Troubleshoot Reporting Components Checklist

The checklists in this section can help you troubleshoot problems with the reporting components.


To check for endpoint problems, confirm the following:

  • eventlog service running
  • eventfwd service running
  • reapsysl service running
  • eventfwd service properly configured
  • Collector name resolvable and address reachable
  • Collector principal properly set
  • /etc/syslog.conf properly configured
  • Events present in local event log (test with eventlog-cli)
  • eventfwd service seems to forward messages properly (run from command-line to test)
  • Firewall not blocking RPC access of collector server

Collector Servers

To check for problems with the collector servers, confirm the following:

  • BTCollector service running
  • BTEventDBReaper service running
  • Events present in local collector database (test with BTCollector-cli)
  • BTEventDBReaper properly configured (test with BTEventDBReaper /s)
  • Database provider and connection string properly set
  • Collector ACL allows endpoints to write to it (set with Event Management Console)
  • Collector machine account has sufficient privileges to write to database
  • No unusual errors in Windows event log (run eventvwr.exe)
  • Firewall not blocking incoming RPC connections or outgoing database connections


To check for problems with the database, confirm the following:

  • Can connect to it with SQL Server Management Studio
  • Events table contains events
  • EventsWithOUName view contains events
  • Database security set to allow writing by collector servers, by ldbupdate user, and by administrators
  • ldbupdate utility recently run to account for new endpoints joined to AD
  • Named-pipe client access enabled in SQL Server
  • Firewall not blocking incoming database connection

Windows Reporting Components

To check for problems with the Windows reporting components, confirm the following:

  • Database connection strings set properly
  • User has sufficient privileges to access database
  • Firewall not blocking database connections