Send Knowledge Base Article
The article has been sent to your inbox successfully.
We never share your data
Netwrix Auditor System Health Log - eventID 1016-1019 / 1216-1219
This article applies to Netwrix Auditor 6.0 and above. It explains the nature of the EventIDs and provides resolution.
KB2051 | Last review: Dec 06, 2017 | Netwrix Auditor for SharePoint | Netwrix Auditor 6.0 and above
|Symptoms||Depending on your Netwrix Auditor version, the Netwrix Auditor System Health Log contains the following EventIDs:
Netwrix Auditor 9.0 and above: Event ID 1216
Netwrix Auditor 8.5 and below: Event ID 1016
The following error occurred when trying to launch the component responsible for collecting AD group membership from forest <forestName>: <error>
Netwrix Auditor 9.0 and above: Event ID 1217
Netwrix Auditor 8.5 and below: Event ID 1017
The following error occurred when trying to delete temporary data on AD group membership from the local storage: <error>
Netwrix Auditor 9.0 and above: Event ID 1218
Netwrix Auditor 8.5 and below: Event ID 1018
The following unexpected error occurred when trying to collect AD group membership: <error>
Netwrix Auditor 9.0 and above: Event ID 1219
Netwrix Auditor 8.5 and below: Event ID 1019
AD group membership was resolved with the following error; <error>
|Cause||The product is unable to collect data on group membership of users who made changes. This does not affect audit data integrity and only affects the possibility to filter data by groups in audit reports.
Most likely, this is due to access issues to the AD domain that users belong to, or the membership database.
|Resolution||Select one of the possible resolutions.
If the error contains a file name, make sure that it is accessible.
You can also exclude these events from being logged to the Netwrix Auditor System Health log (Netwrix Auditor Event Log for Netwrix Auditor 6.5 and below) if you do not need to filter changes by groups.
Navigate to: %ProgramData%\Netwrix Auditor\Netwrix Auditor for SharePoint\Configuration\<GUID*>\omiteventloglist.txt. * To view your Managed Object GUID, navigate to %programdata%\Netwrix Auditor\Audit Core\Config Server\Configuration.xml.
Find your monitoring plan name in the configuration file:
<a n="Name" t="2" v="your_SharePoint_Managed_Object_name"/>
Was this information helpful?