to Dell Unity XT family technical white papers and videos, the second link is to the following:
Unable to increase audit log file in event viewer (User Correctable)
Audience Level: Customer
Article Content
Symptoms
Unable to increase the size of the NAS/SMB Server Security Log file [c:\security.evt] by modifying its location but it keeps reverting back to its original value.
Cause
Resolution
2. Make an immediate GPO update from unity side using the following command:
svc_cifssupport { | ALL} -gpo [-info] [-update]
Additional Information