Search the VMware Knowledge Base (KB)
View by Article ID

Troubleshooting access rights, policies, and permissions preventing data collection (1005653)

  • 23 Ratings

Symptoms

  • Data collection fails
  • You may receive the following errors:
    • -1073738824 - The specified object is not found on the system
    • Access is denied
    • Error 13 - Type Mismatch
    • Collection for System 'XXXX' has completed with a status of 'Unknown error (The specified object is not found on the system.)
      MapErrCode2Key: Unknown error code -1073738824


Purpose

The following is a comprehensive set of rights and restrictions which can disrupt performance collection on a Windows server.

Resolution

Many collection errors are permissions related. The log in is valid however it does not have access rights to read the Performance counters. Performance monitoring can be restricted by a lack of Local Administrator credentials, registry permissions problems, Local Policies, or Group Policies in Active Directory.

Check Account Rights

Ensure the account or group that you are logging into, like a “Domain Admin”, is actually in the local “Administrators” security group.
 
To ensure account is part of the local Administrators group:
  1. Click Start > Run. Type lusrmgr.msc and press Enter.
  2. Open Groups > Administrators.
  3. Verify that "Domain Admins" is listed.
  4. Open Groups > Performance Monitor Users.
  5. Verify that the local service account which is in use or "Domain Admins" is listed.

Note: If the target server is a Domain Controller you must use the "Enterprise Admin" account to connect to the server.

Note: This procedure below modifies the Windows registry. Before making any registry modifications, ensure that you have a current and valid backup of the registry and the virtual machine. For more information on backing up and restoring the registry, see the Microsoft article 136393.

Check Perfmon Registry Access Rights

  1. From the Data Manager, attempt to browse the Registry in the Navigation pane:
    1. Expand the server branch in the Data Manager: Navigation Pane
    2. Expand the Registry branch, and expand HKEY_LOCAL_MACHINE . You see an "Access Denied" error.
    3. Check HKEY_CURRENT_USER . You do not get an immediate error message, however you may get errors accessing keys below that, if you do, ensure the log in information is valid to that server.
  2. Check the access control list (ACL) list for the HKEY_LOCAL_MACHINE key in the registry. Ensure the rights are at defaults: (SYSTEM: Full), (Administrator: Full), (Restricted: Read), (Everyone: Read).
  3. If you are unable to access all the keys, restart the Remote Registry service on that server.

Check the Perfmon-Related Keys on the Remote Server

Open the Permissions for each key and check the "Network Service" rights. At minimum Read access must be permitted. You can also add Local Service and grant at least Read rights.

NOTE: Local Service and Network Service users do not exist on Windows 2000 servers. These are instead set to Local System or NT_AUTHORITY\SYSTEM.

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT \CurrentVersion\Perflib
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT \CurrentVersion\Perflib\009
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg

Check for Corrupted Perfmon Counter Keys

To check for corrupted or missing counters:

  1. Locally, open Perfmon and attempt to add a counter with the [+] button, or if any of the values in the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT \CurrentVersion\Perflib\009 are missing the “Help” or “Counter” values (blank or non-existent).
  2. If any of the values in the first drop-down show as numbers instead of words, the counters are corrupted.
    1. If the counters are corrupted, try rebooting the server. Often it is simply the copy of the counters cached in memory which are corrupt.
    2. If this does not resolve the issue, it is possible the copy of the counters corrupted registry keys on the disk. For more information, see http://support.microsoft.com/kb/300956 to repair corrupted counters. For systems running Windows 2003, simply run “lodctr /R” from a command prompt. No reboot is needed.

Note: Corrupted counters may generate a “Type Mismatch” error (13) on the Collector.

Check the file system access control lists in NTFS

Both “Administrator” and “SYSTEM” must have “Full Control” in the ACL for these files:

  • %SYSTEMROOT%\System32\Perfc009.dat
  • %SYSTEMROOT%\system32\Perfh009.dat

Check the Local Security Policies

Administrator must be defined in all relevant policies. Open secpol.msc and check that the users are granted these permissions:

  • Profile Single Process
  • Profile System Performance
  • Access this computer from the Network
  • Log on as a service
  • Log on locally

Note: Some policies are set in the Group Policies in Active Directory. Some effective policies may need to be checked in either Active Directory or open rsop.msc to see the cumulative effective policies and how they are enforced locally.

Check that DCOM is Properly Enabled

To check if DCOM is properly enabled:

  1. Click Start > Run.  Type regedit.exe and press Enter.  
  2. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Ole\EnableDCOM
  3. Ensure the value is “y

Check the Services on the Remote Server

Formatting key: “Name - Startup Type (User)”

Note: Local Service and Network Service users do not exist on Windows 2000 servers. These are set to “Local System” or “NT_AUTHORITY\SYSTEM”.

Core Services

  • Remote Registry - Automatic (Local Service)
  • Performance Logs and Alerts - Manual (Network Service)
  • Remote Procedure Call (RPC) - Automatic (Network Service)
  • Remote Procedure Call (RPC) Locator - Automatic (Network Service)
  • Windows Management Instrumentation (WMI) - Automatic (Local Service)
  • Windows Management Instrumentation (WMI) Driver Extensions - Automatic (Local Service)

Helper Services

  • COM+ Event System - Manual (Local System)
  • COM+ System Application - Manual (Local System)
  • WMI Performance Adapter - Manual (Local System)
  • Net Logon - Manual (Local System)
  • Secondary Logon - Automatic (Local System)
  • Remote Access Connection Manager - Manual (Local System)
  • Workstation - Automatic (Local System)
  • Server - Automatic (Local System)

Interpreting Numeric PDH Error Codes

To interpret Numeric PDH Error codes:

  1. Find the error code from the logs:

    -1073738789

    Note: This value is in decimal format.

  2. Convert the code into Hexadecimal, ensuring to include the sign:

    FFFFFFFFC0000BDB

  3. Remove the first 4 bytes (8 characters), or select DWORD in Calc:

    C0000BDB

  4. Look up the code in the MSDN library at  http://msdn2.microsoft.com/en-us/library/aa373046.aspx .
  5. Review the message:

    0xC0000BDB (PDH_ACCESS_DENIED)


    Unable to access the desired computer or service. Check the permissions and authentication of the log service or the interactive user session against those on the computer or service being monitored.

For more information related to data collection issues, see Troubleshooting data collection fails on target servers (1005646).

Additional Information

For more information on the "Unable to Connect to Machine" error, see http://support.microsoft.com/kb/300702 .
Note: The preceding link was correct as of May 12, 2008. If you find the link is broken, please provide feedback and a VMware employee will update the link.

Tags

data-collection capacity-planner operating-system operating-system-target-servers

See Also

Update History

11/18/2011 - Added 2.7 and 2.8 product versions.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 23 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 23 Ratings
Actions
KB: