Jul 30 2020 08:03 AM
We are getting below highlighted errors in ATA log file "Microsoft.Tri.Gateway".
Can someone please help me to understand this?
2020-07-30 04:37:32.4176 7112 49 Error [EventLogException] System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
at System.Diagnostics.Eventing.Reader.EventLogException.Throw(Int32 errorCode)
at System.Diagnostics.Eventing.Reader.NativeWrapper.EvtSubscribe(EventLogHandle session, SafeWaitHandle signalEvent, String path, String query, EventLogHandle bookmark, IntPtr context, IntPtr callback, Int32 flags)
at System.Diagnostics.Eventing.Reader.EventLogWatcher.StartSubscribing()
at Microsoft.Tri.Gateway.Collection.Events.EventListeners.WindowsEventLogReader.<UpdateWindowsEventLogReaderBookmarksAsync>b__15_1(KeyValuePair`2 _)
at MoreLinq.MoreEnumerable.ForEach[T](IEnumerable`1 source, Action`1 action)
at async Microsoft.Tri.Gateway.Collection.Events.EventListeners.WindowsEventLogReader.UpdateWindowsEventLogReaderBookmarksAsync(?)
at async Microsoft.Tri.Infrastructure.Framework.Module.<>c__DisplayClass30_0.<RegisterPeriodicTask>b__1(?)
at async Microsoft.Tri.Infrastructure.Extensions.TaskExtension.<>c__DisplayClass33_0.<RunPeriodic>b__0(?)
2020-07-30 04:37:35.1051 7112 131 Error [Socket] [NativeErrorCode=10052] System.Net.Sockets.SocketException: The connection has been broken due to keep-alive activity detecting a failure while the operation was in progress
Jul 30 2020 12:14 PM
@imtiyazali73
During deployment the Gateway service account sid is registered to get read access to the local security log. most likely the permissions were revoked either by GPO or CustomSD reg key.
Aug 03 2020 11:50 PM
Aug 04 2020 02:27 AM
@imtiyazali73 , you can try to uninstall and reinstall which will set the permissions again.
Also check for the CustomSD registry key.
if the issue returns, open a support call, as it can be tricky finding out what causes the permissions to revert.. Many times the customers has GPOs they are not even aware of...