Netwrix Auditor System Health Log - Event ID 1010 / 1210

This article applies to Netwrix Auditor 6.0 and above. It explains the nature of the Event ID and provides resolution.
Email It to Me Print this Page
Depending on your Netwrix Auditor version, the Netwrix Auditor System Health Log contains the following EventID
Netwrix Auditor 9.0 and above: 1210
Netwrix Auditor 8.5 and below: 1010


Refer to the table below for possible reasons and solutions:
 
ErrorCauseSolution
Unable to obtain the list of SharePoint roles for site collection with ID '{0}': Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)).The security settings in the audited SharePoint farm do not allow collecting complete audit data. In this case, the product is unable to get a list of Permission Levels for the monitored site collection as there are insufficient permissions for the web application hosting the target site collection.Navigate to SharePoint Central Administration --> <target_web_application> --> User Permissions and verify the security settings for this web application. The minimum required permissions are "Manage Web Site".
Unable to obtain the list of SharePoint roles for site collection with ID '{0}' Access to this web site has been blocked.The security settings in the audited SharePoint farm do not allow collecting full audit data. In this case, the product is unable to get a list of Permission Levels for the audited site collection as its status is "Locked - No Access".Navigate to SharePoint Central Administration --> Application Management --> Configure quotas and locks, select the target site collection and change its status to "Not Locked"Alternatively, you can unlock your site using SharePoint Management Shell
To change site status to "Unlock" using SharePoint Management Shell, do the following:
  1. Make sure that your account complies with the requirements mentioned in the Microsoft technical article.
  2. In your SharePoint server, navigate to Start --> Microsoft SharePoint Products <version> SharePoint Management Shell.
  3. Execute the following command:  Set-SPSite -Identity "<SiteCollection>" -LockState "<State>"
Where:
<SiteCollection> is the URL of the site collection that you want to track or unlock.
<State> is one of the following values:
  • Unlock to unlock the site collection and make it available to users.

  • NoAdditions to prevent users from adding new content to the site collection. Updates and deletions are still allowed.

  • ReadOnly to prevent users from adding, updating, or deleting content.

  • NoAccess to prevent users from accessing the site collection and its content. Users who attempt to access the site receive an error.

Was this information helpful?