netwrix · zoeycastillo · Nov 18, 2025 · Nov 14, 2025 · Nov 14, 2025 · Nov 18, 2025
@@ -0,0 +1,55 @@
+# Troubleshooting Connection Issues for the error "Connection failed: 0x800706BA The RPC server is unavailable"
+
+Disclaimer: This error, especially when encountered infrequently, does not result in audit data loss. The collector can continue gathering data from where it was last interrupted. It is recommended to verify the data's timeliness in reports to assess whether this impacts the timely delivery of audit data by the collector.
+
+## 1. Connection Dropping with Compression Service During Data Collection
+
+When collecting data from the Target Audited Server, it's vital to maintain a stable and reliable connection with the Compression service. However, sometimes issues may arise when this connection drops. This can often be attributed to network instability, which disrupts proper data transmission. In such cases, the focus should be on addressing the underlying causes of network instability. This may involve inspecting and configuring network equipment to ensure a consistent and robust connection, thereby allowing the data collection process to complete without interruptions.
+
+## 2. Unstable Connection During Large-Scale Audits
+
+When conducting large-scale audits, maintaining a stable connection is critically important. An unstable connection can lead to interruptions, making it challenging or even impossible to carry out the audit in its entirety. An effective strategy for resolving this issue is to break down the initially large audit scope into smaller, more manageable parts. For instance, instead of using the entire Target Audited Server with all shares as an item, it is better to add shares of the Target Audited Server individually as separate items. This approach reduces network load and minimizes the risks associated with connection loss. Segmenting the audit allows for phased execution, contributing to more successful completion of each phase and, ultimately, the entire audit.
+
+> **NOTE:** This recommendation pertains to critically important audit objects, not to the entire audited scope. For example, if the entire file server is added to the audit collection, but auditing multiple shared folders on this server isn't necessary, it's recommended to exclude these folders from collection using "excludes." This way, the collector will gather only what is required for auditing, dedicating all its resources to this task.
+
+> **NOTE:** It also makes sense to use the RET to calculate your scope and estimate the necessary server resources: https://releases.netwrix.com/products/auditor/10.7/auditor-resource-estimation-tool-1.2.39.zip
+
+## 3. Antivirus Interference on NA-Server and/or Target Audited Server with Netwrix Auditor and Compression Service
+
+Antivirus programs on both the NA-Server and the Target Audited Server are vital for protecting data and systems from malicious threats. However, they can sometimes interfere with the proper functioning of Netwrix Auditor. This can occur for several reasons:
+
+* **Connection Blocking:** Antivirus programs may interpret some legitimate network connections as potential threats, resulting in their blockage. This can disrupt the interaction between Netwrix Auditor and/or Compression service.
+* **Traffic Scanning:** The process of scanning incoming and outgoing traffic can slow down data transmission, affecting Netwrix Auditor's performance. The antivirus may delay data packets, suspecting potential threats.
+* **False Positives:** Occasionally, antivirus programs may mistakenly identify harmless files or processes as malicious, leading to their isolation or deletion, which can disrupt the operation of Netwrix Auditor and/or Compression service.
+
+To mitigate these issues, it is crucial to add Netwrix Auditor processes and services to the antivirus exclusion list according to the following guidelines:
+
+### Netwrix Auditor Server:
+
+* **Paths:** <br />
+C:\\ProgramData\\Netwrix Auditor
+
+  **Note:** If you've previously changed the default location, you can look up the default value in the registry key:
+  `HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Netwrix Auditor\DataPathOverride`
+
+* **Processes:** <br />
+NwFileStorageSvc (NwCoreSvc.exe)
+
+### Target Audited Server (if Compression service is enabled):
+
+* **Paths:** <br />
+C:\\Windows\\SysWOW64\\NwxExeSvc
+
+* **Processes:** <br />
+NwxExeSvc.exe <br />
+NwxFsAgent.exe <br />
+NwxEventCollectorAgent.exe <br />
+NwxSaclTunerAgent.exe
+
+## 4. Insufficient Disk Space on the Target Audited Server's System Disk
+
+When the agent's system disk runs low on free space, it can lead to reduced system performance, inability to install updates, and errors in Compression service operation. Resolving these issues involves freeing up disk space by removing unnecessary files and data, transferring information to other storage devices, or increasing the disk space capacity.
+
+## 5. Insufficient Resources (CPU, RAM) for Compression Service Due to Large Audit Volume
+
+When the Target Audited Server does not have enough free CPU and RAM resources to handle a large audit volume, the Compression service may become overwhelmed, unable to handle the load. This, in turn, can lead to network overload and increase the likelihood of errors during data transmission. To improve the situation, consider segmenting the audit scope, excluding unnecessary scope from the audit, or adding more CPU and RAM resources to the Target Audited Server.