Introduction
This document describes how to collect and review WMI and DCOM logs to troubleshoot Umbrella Connector permission issues with Active Directory.
Overview
The Umbrella Connector service connects to Active Directory using Windows Management Instrumentation (WMI) and Distributed Component Object Model (DCOM). If this process fails, it is typically due to the OpenDNS_Connector user lacking correct permissions for DCOM or the WMI namespace. In such cases, this error can appear in the OpenDNS Connector logs:
EventMonitor Attach error: [AccessDenied] Access denied
To resolve this issue, utilize the prerequisites detailed in the Active Directory Integration Setup Guide. If further debugging is required, or if confirmation of a permissions issue is needed, review the relevant logs on the Windows Domain Controller (DC).
WMI and DCOM Event Logs
Event logs must be collected from the domain controller to which the Umbrella Connector is connecting (not necessarily where the Connector is installed).
DCOM Logs
Before viewing DCOM logs, enable additional debugging on the domain controller:
- Open the Windows Registry Editor (regedit.exe).
- Navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
- Create a new DWORD named
ActivationFailureLoggingLevel
and set the value to 1.
- Create a new DWORD named
CallFailureLoggingLevel
and set the value to 1.
- Reproduce the 'Access Denied' error by restarting the Connector.
- Open Windows Event Viewer
(eventvwr.msc)
.
- Go to Windows Logs > System.
- Filter for events with the source
DistributedCOM
. A DCOM permissions issue for OpenDNS_Connector appears as a relevant event.
WMI Logs
- Open Windows Event Viewer
(eventvwr.msc)
.
- On the View menu, click Show Analytic and Debug Logs.
- Navigate to Applications and Service Logs > Microsoft > Windows > WMI Activity.
- Three log files are available: Debug, Operational, and Trace. Permissions issues are typically logged in the Operational log.
- A WMI permissions issue for
OpenDNS_Connector
is recorded here.
WMI Trace Logs
Trace logging is not enabled by default but can provide detailed information about WMI queries, including both successful and failed attempts.
- Open Windows Event Viewer
(eventvwr.msc)
.
- On the View menu, select Show Analytic and Debug Logs.
- Navigate to Applications and Service Logs > Microsoft > Windows > WMI Activity.
- Right-click the Trace log and select Properties.
- Select Enable Logging and click OK. Once enabled, informational events is logged for each WMI query received.
- Restart the
OpenDNS_Connector
service to generate new events, which confirms if the queries are being processed.
Tip: To test permissions in conjunction with this logging, use the WBEMtest tool.