I have read all the permissions needed to create the default profile for IT Monitoring Console. The application is installed however, the default profile isn't showing. I am curious to know if I am missing some permissions somewhere as when I try to actually create a profile I receive a COM+ application error and states I cannot create the profile, access denied. If someone would be so gracious to help me out on what I am potentially missing as far as permissions go, that would be awesome.
Any feedback would be great!
Hi Nicole, Can you share the exact "access denied" error? There are a few different ones so important we know which one you see there just in case. Most common issue is with UAC. Please try the following: 1. Right-click Internet Explorer and select "Run as Administrator" 2. Enter the path of the Monitoring Console: http://<intrust_server>/ITMonitoring/Administration/ 3. Create the Alert Profile Regards, Chris
In reply to Chris.Hood:
Good Morning! Attached is the error that I am receiving when trying to create a profile. There should also be a default profile as there are alerts already set up that you can view in the Repo Viewer. That default profile was not automatically created as I don't know what permissions could be missing or if UAC could of cause that issue. I did run IE as administrator and still received the same error. Please advise.
In reply to nicole.h.dodd.ctr:
Were you able to create the profile?
Please review this SysReq section about the rights needed to create the profile:
In reply to Igor.Ilyin:
I was not able to create the profile. Please see comments on the following:
1. Administrator role for COM+ System Application: The account that I am using is the account that was created for all Intrust installation. It has admin rights for anything related to Intrust. It is a part of the security group that has been added to the COM+ application roles as well as adding it directly.
2. Membership in the "InTrust Alerting Admins" local group: The user account has been added to this group directly.
3. If you are trying to create a profile locally on the computer where Mon Console is installed, and User Account Control is turned on, to open the Monitoring Console Administration page, Internet Explorer must be started using the Run as administrator command (from the Windows main menu, right-click and "run as administrator"): Our environment is locked down and I am not allowed to use IE on the server itself. I was trying to create a profile from my workstation and received the error. SIDE NOTE: During the installation of the monitoring console there should be a default profile created. That profile is NOT being created as well as not being able to create one after the fact. Is there something that I am missing during the installation of the monitoring console that is NOT allowing the default profile to be created?
Please see attached screen shots of the account and groups.
Attached is the screen shot of the COM+ Applications node. As for the COM+ Application service, it was restarted and the same users are in the administrator role for System Application. Please advise.
Thank you Nicole,
The authentication required by Mon Console is Windows Authentication.
Some additional questions.
1. I see the Dell Alerting Profile there. When it was created and did you use it successfully before? If yes, what happened in between? Did you upgrade? The default profile was there before and working as normal. I upgraded from 11.0 to 11.1 to 11.3.
2. Is Mon Console installed together with InTrust Server or on separate machine? Mon console is installed on the same server as Intrust Man, however I do have Intrust Man installed on more than 1 of the Intrust servers (if that even matters)
3. Is this USAR_InTrustAgent account a member of local Administrators group? Domain Admins Group? USAR_IntrustAgent is a member of the local admin group and is an enterprise admin. It is not a domain admin.
4. Is this USAR_InTrustAgent account also used as InTrust Server services account? USAR_IntrustAgent is used for the service account as well as everything else for Intrust.
5. What is your policy with MS updates and in particular do you have installed updates mentioned here: Our policy is based on Critical monthly patches. We have an organization that determines what patches are to be applied to our systems. KB4056898 (Windows Server 2012 R2) was installed on 2/23/2018. We were experiencing this issue before that patch was installed.
Please advise. I greatly appreciate all feedback thus far.
I will see what I am allowed to do for KB4057401. I was able to get my servers in logging mode and IE is no longer blocking. I tried to create a profile on the server using IE under the USAR_IntrustAgent account and received access denied. This was right clicking and running as different user and putting in the USAR_Intrustagent account information. I was able to create an empty application. Please see attached.
The latest roll up that we currently have installed on our machines is KB4074594 which is the February roll up.
When I created the test app, I just ran the MMC and created it with the USAR_Intrustagent. It created successfully. I didn't run anything as different user.
I ran IE as different user on the server as run as admin wasn't available to try to create a profile and the error that I sent was what I got. (access denied)
Yes, Intrust Man is on the same machine as the monitoring console. Please see attached versions as well as the folders under C:\Program Files(x86)
Please let me know if you have any questions.