Hi,
Thanks for posting in Q&A platform.
Event forwarding depends on WSMan/WinRM (windows remote management service). For domain joined scenarios, this uses Kerberos as a default for authentication and encryption, which requires a service principal name (SPN). SPNs are meant to be unique. Therefore, no two domain joined computers should be permitted to register the same SPN for their computer accounts/identity, which makes load balancing with default setup unworkable. I'm afraid your goal cannot achieved by Windows Failover Clustering since the service provided by cluster was failover service such as when server 1 down, then server 2 will work continually.
Here is a similar thread for your reference:
Windows Event Collector Load Balancing to multiple Collectors
Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Best Regards,
Sunny
----------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.