Windows Event Collector Access denied for Security Group

Dante Nahuel 1 Reputation point
2021-09-15T13:52:20.503+00:00

Hi
We have an ongoing issue with WEF and WECs when new WEFs are added to the Security Group which is Source for the WEC.
WEFs are configured through GPO which targets the correct WEC for the Site, and then has a Security Group as Source in the Subscription.
The issue is that when we add a new Server to that Security Group, it gets the GPO applied but it can't connect to the WEC.
Error code is 5 and message is Access Denied.
The weird thing is that if we wait for a random extended period of time, the WEC starts accepting the WEF and the issue solves itself, without any modifications from our side.
Another weird thing is that if we add that new Server directly as a Source in the WEC subscription instead of through the Security Group, it starts working immediately.
We already tried rebooting the WEC, removing and re adding the Security Group as Source, doing a Kerberos purge.
The only thing we haven't tried because we can't is rebooting the new added WEFs, which would be very impractical if we need to add a lot of servers at the same time, many of them being in Production.
I'm out of ideas on why this is happening.

Windows for IoT
Windows for IoT
A family of Microsoft operating systems designed for use in Internet of Things (IoT) devices.
383 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,454 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 39,471 Reputation points
    2021-09-16T09:49:22.36+00:00

    Hello Dante N,

    Thank you for your question.

    Microsoft identified this issue some time ago and released an article describing the issue and how to resolve it, I recommend that you see the article below:

    https://support.microsoft.com/en-us/topic/fix-access-is-denied-error-occurs-on-some-source-initiated-subscription-workgroup-computers-in-windows-7-or- windows-server-2008-r2-6dd0a942-86cd-e880-5a7a-58ee1f286795

    If the answer was helpful, please don't forget to vote up or accept as an answer, thanks.

    0 comments No comments