This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Error in Window integration

AtulChavan
Beginner
Beginner

‎2016-04-28 03:03 AM

Hi Friends,

 

I am trying to integrate window servers with RSA SA. While trying to do so am receiving error like "01/Unauthorized. Please verify the credentials provided".

 

I have checked the winrm setting on server. Need your expert advise on this issue.

Many thanks in advance.

7 REPLIES 7

DeepanshuSood1
Beginner
Beginner

‎2016-04-28 03:14 AM

This is means the user id you are using is having incorrect credentials..

just rest the password of yur user on windows machine and then add the same again at SA end.

0 Likes

AtulChavan
Beginner
Beginner
In response to DeepanshuSood1

‎2016-04-28 03:17 AM

There are n number of servers. Out of these servers only few number of servers giving me this error.

0 Likes

DeepanshuSood1
Beginner
Beginner
In response to AtulChavan

‎2016-04-28 03:26 AM

Just try to change and apply the new password, and before that check the port connectivity.

0 Likes

DavidWaugh1
Employee
Employee

‎2016-04-28 03:47 AM

You can get the 401 error for a variety of reasons.

 

Please find attached a zip file.

When you extract this zip file then it will contain three files:

 

- SetupWinrm.bat - batch file to setup WinRM. This calls the two other files

- Useradd.vbs - Adds a user to the required places needed for WinRM

-RSA_enVision_winevent_config.vbs - script to configure http or https for winrm.

 

To use:

-Change the username from winrm@WAUGH.LOCAL to your domain user you are using for winrm collection.

This needs to be done in useradd.vbs and also in the setupwinrm.bat files

- Change the domain in the useradd.vbs script to your domain (Replace WAUGH.LOCAL with the name of your domain)

 

In the useradd.vbs this means modifying these lines:

 

compname = "WAUGH"

Set oUser = GetObject("winmgmts:{impersonationLevel=impersonate}!\\"&compname&"\root\cimv2:Win32_UserAccount.Domain='"&compname&"',Name='winrm'")

 

-Run the batch file setupwinrm.bat and everything should then work!

 

(Note I didnt write the original useradd.vbs or RSA_enVision_winevent_config.vbs so I cant take any credit for them!)

WinRMSetup.zip

DavidWaugh1
Employee
Employee

‎2016-04-28 03:50 AM

Other tips are:

 

-On a logcollector you can only collect form one domain. For multiple domains then you will need multiple log collectors

- Make sure that you have defined the windows event sources by the FQDN not by their IP address

- Make sure that you can resolve the FQDN of the event sources on the logcollector.

 

From 10.4.0 onwards we introduced a test connection feature too. Check that this succeeds or paste the output on this thread if after following all my suggestions it does not work.

AtulChavan
Beginner
Beginner
In response to DavidWaugh1

‎2016-04-28 05:25 AM

Hi David,

Thanks for the info. I have done the configuration on both end. And we have only one domain in our environment.

There are around 200 servers and only 3 to 4 servers are giving this error.

 

Is there any other possibility?

0 Likes

pranavsankar1
Beginner
Beginner
In response to AtulChavan

‎2016-04-28 10:56 AM

Try with credentials change for those servers which are not get to integrate.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.