Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
The file C:\Program Files\Citrix\HealthMon\Tests\Citrix\RequestTicket.exe does not have the correct permissions. In SDDL the expected ACL was O:BAD:AI(AID0x1200a9LS)(AIDFABA). The actual ACL was O:BAD:AI(AFABA)(AIDFABA)(AIDFASY)(AID0x1200a9BU)(AID0x1200a9LS)(AIDFRNS). For reference the files placed in the test folder should have inheritable permissions turned on which will result in the file have full control access for the Administrators group Read and Execute access for the Local Service user account and the owner will be the Administrators group.
|English: Request a translation of the event description in plain English.|
File can be:
CTX115682 was not the solution in my case as the owner was already local admin group.
The problem is to set the permissions to the correct order Citrix requires. The GUI cannot do that it reorders the permissions.
First make sure the the owner of the Tests\Citrix directory is set to the local administrator group
Open a command prompt and navigate to C:\Program Files\Citrix\HealthMon\Tests.
Run these commands:
icacls citrix /remove "NT AUTHORITY\LOCAL SERVICE"
icacls citrix /remove "BUILTIN\Administrators"
cacls citrix /G "NT AUTHORITY\LOCAL SERVICE":R
cacls citrix /E /G "BUILTIN\Administrators":F
Restart the Citrix Health Monitoring and Recovery and check the event log. Do not touch the permissions on this directory or the files within it otherwise you have to rerun the commands above.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated