Unstable Event Forwarding from Windows 2003R2 Server

-

hello,

we having stability problem event forwarding process. after set events being forwarded time, stops. restarting windows remote management service helps, not possible, , service has killed in process explorer.

on source computer event generated, when service stops responding:

event type:  error  event source:  eventforwarder-operational  event category:  none  event id:  102  date:    12.5.2010  time:    10:11:36  user:    n/a  computer:  server  description:  subscription application log can not created. error code 8.

while on collector computer the subscription runtime status shows errors:

[server.domain] - error - last retry time: 12.5.2010 10:11:36. code (0x8): 
  <f:providerfault provider="event collector plugin windows remote management " 
  path="%systemroot%\system32\wevtfwd.dll" 
  xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault">
  <t:providererror xmlns:t="http://schemas.microsoft.com/wbem/wsman/1/windows/eventlog">windows event forward plugin failed 
  create subscription.
  </t:providererror></f:providerfault> next retry time: 12.5.2010 10:51:36.

or

 

[server.domain] - error - last retry time: 12.5.2010 10:15:56. code (0x80338126): 
  winrm client cannot complete operation within time specified. check if machine name valid , reachable 
  on network , firewall exception windows remote management service enabled.  next retry time: 12.5.2010 10:55:56.

 

configuration on source machine

  • ws-management 1.1 (kb936059) installed
  • collector computer account in local administrators security group
  • winrm listening on port 5985
configuration on collector machine - subscription
  • collector initiated
  • destination log forwarded events
  • logging application log
  • listening on port 5985
  • everything else default

 

there no problem in event forwarding on windows server 2008(r2).

well, somehow have got through this.. 

for reason security log w2k3 server surce computer not collected when using collector machine account. after creating domain account, adding account administrators security group on source computer , assigning subscription on collector computer, works charm..

it bit weird, solved :)



Windows Server  >  Management



Comments

Post a Comment

Popular posts from this blog

WIMMount (HSM) causing cluster storage to go redirected (2012r2 DC)

-
looking options resolve error , prevent in future. thanks help. hardware: 2 node dell hv cluster running2012r2 dc 8 nic/ea in multiplex mode 4x hyper-v 4x hosts storage: 2x synology nas, accessed through iscsi hosts , cluster relevant logs: log name:      microsoft-windows-failoverclustering/diagnostic source:        microsoft-windows-failoverclustering date:          event id:      2050 task category: none level:         warning keywords:       user:          system computer:      l description: [dcm] filter wimmount found @ unsafe altitude 180700 log name:      system source:        microsoft-windows-failoverclustering ...
Read more

Failed to delete the test record dcdiag-test-record in zone test.com

-
ps c:\users\administrator.test> dcdiag /test:dns directory server diagnosis performing initial setup:    trying find home server...    home server = dc02    * identified ad forest.    done gathering initial info. doing initial required tests    testing server: default-first-site-name\dc02       starting test: connectivity          ......................... dc02 passed test connectivity doing primary tests    testing server: default-first-site-name\dc02       starting test: dns          dns tests running , not hung. please wait few minutes...          ......................... dc02 passed test dns    running partition tests on : forestdnszones    running partition tests on : domaindnszones    running partition tests on : schema ...
Read more

Azure MFA with Azure AD and RDS

-
i have setup following lab in azure , need help. a server (domain controller) , remote desktop services. and server multi factor authentication server. i have setup following one http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ and when im connecting got following error. the user "domain\username", on client computer "xxx.xxx.xxx.xxx", did not meet connection authorization policy requirements , therefore not authorized access rd gateway server. authentication method used was: "ntlm" , connection protocol used: "rpc-http". following error occurred: "23003". also on security log i've got following authentication details: connection request policy name: ts gateway authorization policy network policy name: - authentication provider: radius proxy authentication server: test.test.local authenticati...
Read more