Audit Collection Server (AdtServer) fails to start when ACS installed from CD Media (Access Denied 0x00000005)

  • Article

This is a problem I can see as being a fairly big issue so I'm documenting both in my blog and in a KB article which will be published shortly. I'll document the KB article number as soon as I have it. This affects the release product so please acquiant yourselves with the possible resolutions.

 This is the raw information I've submitted for the KB article and will affect anyone installing an ACS Collector Server from the CD media.

Symptoms
=============================
When attempting to install an Audit Collection Services Collector from CD media, Setup completes successfully with the message "Audit Collection Services has been successfully installed", however the event ID 4668 is logged in the Application Event Log with the following details and the service AdtServer is not running.

Event ID:4668
Source:AdtServer
Description: AdtServer encountered the following problem during startup.
 Task: Create Machine Register
 Failure: An error occured connecting to the database and retrieving groups and machines
 Error: 0x00000005
 Error Message: Access is denied.

Cause
=============================
The Audit Collection Service (AdtServer.exe) is attempting to write to the configuration file AcsConfig.xml in the %systemroot%\system32\Security\AdtServer folder which has the read-only file attribute.

Resolution
=============================
There are several resolutions available to resolve this issue.
If the ACS Collector Setup has already been executed and the Adtserver service is installed and will not start, use Resolution 1 below. Use Resolutions 2 or 3 if the ACS Collector has not yet been installed.

Resolution 1:
Navigate to the %systemroot%\System32\Security\AdtServer folder on the computer exhibiting the problem. Remove the read-only attribute from the file AcsConfig.xml. Then restart the AdtServer service.

Resolution 2:
If a combined ACS Collection and ACS database installation are being performed the following resolution may be used.
During Audit Collection Services (ACS) setup as the ACS database is created, a SQL Server Login prompt is presented, at which point setup is awaiting user input. Before confirming the SQL Server Login details and clicking OK navigate to the %systemroot%\system32\Security\AdtServer folder and remove the read-only file attribute on the AcsConfig.xml.

Resolution 3:
Copy the contents of the Operations Manager 2007 CD Media to a network share or local folder. Confirm that AcsConfig.xml within the acs\<platform> folder of the copied CD media folder structure does not have the read-only attribute prior to running the Audit Collection Service Collector Setup.

Repro Steps
=============================
From the Operations Management 2007 CD Media run SetupOM.exe to display the installation dialog.
Choose Install Audit Collection Server
Follow the steps for installing an Audit Collection Server
Although the final dialog of the installation may confirm the installation was successful examination of the Application Event log shows that the event id 4668 was raised. Examination of the Services MMC snap-in confirms that the AdtServer service is not running.

More Information
=============================
This problem may also occur if the CD meda is copied to a folder structure on a network share or local folder and the file attributes changed so that the file attributes are read-only.