Troubleshoot Checklists for Reporting Components

The checklists in this section can help you troubleshoot problems with the reporting components.


To check for endpoint problems, confirm the following:

  • eventlog service running
  • eventfwd service running
  • reapsysl service running
  • eventfwd service properly configured
    HKEY_THIS_MACHINE\> ls Policy\Services\eventfwd\parameters\
    +  "Collector" REG_SZ          ""
  • Collector name resolvable and address reachable
    PING ( 56(84) bytes of data.
    64 bytes from ( icmp_seq=1 ttl=128 time=0.867 ms

For more information about the services, see AD Bridge Services and Status.

  • Collector principal properly set
    HKEY_THIS_MACHINE\> ls Policy\Services\eventfwd\parameters\
    +  "CollectorPrincipal" REG_SZ          ""
  • /etc/syslog.conf properly configured
  • events present in local event log (test with eventlog-cli)
  • eventfwd service seems to forward messages properly (run from command-line to test)
  • firewall not blocking RPC access of collector server

Collector Servers

To check for problems with the collector servers, confirm the following:

  • BTCollector service running
  • BTEventDBReaper service running
  • events present in local collector database (test with BTCollector-cli)
  • BTEventDBReaper properly configured (test with BTEventDBReaper /s)
  • database provider and connection string properly set
  • collector ACL allows endpoints to write to it (set with Event Management Console)
  • collector machine account has sufficient privileges to write to database
  • no unusual errors in Windows event log (run eventvwr.exe)
  • firewall not blocking incoming RPC connections or outgoing database connections


To check for problems with the database, confirm the following:

  • can connect to it with SQL Server Management Studio
  • Events table contains events
  • EventsWithOUName view contains events
  • database security set to allow writing by collector servers, by ldbupdate user, and by administrators
  • ldbupdate utility recently run to account for new endpoints joined to AD
  • named-pipe client access enabled in SQL Server
  • firewall not blocking incoming database connection

Windows Reporting Components

To check for problems with the Windows reporting components, confirm the following:

  • database connection strings set properly
  • user has sufficient privileges to access database
  • firewall not blocking database connections