I have a Windows Event Collector that was running fine. I had set all the wsman permissions and was using source-initiated subscriptions.
We began using a micro-segmentation platform that manages the Windows Firewall. It determined (correctly) that traffic was occurring on port 5985 (HTTP), but when the rules were enabled, the subscriptions stopped working.
If I try to retry the suscription, I receive a message that states:
"The WinRM client could not create a push subscription because there are no listeners configured that match the specified hostname and transport, or because there is no enabled firewall exception on the port used by the selected listener.
Change the hostname and transport, create an appropriate firewall exception, or run winrm quickconfig"
Keep in mind, port 5985 IS open on the Win Firewall and this was working before.
It seems that even though port 5985 is open, that when retrying the subscription, it's not actually checking to see if it can communicate on the specified port, it's just looking to see if certain things are enabled in the FW, even though it doesn't need them. As a test, we did enable port 5986 (HTTPS) even though we don't need it as the traffic is over 5985 and no traffic flows inbound to the WEC over 5986, but the message still states it needs some unknown FW exception. Yes, ran winrm quickconfig which says it enables the exception, but it gets overwritten right away, I'm assuming. I thought about logging what happens when I run that but not certain the best tool to use.
At the end of the day, I want to understand what needs to be enabled on the FW (even though it may not be used) for the WEC to see everything as okay.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 52%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 28.000000000000004%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
