Architecture High Availability Windows Event Collector / Windows Event Forwarder

JC-work-2023 0 Reputation points
2023-08-30T10:25:25.15+00:00

Hi everyone,

I want to implement a Windows Event Forwarder / Windows Event Collector architecture within an on-premise organisation with some kind of redundancy for the WEC. My questions are :

  • how microsoft advices to handle the fact that if one WEC fails, the data handle within its subscription might be lost?
  • Is it possible with Kerberos authentication to have true load balancing for one subscription (one WEF) and not to have the data duplicated?

Warm regards

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,030 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,712 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 43,916 Reputation points
    2023-09-01T08:34:24.6933333+00:00

    Hello there,

    If you have a single IIS server, the service is typically running under Local System . The standard SPNs are registered to the computer account ( like host/server01 & host/server01.contoso.com )* so when a request for http/server01 comes in, the ticket will be encrypted using the computer account’s password. This configuration works well for a single server environment.

    You can find some solution from this article

    https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/kerberos-and-load-balancing/ba-p/399539

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments