Netwrix Auditor System Health Log - Event ID 1286 / 1086

This article applies to Netwrix Auditor 8.0 and above. It explains the nature of the Event ID and provides resolution.
Email It to Me Print this Page
Symptoms Depending on your Netwrix Auditor version, the Netwrix Auditor System Health Log contains the following Event ID:
Netwrix Auditor 9.0 and above: 1286
Netwrix Auditor 8.5 and below: 1086

The Event ID may contain the following errors:
Error type 1:
Unable to find site <URL> due to the following error: Attempted to perform an unauthorized operation.
Error type 2:
Unable to find site <URL> due to the following error: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)).
Error type 3:
Unable to find site <URL> due to the following error: Access to this Web site has been blocked.
 
Cause Review the possible errors' causes:

Error type 1:
The product failed to collect changes from the audited site collection as its status is lower than "Adding content prevented". Otherwise, the Farm account or the Service account for the web application pool hosting the audited site collection, has been modified, and has not been granted the Logon as a batch job right on the computer that hosts SharePoint Central Administration.

Error type 2:
The product failed to collect changes from the audited site collection as there are insufficient permissions for the web application hosting the target site collection.

Error type 3:
The product failed to collect changes from the audited site collection, as its status is "Locked - No Access".
Resolution Depending on the error type, follow the corresponding  resolution prompts:

Error type 1:
Navigate to SharePoint Central Administration --> Application Management --> Configure quotas and locks --> <target site collection> and change its status to "Not locked". Alternatively, you can unlock your site using SharePoint Management ShellIf this does not resolve the issue, contact your SharePoint administrator.

Error type 2:
Navigate to SharePoint Central Administration --> Web Applications --> <target web application> --> User Permissions and verify the security settings for this web application. The minimum required permissions are "Manage Web Site".

Error type 3:
Navigate to SharePoint Central Administration --> Application Management --> Configure quotas and locks --> <target site collection> and change its status to "Not locked"Alternatively, you can unlock your site using SharePoint Management Shell

To change site status to "Unlock" using SharePoint Management Shell, do the following:
  1. Make sure that your account complies with the requirements mentioned in the Microsoft technical article.
  2. In your SharePoint server, navigate to Start --> Microsoft SharePoint Products <version> SharePoint Management Shell.
  3. Execute the following command:  Set-SPSite -Identity "<SiteCollection>" -LockState "<State>"
Where:
<SiteCollection> is the URL of the site collection that you want to track or unlock.
<State> is one of the following values:
  • Unlock to unlock the site collection and make it available to users.

  • NoAdditions to prevent users from adding new content to the site collection. Updates and deletions are still allowed.

  • ReadOnly to prevent users from adding, updating, or deleting content.

  • NoAccess to prevent users from accessing the site collection and its content. Users who attempt to access the site receive an error.


 
Was this information helpful?