The events that log information related to the user credentials are grouped under the authentication category. You can configure the following:
This event is generated when authentication is unsuccessful for the remote operator due to several reasons. The failure could be due to wrong password, lack of permission, or cancellation of certification.
To enable an Authentication Failure audit event during a remote session:
Log in to ZENworks Control Center on a server that has Windows devices.
Click Configuration> Audit Management >Events Configuration.
In the Events Configuration page, Click the Agent Events tab >Add.
In the Add Agent Events dialog box, select the Authentication Failure check box under Remote Management >Authentication.
Configure the event settings such as Event classification, Days to keep, Notification Types, and so forth, for the Authentication Failure audit event, then click Apply.
Click OK to add Authentication Failure event and close the Add Agent Events dialog box.
In ZENworks Control Center, click Devices >Workstations
Select a Windows device, then execute one of the remote management operations on the device in password mode.
Enter a wrong password when you are prompted for a password. The Authentication Failure event is logged and the password is requested again.
In a remote session if authentication fails at a stage when the identity of the remote operator is not verified yet, then the information about the initiator of the event on the managed device is recorded as unknown in the audit log. For example, initiator information is not logged for certificate related failures, because the failure occurs even before the remote operator information is passed on to the managed device.
In the event log you might find some of the authentication failure reasons listed with error codes.
The following are the error codes with their description:
2: Failed while reading from or writing to the socket on the managed device.
4: Failed abruptly while verifying Novell password on the managed device.
7: Failed while verifying version compatibility for the session on the managed device
9: Failed while enabling encryption for session on the managed device.
10: Failed while verifying operation for the session on the managed device
16: Failed as the managed device received an unknown Novell authentication scheme
17: Failed as the managed device received invalid security type.
18: Failed as the managed device received incorrect security type.
22: Failed while allocating memory using malloc on the managed device.
23: Failed as managed device received unexpected size for client proof or client parameter
32: Failed as the managed device encountered an error while attempting to retrieve the Remote Management policy
Authentication Success audit event is generated when authentication is successful during a Remote Management session, either in password or in rights mode. This is a high priority event in that it alerts the administrator about the initiation of a remote session on a specific device.
The following basic information about the remote session is also logged during the Authentication Success event:
Session ID
Operation
Authentication Mode
This section included information on the following:
Log in to ZENworks Control Center on a server that has Windows devices.
Click Configuration >Audit Management >Events Configuration.
In the Events Configuration page, Click the Agent Events tab > Add.
In the Add Agent Events dialog box, select the Authentication Success check box under Remote Management >Authentication.
Configure the event settings such as Event classification, Days to keep, Notification Types, and so forth, for the Authentication Success audit event, then click Apply.
Click OK to add the Authentication Success event and close the Add Agent Events dialog box.
In ZENworks Control Center, click Devices >Workstations.
Select a Windows device, then execute one of the remote management operations on thedevice in password or rights mode.
When authentication is successful, the Authentication Success audit event is logged.