Share via

Windows event Forwarding by using Source Initiated method

Anonymous
2024-05-28T12:29:51+00:00

Hello All, 

We are working on Windows event Forwarding by using Source Initiated method. Here, Windows server as Forwarder and Windows 10 as collector. Enabled Windows Remote management in both the systems. Both the systems are in the same domain. 

Created Subscription in Collector machine using Source Initiated. Added Forwarder Hostname in the subscription and selected security logs for testing purpose. 

Domain - DC46.com

Collector Hostname - DESKTOP-0W48R8S.DC46.com

While configuring the target subscription manager, gave the below value 

http://DESKTOP-0W48R8S.DC46.com:5985/wsman/SubscriptionManager/WEC,Refresh=10

Also added Network Service to the Event Log Readers group. But we are getting the below error - 

The WinRM client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned by a HTTP server that does not support the WS-Management protocol.

We have added Port - 5985 in the inbound rules as well in both the forwarder and collector so that there is no issue with Access. 

Could you please assist us here to resolve the EVENT ID 105 error. 

Thanks

Windows for business | Windows Server | Networking | Network connectivity and file sharing

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments
Accepted answer
  1. Anonymous
    2024-05-30T07:45:05+00:00

    Hi Muthu Mahadevan,

    Thanks for your reply. According to the screenshot you provided, is the host name of the http binding originally empty? If so, it means that there is no HTTP binding. Please create a new binding without a host name and with an IP address of "All Unassigned". In addition, if you add the server to the exception list to allow traffic (when the proxy is configured, it routes requests through the proxy server. If the incoming request is blocked on the proxy server, it may cause this problem.), you can use the following CMD command to check.

    netsh winhttp show proxy

    If there is a proxy, you can use the following CMD command to remove it.

    netsh winhttp reset proxy

    If the above methods still cannot solve the problem, it is recommended that you use a packet capture tool such as wireshark to find out the specific cause.

    Best regards

    Zunhui

    0 comments
Accepted answer
  1. Anonymous
    2024-05-28T15:25:43+00:00

    Hello,

    According to the error message you provided for this problem, there may be a missing or invalid HTTP binding on the default website in IIS. It is recommended that you try the following steps:

    1. Open IIS Manager
    2. Expand to the default website
    3. Right-click on "Default Site" and select "Edit Bindings..."
    4. If HTTP binding exists, clear the hostname value

    *If no binding exists for HTTP, create a new binding with no hostname and an IP address of "All Unassigned"

    1. Restart IIS

    Best regards

    Zunhui

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-05-29T09:53:11+00:00

    Hello Zunhui,

    Thank you for your response. In the Forwarder (Windows Server 2019), Since we did not have IIS Manager, We installed it. When clicked on "Default Site" and selected "Edit Bindings", HTTP binding existed. Please check the below image for reference.

    Ran gpupdate /force in the forwarder, but still getting EVENT ID 105 - The WinRM client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned by a HTTP server that does not support the WS-Management protocolKindly let me know what settings to change. It will be of great help to us.

    Thanks
    Muthu Mahadevan

    0 comments