DC Agent: ERROR_ACCESS_DENIED - 5

This error appears when DC Agent does not have sufficient permissions to perform its required tasks.

To a domain controller, an anonymous account is equivalent to a Windows Guest account. If DC Agent is configured to use an anonymous account, and the domain controller has been set not to give the list of user logon sessions to an anonymous user, then DC Agent is unable to retrieve logon information.

• DC Agent uses the NetSessionEnum call, which may fail depending on your Local Security Policy or Trust Relationship configuration.
• User Service uses NetUserGetGroups, which requires domain administrative rights.

To address this issue, create an account domain controller read privileges for DC Agent to use when requesting user logon information from the directory service.

If DC Agent is configured to perform computer polling, the service must run as an account with domain or enterprise admin privileges.