Event ID 10036 error

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
GGuntly
CTO
Posts: 3
Joined: Mon Aug 13, 2018 3:07 pm

Re: Event ID 10036 error

Post by GGuntly »

Hello Steve!

As Greg alluded to, Microsoft has been receiving a lot of feedback and updating its strategy on a frequent basis, however, we are also actively engaged in identifying a solution that aligns with their goals around WMI. The issue is universal and not simply applicable to Nagios products, but we have a high priority on ensuring that Nagios XI can be compatible with a future WMI strategy. While we develop a solution, I would also like to mention an option that may work well in your environment--especially regarding security, deployment flexibility, and increased insights. Many of our customers benefit from the flexibility and power of our lightweight Nagios Cross Platform Agent (NCPA) that can also be configured to allow passive checks to be submitted to Nagios XI from various versions of Windows, Linux, and more.

https://www.nagios.org/ncpa/ -- With NCPA you can monitor Windows counters, running and stopped processes as well as services! The agent even has a very robust API and optional ability to run remote plugins to gather server-side performance data.
gsmith
Posts: 1253
Joined: Tue Mar 02, 2021 11:15 am

Re: Event ID 10036 error

Post by gsmith »

.
vornado
Posts: 79
Joined: Wed Jun 13, 2018 9:17 am

Re: Event ID 10036 error

Post by vornado »

Hi Greg.

It's been a while since you replied. I finally got around to moving some service checks over to NCPA and in some cases, I'm getting more errors than with WMI.

For example, on one serve that wasn't getting errors (never got the Windows update?), errors started after changing to NCPA.

Code: Select all

CRITICAL - [Triggered by _ItemCount>150] - 202 event(s) of Severity Level: "Error", were recorded in the last 8 hours from the System Event Log. (List is on next line. Fields shown are - Logfile:TimeGenerated:EventId:EventCode:SeverityLevel:Type:SourceName:Message)

System:20220324132530.888889-000:10036:10036:Error:Microsoft-Windows-DistributedCOM:The server-side authentication level policy does not allow the user VORNADO\\SA_NagiosMonitoring SID (S-1-5-21-1351108152-1832275447-5522801-66563) from address 10.0.11.58 to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application.
How do I "raise the activation authentication level" is suggested in the error message?

Thanks.

Steve
gsmith
Posts: 1253
Joined: Tue Mar 02, 2021 11:15 am

Re: Event ID 10036 error

Post by gsmith »

Hi Steve

What is the output when you run this from a CLI on the Nagios server:

/usr/local/nagios/libexec/check_ncpa.py -H XXX.XXX.XXX.XXX -t mytoken --list

Where XXX.XXX.XXX.XXX is the IP of the Windows machine and "mytoken" is the value for
the community_string in C:\Program Files (x86)\Nagios\NCPA\etc\ncpa.cfg

Thanks
Locked