Netwrix Auditor System Health Log – Event ID 1209

Copy Article URL Copied

Depending on your Netwrix Auditor version, the Netwrix Auditor System Health Log contains the following EventID: 1209

with one of the following errors in Details:

  • “Unable to obtain the list of SharePoint groups for site collection with ID ‘{0}’: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)).
  • “Unable to obtain the list of SharePoint groups for site collection with ID ‘{0}’: Access to this Web site has been blocked.

The security settings in the audited SharePoint farm do not allow collecting complete audit data. The product was unable to get a list of security groups from the audited site collections due to one of the following reasons (depending on the error in the “Details” field):

  • there are insufficient permissions for the web application hosting the target site collection
  • the target site collection is in the Locked – No Access status

To resolve the issue, do one of the following depending on the reason:

  • Navigate to Central Administration –> Web Applications –> <audited web application> –> User Permissions and verify your security permissions. The minimal required permissions are “Manage Web Site”.
  • Navigate to Central Administration –> Application management –> Configure quotas and locks –> <audited site collection> and change its status to “Not Locked”. Alternatively, you can unlock your site using SharePoint Management Shell.

To change site status to “Unlock” using SharePoint Management Shell, do the following:

  1. Make sure that your account complies with the requirements mentioned in the Microsoft technical article.
  2. In your SharePoint server, navigate to Start –> Microsoft SharePoint Products <version> SharePoint Management Shell.
  3. Execute the following command:  Set-SPSite -Identity “<SiteCollection>” -LockState “<State>”

<SiteCollection> is the URL of the site collection that you want to track or unlock.
<State> is one of the following values:

  • Unlock to unlock the site collection and make it available to users.
  • NoAdditions to prevent users from adding new content to the site collection. Updates and deletions are still allowed.
  • ReadOnly to prevent users from adding, updating, or deleting content.
  • NoAccess to prevent users from accessing the site collection and its content. Users who attempt to access the site receive an error.
Go Up