NeophyteWill Logicmonitor be affected by KB5004442: Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414) and are we required to perform any steps ?
Is there any official comms from Logicmonitor ?
LegendIf you’re looking for an official response from LM, it has to be through a support ticket. There is only one person at LM who has the community as her day-job, and she’s not in support.
Product ManagerWe are currently experiencing an issue relating to this KB.
There are several Event Logs coming in with the following message:
Message: The server-side authentication level policy does not allow the user <domain>\<service_account> SID (<SID>) from address 10.20.23.25 to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application.
The event can be suppressed, but the cause of the issue is on the collector side. It seems that the collector would need to be updated.
Please let me know if I'm misinformed.
Hi
Am also facing issue, there are several event generated in the windows server
activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application.
Please advise, how can i stop these event in the server, it is unnecessary creating noise in the server.
