4 Replies Latest reply: Aug 27, 2014 11:34 AM by ibra0078 RSS

    Mcafee Logon Collector Error 0x80041003


      I have successfully setup the Mcafee Logon Collector and Mcafee Logon Monitor in our environment.  I have added 9 domains but 2 of the DC's are giving me an error in the Status page of the MLC.  Error is IWbemServices::ExecNotificationQuery  - 0x80041003.  Other 2 DC's are giving me error 0x900706BA - The RPC server is unavailable.  The other 5 is collecting the logs just fine and I know the permissions to view them is setup correctly.  Any help will be much appreciated.  Thanks Peter

        • 1. Re: Mcafee Logon Collector Error 0x80041003

          I believe this is for Firewall Enterprise (Sidewinder) so have moved it there.



          Volunteer Moderator

          • 2. Re: Mcafee Logon Collector Error 0x80041003

            Please call into Support to open a ticket and we can do a remote session and collect logs from the MLC.

            • 3. Re: Mcafee Logon Collector Error 0x80041003

              The 0x80041003 error is a WMI permission error trying to read the security event logs.  This will prevent anything else from working.  Does the account being used for the Logon Monitor have administrator privileges for the domain?  There are instructions in the MLC product guide for testing with wbemtest,exe, which uses the same WMI interface.  If you perform those tests, do they work or give errors?  If you get errors, what happens if you try using another account?


              The 0x900706BA error is a generic Microsoft error saying something is not reachable.  Is there a firewall on this server?  Does DNS work correctly?  This is not an error with MLC it's an error about your environment and standard network troubleshooting needs to be done.

              • 4. Re: Mcafee Logon Collector Error 0x80041003

                I know the service account that I use has access to the WMI and to DCOM to those two DC's, the other DC's are configured the same way it works fine. If your asking if I made that service account a member of Domain Admin the answer is no and that is why I followed the steps and granted the service account DCOM access and WMI Access to each DC.  The other error seems weird to me because there is no firewall on the server and DNS is fine.  Will check again to see if I can find anything.