locked
Security Audit Failure Running Workflow RRS feed

  • Question

  • Has anyone experienced a failure audit each time a workflow is executed?

    Have tried running the workflow with Administrator rights.

    Have made sure the correct .NET components (.NET 3.0.0) are installed.

    The behaviour is isolated to one server environment.

    Knowledge Base article 841001 seems pertinent:

    •          You use an application that opens audited objects too frequently or that opens audited objects with greater access than the application requires. For example, the application may request full control access when the application requires only read access. When this behavior occurs, events may be generated where the referenced process is always the same application.

    I’m not sure how it is possible to “open audited objects too frequently” We are going to open them as often as we need to.

    I don’t know how we could open with greater access than the application requires either. I don’t know how the audit system can discover what access level we may potentially need.

    We run hundreds of workflows a day and the custmor is complaining that the security log is filling up.

    The customer is reluctant to modify their domain security settings. We would have to have a pretty sound explaination.

    Any suggestions?

    This is the event:

    Event Type:        Failure Audit
    Event Source:        Security
    Event Category:        Object Access
    Event ID:        560
    Date:                10/3/2013
    Time:                9:00:20 AM
    User:                NT AUTHORITY\SYSTEM
    Computer:        W3VMOMSWH02D
    Description:
    Object Open:
             Object Server:        Security
             Object Type:        Mutant
             Object Name:        \BaseNamedObjects\windows workflow foundation 3.0.0.0
             Handle ID:        -
             Operation ID:        {5,2797104351}
             Process ID:        11188
             Image File Name:        E:\Ventyx\POBIMT.WORLD\runtime\Obvient.OSIS.WWF.Runtime.exe
             Primary User Name:        W3VMOMSWH02D$
             Primary Domain:        FENETWORK
             Primary Logon ID:        (0x0,0x3E7)
             Client User Name:        -
             Client Domain:        -
             Client Logon ID:        -
             Accesses:        DELETE
                            READ_CONTROL
                            WRITE_DAC
                            WRITE_OWNER
                            SYNCHRONIZE
                            Query mutant state


    • Edited by rhenry74 Monday, October 14, 2013 8:27 PM
    Monday, October 14, 2013 8:26 PM