Problem with forwarding event log for single node

Михаил Андросов 336 Reputation points
2023-10-03T07:59:16.0866667+00:00

I have configured the forwarding of event logs to a dedicated server on my network. Subscription in collector initiated mode.

I encountered an error accessing event logs on one of the servers. Windows Server 2019 is installed on this server.

The following error is registered on the collector's server:

Code (0x80338126): WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet.

On the source server, I checked the firewall settings. The necessary ports are open.

User's image

I also checked that the test of the winrm command on the collector server does not pass:

C:\Windows\system32>winrm id -r:idc07
WSManFault
    Message = WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet.

Error number:  -2144108250 0x80338126
WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet.

The server is pinged from the collector server. And it has rdp access.

I don't understand what else could be the problem.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,237 questions
0 comments No comments
{count} votes

Accepted answer
  1. Karlie Weng 14,721 Reputation points Microsoft Vendor
    2023-10-25T07:28:27.8866667+00:00

    Hello

    You may consider following these steps to perform some basic checks: 

    1.Ensure that WinRM service status is set to "Running," and its startup type is "Automatic."

    2.Verify that WinRM is listening on the expected port. By default, it should listen on port 5985 for HTTP or 5986 for HTTPS.

    Thanks,

    Karlie

    0 comments No comments

0 additional answers

Sort by: Most helpful