Hello,

We did in place upgrade in our prtg server 2012 r2 to 2019. After upgrade all free disk sensor gone red except prtg server itself. We have snapshot we can go back to 2012 but 2012 support will finished middle of the year.

When I check other servers logs, all of them has this error logs:

The server-side authentication level policy does not allow the user domain\prtgadmin SID (S-1-5-21-1926350-7946-111-11941) from address xx.xx.xx.xx to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application.

prtgadmin account added to domain admin and domain users group

I changed dcom settings to packet integrity as well on of our servers but still did not work.

Today DCOM hardening update released so we cant change registry setting, patched that update and tried again but no luck.

https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c

https://support.microsoft.com/en-us/topic/march-14-2023-kb5023697-os-build-14393-5786-d8c0d93c-c58b-4398-9fee-59183e52b20c

What can we do about them to turn them back to green again? Any ideas?

Article Comments

Same problem here, WMI Terminal Services (Windows 2008+) stop working, i've tried to increase the DCOM security but some prtg probes are installed on Hyper V hosts and i can't reboot easily


Mar, 2023 - Permalink

Hello,

the best way would be to install all updates on both the probe, and the target systems. This should fix the DCOM hardening issue.


Mar, 2023 - Permalink