Netwrix Auditor System Health Log Contains Event IDs 1015 and 1016

Symptoms

You see the corresponding item shows a Ready status after restarting the Netwrix Auditor for Windows Server Compression Service on a target server running Windows Server 2019. However, when clicking the Update option next to the monitoring plan, the item shows Take Action.

In addition, the Netwrix Auditor System Health log contains the following event IDs:

Event ID 1016: Windows Registry audit permissions are not enabled for this server. Adjust Windows Registry audit permissions automatically or manually.

and

Event ID 1015: Multiple errors of the same type have occurred on the Registry data provider.

Cause

The Everyone group should have permission to access the necessary registry keys rather than the data collection service account.

Resolution

Grant the necessary permissions to access the registry keys to the Everyone group.

Review the complete list of the required registry keys and learn more about configuring permissions in the following article: https://docs.netwrix.com/docs/auditor/10_8 Source Configuration — Configure Windows Registry Audit Settings — v10.6).

Symptoms​

Cause​

Resolution​

Symptoms

Cause

Resolution