ITAMClient.log displays error FATAL CA.Common.Web - Error initializing EEM eiam.config. Inaccessible logs Security

Document ID : KB000018782
Last Modified Date : 14/02/2018
Show Technical Document Details

Issue:

When logging into CA Asset Portfolio Management (APM) 12.9 or 14.x, the ITAMClient.log displays the error: FATAL CA.Common.Web - Error initializing EEM (eiam.config) System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. To create the source, you need permission to read all event logs to make sure that the new source name is unique. Inaccessible logs: Security.

Environment:

CA Asset Portfolio Management 12.x or 14.x

 

Resolution:

1. Grant permission to create a custom event log.  Follow either 1a. or 1b., depending on your operating system: 

  1.  For Windows 7 or Windows Server 2008

    -          Log on to the web server as an administrator

    -          Click Start, click Run, type regedit, to open registry editor

    -          Navigate to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security",
               right click on security and select permissions.

    -          Click add, select "Network Service", give it read permissions and click "OK"

    -          Navigate to  “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog"

    -          Right-click Eventlog, and then click Permissions. The Permissions for Eventlog dialog box appears.

    -          Click Advanced. The Advanced Security Settings for Eventlog dialog box appears.

    -          In the Name column, double-click the Users group. The Permission Entry for Eventlog dialog box appears.  
               Select to ‘Show advanced permissions’

    -          Select the ‘Set Value’ and ‘Create Subkey’ check box, and then click OK.

    -          Exit the Registry Editor

 

    b.  For Windows 8 or Windows Server 2012

       -          Log on to the web server as an administrator

       -          Click Start, click Run, type regedit, to open registry editor

       -          Navigate to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security",
                  right click on security and select permissions.

       -          Click add, select "Network Service", give it read permissions and click "OK"

       -          Navigate to  “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security"

       -          Right-click Security, and then click Permissions. The Permissions for Eventlog dialog box appears.

       -          Click Advanced. “The Advanced Security Settings for Security” dialog box appears.

       -          Select the principal “Network Service” (if not available then create); and click on “Edit”
                  and a new pop up appears with the title “Permission Entry for Security”. 

       -          Ensure that Applies to “This key and Subkeys” is selected.

       -          Click on “Show Advanced Permissions”

       -          Select the ‘Set Value’ and ‘Create Subkey’ check box, and then click OK.

       -          Exit the Registry Editor

 

2.  Update the APM Web server web.config file to point to the full path name of the eiam.config file:

  1. Login into your webserver and navigate to \Program Files (x86)\CA\ITAM\Web Server and edit the eiam.config file
    Locate the following key: <LoggerConfiguration file="eiam.log4net.config"/>

    Modify to add the complete path to the eiam.config file: <LoggerConfiguration file="C:\Program Files (x86)\CA\ITAM\Web Server\eiam.log4net.config"/>

  2. Save and close the file.

  3. Edit the \Program Files (x86)\CA\ITAM\Web Server\eiam.log4net.config file 
    Locate the entry
    <root>
      <level value="<any value>" />
    Change <any value> to FATAL

  4. Save and close the file.

3.  Update the APM Application server web.config file to point to the full path name of the eiam.config file: 

  1. Login into your webserver and navigate to \Program Files (x86)\CA\ITAM\Application Server and edit the eiam.config file 
    Locate the following key: <LoggerConfiguration file="eiam.log4net.config"/> 

    Modify to add the complete path to the eiam.config file: <LoggerConfiguration file="C:\Program Files (x86)\CA\ITAM\Application Server\eiam.log4net.config"/>

  2. Save and close the file.

  3. Edit the \Program Files (x86)\CA\ITAM\Application Server\eiam.log4net.config file 
    Locate the entry
    <root>
      <level value="<any value>" />
    Change <any value> to FATAL

  4. Save and close the file.

4.  Restart IIS  (iisreset)