You are viewing limited content. For full access, please sign in.

Question

Question

No rights to run audit

asked on November 30, 2016

Hello,

I've installed and configure Audit Trail for the first time. During installation I've kept the default settings but now that I'm trying to run an audit I have an error message "You have no rights to run report. User : USER-PC\user" (see attachment).

FYI, the Audit Trail Service is set to connect with local system account, in IIS, AuditTrailAppPool's identity is NetworkService and there is no windows user named "user".

AuditTrail.JPG
AuditTrail.JPG (34.3 KB)
0 0

Answer

SELECTED ANSWER
replied on December 2, 2016

Moana,

Go into the Audit Trail Configuration page and verify that the SQL Server instance you specified in the "Database" tab is correct. Click the "Update" button on that page and if there is an error, it will display a message on the page.

Next, go into the "Date Ranges" tab and verify that you have a date range listed there. Note that for a typical Audit Trail setup, after you specify the SQL Server instance and date range, then that's when the Audit Trail database will actually get created.

So finally, after you've verified the configuration settings and see that a database does exist, then try running an audit report again.

Regards

0 0

Replies

replied on November 30, 2016

Can you confirm that the Windows user in question has been allowed permission to run audit reports for the repository? In the Audit Trail configuration page, click on the "Permissions" tab and make sure the user added there.

0 0
replied on November 30, 2016

Like I said there is no user named "user", the 2 existing users (Admin, Moana) have permissions (see attachment)

AuditTrail_permissions.JPG
0 0
replied on November 30, 2016

So USER-PC\user isn't valid at all? That's not an actual account that you can search for in the Audit Trail permissions tab?

I'm trying to see where it would be pulling that account from since that's who it thinks you're trying to access the Audit Trail reporting page as.

0 0
replied on November 30, 2016

Yes, USER-PC\user isn't valid at all and it can't be searched in the Audit Trail permissions tab.

I'm using the Admin user for Windows authentication.

0 0
replied on November 30, 2016

How are the IIS authentication settings for the AuditTrail web application configured? Make sure that only Windows Authentication is enabled.

Also, can you confirm that you're logged in as the administrator user by running whoami in the command prompt?

0 0
replied on December 1, 2016

How can I make sure that only Windows Authentication is enabled ? I'm looking to the AuditTrailAppPool's settings and I can't see that. (see attachments)

The whoami command return me "user-PC\user" even if on the Windows Authentication screen it's named "Admin". So I've changed back the account name from "Admin" to "user", reboot the computer and then tried to grant permissions to "user" in the Audit Trail Configuration but the Select Windows user's pop-up can't find anything.

AuditTrail_settings1.JPG
AuditTrail_settings2.JPG
AuditTrail_user.JPG
0 0
replied on December 1, 2016

Go to IIS > Sites > <sitename> > AuditTrail > Authentication, make sure only Windows authentication is enabled.

As to that you can not search for the user, please open c:\Program Files\Laserfiche\Audit Trail\Config.xml file, in the <UserPermissions> block, add the user to the Trustee list as below.

  <UserPermissions>
    <Repository Name="YourRepoHere" Server="YourServerHere">
      <Allow>
        <Trustee DomainName="USER-PC" TrusteeName="User" isUser="True" isDisabled="False" />
      </Allow>
      <Deny>
      </Deny>
    </Repository>
  </UserPermissions>

Then restart Audit Trail Reporting Service, and see if the user is added to the Permissions list. If so, see if you can run a report.

0 0
replied on December 2, 2016

Thank you for your answers Yan, the issue is solved but I have another one now.

ERROR [08001] [Microsoft][SQL Server Native Client 10.0]SQL Server Network Interfaces: Error Locating Server/Instance Specified [xFFFFFFFF]. ERROR [HYT00] [Microsoft][SQL Server Native Client 10.0]Login timeout expired ERROR [08001] [Microsoft][SQL Server Native Client 10.0]A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online. Server stack trace: à System.Data.Odbc.OdbcConnection.HandleError(OdbcHandle hrHandle, RetCode retcode) à System.Data.Odbc.OdbcConnectionHandle..ctor(OdbcConnection connection, OdbcConnectionString constr, OdbcEnvironmentHandle environmentHandle) à System.Data.Odbc.OdbcConnectionOpen..ctor(OdbcConnection outerConnection, OdbcConnectionString connectionOptions) à System.Data.Odbc.OdbcConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningObject) à System.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup) à System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection) à System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) à System.Data.Odbc.OdbcConnection.Open() à AuditDBService.RemotableReporting.GetTableColumns(String repo, String tableName) à System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs) à System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext) Exception rethrown at [0]: à System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) à System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) à AuditRemoting.IReporting.GetTableColumns(String repo, String tableName) à WebAuditReport.DataFieldManager.RetrieveFieldsFromDBTable(String table, String repo) à WebAuditReport.DataFieldManager.RetrieveFieldsFromDBTables(List`1 tables, String repo) à WebAuditReport.DataFieldManager.ReadAllDataFields(String listfile, String repo) à WebAuditReport.DataFieldManager.Init(String repo) à WebAuditReport.DataFieldManager..ctor(String repo) à WebAuditReport.classes.DBDataDescriptor..ctor(String repository) à WebAuditReport.classes.DBDataDescriptor.GetDescriptor(String repository) à WebAuditReport.OverallReportParams.OnReposChange(String newRepos) à WebAuditReport._Default.NewReport_Click(Object sender, EventArgs e) à System.Web.UI.WebControls.Button.OnClick(EventArgs e) à System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) à System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) à System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

 

Any ideas ?

Regards.

0 0
replied on December 2, 2016

FYI,

I've checked on the Internet to find a solution and found that :

https://blogs.msdn.microsoft.com/walzenbach/2010/04/14/how-to-enable-remote-connections-in-sql-server-2008/

I've followed the steps :

- Remote connections were already activated

- TCP/IP Protocol was already enabled

- I've disabled the firewall, then reboot Laserfiche Audit Trail Service and tryied again but nothing change.

So I guess that the issue come from the instance name, maybe like user issue previously it needs to make a change in some Audit Trail installation file(s).

Waiting for your propositions,

regards.

0 0
SELECTED ANSWER
replied on December 2, 2016

Moana,

Go into the Audit Trail Configuration page and verify that the SQL Server instance you specified in the "Database" tab is correct. Click the "Update" button on that page and if there is an error, it will display a message on the page.

Next, go into the "Date Ranges" tab and verify that you have a date range listed there. Note that for a typical Audit Trail setup, after you specify the SQL Server instance and date range, then that's when the Audit Trail database will actually get created.

So finally, after you've verified the configuration settings and see that a database does exist, then try running an audit report again.

Regards

0 0
replied on December 2, 2016

Yes, I've got Audit Trail running ! 

Thank you all for your time and your help.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.