Phone Lines icon GFI Support Home

Articles in this section

See more

How to Add a Second Domain in EventsManager

Author: Elliot Eisenberg Updated

Overview

While using EventsManager, it is possible that you will have two distinct domains that you would like to be synchronized with the platform. After the first domain has been successfully synchronized with EM, you attempt to add the second but run into issues while doing so. You would like to be able to add the second domain, as well as check the tree of the domain on Event Manager. This article addresses the steps to follow in order to ensure that both domains are synchronized properly.

Solution

  1. First, add the second domain by following the steps laid out in the article Adding Event Sources Automatically.
    • Confirm that your storage drive has some slack (is not full or is not nearly full), as the storage drive being full (or nearly so) can cause some logs to not be recorded correctly. If the drive is too full, follow the steps provided in the article How to Maintain Database with Reasonable Size to reduce its size. Additionally, consider setting up Data Rotation, which should help keep the size of the database in check.
  2. Once this has been addressed, it is possible to begin to get failed logins for the first domain. If so, you should alter your setup to contain three accounts:
    1. One service account for EventsManager (Ideally this should be an account that can log in to both domains. It doesn't need admin rights for the domains, the Domain Users group should suffice, but it should be given local admin rights for the EventsManager machine)
    2. One Domain Admin/Server Operator account for Domain 1
    3. One Domain Admin/Server Operator account for Domain 2

    This can be configured within EventsManager in the following way:

    • Stop the EventsManager/EventsManager Monitor services in the EM machine
    • Opening services.msc on the EM machine
    • Right-click > Properties > Log on and change the user to account (1) for EventsManager and EventsManager Monitor
    • Open EventsManager and go to Configuration > Event Sources
    • For every group that has machines, right-click > Properties > Logon Credentials then check the box and enter credentials for either (2) or (3) depending on which domain the machines in this group are in
    • You should also check that each machine shows 'Inherited' in the Credentials column. If not, right-click on the machine > Properties > Logon Credentials and check 'Inherit the logon credentials from the parent group'image.png
    • Go to ​Configuration > Options and select Auto-discovery credentials on the left. This should be account (1).

Related articles