Submit a ticketCall us

AnnouncementsChange Is Inevitable

Get valuable help when it comes to tracking and monitoring changes. SolarWinds® Server Configuration Monitor (SCM) is designed to help you: detect, track, and receive alerts when changes occur, correlate system performance against configuration changes, compare server and application configuration against custom baselines, and verify application and system changes.

Learn more.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > Vista Alert detected with NT Security Connector

Vista Alert detected with NT Security Connector

Created by Randall Harwood, last modified by Tim Rush on Sep 26, 2017

Views: 874 Votes: 1 Revisions: 6

Overview

The wrong connector is being used to read the Windows security event log, and LEM is not saving the Windows security events to the database.
This article provides brief information and steps to resolve the issue when the LEM GUI-console displays "Vista Alerts are detected with NT Security Connector" alerts under Monitor tab > 'Internal Events'.

Environment

All LEM versions 

Cause

The issue is caused when the Agent is installed on Windows Vista and newer computers, and the incorrect 'older' Security Event log connector is selected (only used for Windows 2000, XP, 2003).
This could also happen if configuring a Connector Profile (under Build > Groups), and selecting the incorrect connector for the security event log. All computers listed under the profile would be affected, and produce the error.
LEM connector name for newer Windows operating systems is "Vista Security".

Resolution

1. Identify the Detection Ip of the Machine that is providing the alert.

2. Go to Manage > Nodes.

3. Select the Gear to the LEFT of the target Machine.

4. After selecting the Gear, choose Connectors.

5. Select the configured box. You should see the Windows NT/2000/XP Security Log connector running.
     (or uncheck 'configured', then search for 'security log'. "Vista Security" is used for Windows 7/8/10/2008/2012/2016, and "Windows NT/2000/XP Security Log" is used for 2000/XP/2003.)

6. Stop the Connector.

7. Delete the Connector.

8. Uncheck Configured.

9. Search for Windows 7/2008/Vista Security Log.

10. Select the gear next to the Windows 7/2008/Vista Security Log.

11. Choose New.

12. Start the Windows 7/2008/Vista Security Log connector.

 

You should no longer see Vista Alert Detected with NT Security Connector alerts under LEM Internal Events.

 

 

 

Last modified

Tags

Classifications

Public