ALERT! The community will be read-only on April 19, 8am Pacific as the migration begins. Read more for important details.
ALERT! The community will be read-only on April 19, 8am Pacific as the migration begins.Read more for important details.
Commodore
Commodore
2520 views

Windows Server 2016 Connector

Jump to solution

Hi,

I'm trying to integrate Windows Server 2016 to ArcSight but it doesn't seem supported by the SmartConnector 7.10.0 version. Though according to the guide it is already supported but when I tried to run the installation, I cannot find the 2016 version on the drop down list.

Hope someone can help. 

Thanks!

Aqui

 

 

Labels (2)
0 Likes
1 Solution

Accepted Solutions
Micro Focus Expert
Micro Focus Expert

Hi Aqul,

I am glad I could help.
Have you managed to install it? If yes, don't forget to mark this question as resolved.

Regards,
Kresimir

View solution in original post

0 Likes
10 Replies
Captain Captain
Captain

Hi Aqui,

Which Smart Connector have you installed? You need to install "Microsoft Windows Event Log" which supports Windows Server 2016.

Regards,

Sumanth.

0 Likes
Commodore
Commodore

Hi Sumanth,

I have installed Windows Event Log - Unified connector version 7.10.0. Actually, when I read the config guide I saw that it is supported. But when I started installing the SmartConnector, there's no 2016 version on the drop-down list.

Thanks,

Aqui

0 Likes
Micro Focus Expert
Micro Focus Expert

Hi Aqul,

I have just installed WiNC 7.10 on my Win Server and I am able to select Server 2016 (see uploaded screenshot).
You are trying to install Windows Unified Connector which doesn't support 2016. 
Proceed with installing Native (Microsoft Windows Event Log Native) and you'll be able to select 2016.

Regards,
Kresimir

Commodore
Commodore

Hi Kresimir,

Thanks for this. I will try your recommendation and update once with the result. Thanks again!

Regards,

Aqui

0 Likes
Micro Focus Expert
Micro Focus Expert

Hi Aqul,

I am glad I could help.
Have you managed to install it? If yes, don't forget to mark this question as resolved.

Regards,
Kresimir

View solution in original post

0 Likes
Microsoft Windows Event Log is not a connector.....

There is only Native or Unified....unless I'm blind as a bat. I have the 7.11 connector version is it outdated?
0 Likes
Micro Focus Expert
Micro Focus Expert

Hi Timothy,

You might be confused by the name. WiNC connector comes under this name:
Microsoft Windows Event Log -- Native
It's this one you need to install:
https://community.microfocus.com/t5/ArcSight-Connectors/SmartConnector-for-Microsoft-Windows-Event-Log-Native/ta-p/1585123

It is the same for documentation and Type when you are installing the connector itself.
I just tried this with version 7.11 and it's there (version 2016 when installing WiNC).
WuC (Unifies) doesn't support Windows Server 2016.

Version 7.11 is still fine so you should be OK.
I hope this clears your doubts 🙂

Regards,
Kresimir

0 Likes

Humm so I'm having issues getting this connector working.

I can connect from my connector server to the windows servers with event viewer (we have a service account setup with the client) and I can see the security logs from that server which tells me im in the correct log reader group in the GPO (specific vernacular escapes me apologies).

When I go to add in the server information this happens:

 

clipboard_image_0.png

 

I can provide the agent.log files from the logs folder but they say the same thing. 

I don't understand how I can authenticate to the server via event viewer and see the security logs but when I try to actually do it on the connector it is giving me an error for unauthorized access? What gives?

 

Thanks!

 

-Tim

0 Likes
Micro Focus Expert
Micro Focus Expert

Hi Timothy,

Have you double-checked that the user "svccipher" is properly configured and added to Event Log Readers group, etc?
When you say you can connect via Event Viewer, do you use this account?
If so, when you connect, can you see all Security events from the source device?
Just to make sure it's not a problem with this account, you can try with Administrator and see if it will work.

Checking the user privileges, do you have enabled the following?
Manage auditing and security log

Another thing, can you try to disable FIPS Compliant Algorithm and see if that would help?
-> Control Panel - Administrative Tools - Local Security Policy - Security Settings - Local Policies - Security Options; under Policy, you should see System cryptography and under it Use FIPS compliant algorithms...

Here is another thread where people discussed the same:
https://community.microfocus.com/t5/ArcSight-User-Discussions/WiNC-remote-host-and-account-lockout/td-p/1514165

I hope this helps.
Let me know how it goes.

Regards,
Kresimir

0 Likes
Vice Admiral
Vice Admiral

… your screenshot looks like a misconfiguration of the column "Domain Name". Try to fill column "Domain Name" with your Windows Domain Name and column "User Name" with your UserName only. Or: Leave column "Domain Name" empty and put DomainName\UserName into column "User Name".

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.