IBM Security QRadar

Expand all | Collapse all

Wincollect | Error code 5: Access is denied.

  • 1.  Wincollect | Error code 5: Access is denied.

    Posted 2 days ago
    Hi 
    i am receiving '' Error code 5: Access is denied.'' on my wincollect agents which are polling remote windows servers. When logged into a wincollect agent and connected to remote computer (having issue) with user account & it opens up logs of the remote device.
    Additionally,  followed below IBM article but no luck. Wincollect agent throws error that access denied. 

    i am not sure why it was happening since i was able to remotely connect & view logs from the wincollect agent. 

    WinCollect error code: 0x0005 Access denied
    Ibm remove preview
    WinCollect error code: 0x0005 Access denied
    My WinCollect agents are generating error codes for 0x0005 access denied. Why am I seeing error code 0x0005 from my WinCollect agents?
    View this on Ibm >
    .

    i see below error on my windows 2019 server 

    Failure Information:
    Failure Reason: Unknown user name or bad password.
    Status: 0xC000006D
    Sub Status: 0xC0000064

    However i use the same credentials for all working servers in my environment. There are few servers which throw this error & on QRADAR i see error 5 access denied. 

    My windows servers have proper permissions for qradar account to login. i ran out of options with this issue 

    Can anyone throw light on this type of issue ? 


    ------------------------------
    Vijay Reddy
    ------------------------------


  • 2.  RE: Wincollect | Error code 5: Access is denied.

    Posted 2 days ago
    Hi Vijay,

    did you check the user for your logsource is listed in the "windows eventlog reader group" in group or local policy?

    Regards,
    Ralph

    ------------------------------
    Ralph Belfiore
    IT Security Senior Consulting
    pro4bizz GmbH
    Karlsruhe
    +49 721 90981720
    ------------------------------