Share via

WEF event error on source

Anonymous
2024-01-02T18:09:10+00:00

We have a 2019 WEF setup and a subscription setup. The source is connected. But it will not send any events. This is the log below.

I cannot find a soultion. Also it says to change the auth method, can't find on how to do that either.

Thanks any help would be greatly appreciated!

  • System

  - Provider

   [ Name]  Microsoft-Windows-Forwarding 
   [ Guid]  {699e309c-e782-4400-98c8-e21d162d7b7b} 

   EventID 105 

   Version 0 

   Level 2 

   Task 0 

   Opcode 0 

   Keywords 0x8000000000000000 

  - TimeCreated

   [ SystemTime]  2024-01-02T16:02:36.9502488Z 

   EventRecordID 52659 

  - Correlation

   [ ActivityID]  {2bf3bdaa-2d5e-0004-c2ca-f32b5e2dda01} 

  - Execution

   [ ProcessID]  12616 
   [ ThreadID]  13104 

   Channel Microsoft-Windows-Forwarding/Operational 

   Computer PC15342.*****.com 

  - Security

   [ UserID]  S-1-5-18 

  • EventData

  SubscriptionManagerAddress http://slciwec1.\*\*\*\*\*\*\*:5985/wsman/SubscriptionManager/WEC 
  ErrorCode 2150858909 
  ErrorMessage <f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="2150858909" Machine="PC15342.******.com"><f:Message>WinRM cannot process the request. The following error with errorcode 0x80090322 occurred while using Kerberos authentication: An unknown security error occurred. Possible causes are: -The user name or password specified are invalid. -Kerberos is used when no authentication method and no user name are specified. -Kerberos accepts domain user names, but not local user names. -The Service Principal Name (SPN) for the remote computer name and port does not exist. -The client and remote computers are in different domains and there is no trust between the two domains. After checking for the above issues, try the following: -Check the Event Viewer for events related to authentication. -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport. Note that computers in the TrustedHosts list might not be authenticated. -For more information about WinRM configuration, run the following command: winrm help config. </f:Message></f:WSManFault>

Windows Server Remote and virtual desktops Authentication with Azure Virtual Desktop

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-01-03T14:48:01+00:00

    Thanks for the reply.

    The weird thing is we setup a test server about a year ago and it just works. Now we can't get the production server to work.

    1. Check the Event Viewer for events related to authentication.

    Nothing I can see in the event log

    1. Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.

    Tried this still getting the same error

    1. Ensure that the Service Principal Name (SPN) for the remote computer name and port exists.

    Looked at this it seemed the same. Do you have commands for this?

    1. Ensure that the user name and password specified are valid.

    Not using user and pass as far as I can tell.. Never set one up for this.

    1. Ensure that the client and remote computers are in the same domain or there is a trust between the two domains.

    Yes on the same domain.

    0 comments
  2. Anonymous
    2024-01-08T07:03:00+00:00

    Hello  BDub69,

    Thank you for your reply.

    To check if the SPN exists, you can run the following command:

    setspn -l RemoteComputerName

    Replace "RemoteComputerName" with the name of the remote computer.

    If the SPN does not exist, you can create it by running the following command:

    setspn -s WSMAN/RemoteComputerName:Port RemoteComputerName

    Replace "RemoteComputerName" with the name of the remote computer and "Port" with the port number used for the subscription.

    Best Regards,

    Haijian Shan

    0 comments
  3. Anonymous
    2024-01-03T06:01:53+00:00

    Hello  BDub69,

    Thank you for posting in Microsoft Community forum.

    Based on the error message, it seems that there is an issue with the Kerberos authentication method. You can try the following steps to resolve the issue:

    1. Check the Event Viewer for events related to authentication.
    2. Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.
    3. Ensure that the Service Principal Name (SPN) for the remote computer name and port exists.
    4. Ensure that the user name and password specified are valid.
    5. Ensure that the client and remote computers are in the same domain or there is a trust between the two domains.

    To change the authentication method, you can run the following command:

    **winrm set winrm/config/client/auth @{Basic="true"}**

    This will enable Basic authentication. However, it is recommended to use HTTPS transport for security reasons.

    You can also add the destination computer to the WinRM TrustedHosts configuration setting by running the following command:

    **winrm set winrm/config/client @{TrustedHosts="RemoteComputerName"}**

    Replace "RemoteComputerName" with the name of the remote computer.

    I hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,

    Haijian Shan

    0 comments