Logbinder for Msexchange throwing padding error 555


Logbinder for Msexchange throwing padding error 555

C

Hi,

Installed Logbinder 3.4.29.0 for MSExchnage 2016 to collect audit logs. After providing input parameters, it throws below 555 error. (I checked this in application logs in event viewer).

LOGbinder error
System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed.

When I start the service, it stops immediately within a minute and when I double to check input parameters, getting below error .

I am guessing if this is due to memory issue because my machine is running out of memory.
Kindly help.

Regards,
Chaitanya
Tamas Lengyel

Chaitanya Chandake - 2/28/2019
Hi,

Installed Logbinder 3.4.29.0 for MSExchnage 2016 to collect audit logs. After providing input parameters, it throws below 555 error. (I checked this in application logs in event viewer).

LOGbinder error
System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed.

When I start the service, it stops immediately within a minute and when I double to check input parameters, getting below error .

I am guessing if this is due to memory issue because my machine is running out of memory.
Kindly help.

Regards,
Chaitanya

Hi Chaitanya,

Could you please open the Details on the error message window and copy (right click, Select All) and paste that information here or in a private message for me?

Thanks.

C

Hey Tamas,
I figured out what the issue was.I was trying to reinstall Logbinder application without deleting previous traces in C:\ProgramData . (I wanted to configure input of Logbinder with different recipient.)
After I deleted all traces and reinstalled, I did not get any padding error and everything was fine and was able to collect logs too. 
I have a doubt, even though I had set polling interval as 10 min, Logbinder takes too much time (more than 24 hours) for collecting admin audit events from MSExchange 2016. Website tells this delay occurs only for mailbox audit logs but I faced it for admin events as well. ( I am interested in admin audit events only)
Good thing is I am able to collect admin audit events.

Thank you for help.

Thanks
Chaitanya
Tamas Lengyel

Chaitanya Chandake - 3/4/2019
Hey Tamas,
I figured out what the issue was.I was trying to reinstall Logbinder application without deleting previous traces in C:\ProgramData . (I wanted to configure input of Logbinder with different recipient.)
After I deleted all traces and reinstalled, I did not get any padding error and everything was fine and was able to collect logs too. 
I have a doubt, even though I had set polling interval as 10 min, Logbinder takes too much time (more than 24 hours) for collecting admin audit events from MSExchange 2016. Website tells this delay occurs only for mailbox audit logs but I faced it for admin events as well. ( I am interested in admin audit events only)
Good thing is I am able to collect admin audit events.

Thank you for help.

Thanks
Chaitanya

Hi Chaitanya,

You should not need to delete the configuration files from the ProgramData folder to install an upgrade. If you simply wanted to change the recipient, that can be done without reinstalling the software. Just open the input properties.

The admin audit logs should be available in less than 24 hours. Do you have more than one Exchange servers? Have you set the polling interval on all of your Exchange servers?

C

Tamas Lengyel - 3/4/2019
Chaitanya Chandake - 3/4/2019
Hey Tamas,
I figured out what the issue was.I was trying to reinstall Logbinder application without deleting previous traces in C:\ProgramData . (I wanted to configure input of Logbinder with different recipient.)
After I deleted all traces and reinstalled, I did not get any padding error and everything was fine and was able to collect logs too. 
I have a doubt, even though I had set polling interval as 10 min, Logbinder takes too much time (more than 24 hours) for collecting admin audit events from MSExchange 2016. Website tells this delay occurs only for mailbox audit logs but I faced it for admin events as well. ( I am interested in admin audit events only)
Good thing is I am able to collect admin audit events.

Thank you for help.

Thanks
Chaitanya

Hi Chaitanya,

You should not need to delete the configuration files from the ProgramData folder to install an upgrade. If you simply wanted to change the recipient, that can be done without reinstalling the software. Just open the input properties.

The admin audit logs should be available in less than 24 hours. Do you have more than one Exchange servers? Have you set the polling interval on all of your Exchange servers?

Hey Tamas,

Adding to my previous mail, I had missed one of the prerequisite check before installing logbinder.
  • To enable LOGbinder events to be sent to the security log:
    • Select Security Settings\Advanced Audit Policy Configuration\Object Access
    • Edit “Audit Application Generated,” ensuring that “Success” is enabled. (LOGbinder for Exchange does not require that the “Failure” option be enabled.)
So the above might have caused padding error.
However I am now able to collect admin logs after checking all permissions that needs to be provided before installing logbinder. I compared admin event occurred and logged time, there is difference of 8 hours. So, as u mentioned they are collected less than 24 hours.

Thank you for all help.
GO


Similar Topics


Reading This Topic


Login
Existing Account
Email Address:


Password:


Select a Forum....








LOGbinder Forum


Search