Die Core Leute

Warning: This blog is not maintained any more (no update of content or links – as well as information are might deprecated / not valid any more).

Configuring Event Forwarding Source Computer initiated Subscription

Hello Guys,

Bellow a blog article contributed by Carmina Dumitrescu, Support Engineer, Microsoft Windows Platforms Core Support Team Germany:

Let’s say you have a 2012R2 Domain Controller and a 2012R2 Event Collector Server – on which you would like to receive Events from all other devices in your organization, by using a Source Computer initiated Subscription.

Here are my guidelines, hope they will help you:

1.     Reconfigure WinRM on all systems: Admin CMD „winrm invoke Restore winrm/Config @{}“

2.      On the Event Collector Server: Admin CMD „winrm qc“

3.      Please check if the Event Collector Server is being recognized from the DC and Subscription Systems: „winrs –r:<Servername.domain.com> ipconfig“. Should look as below:

4.      Create the subscription on the Event Collector Server.

       Add your Domain Computers.

      Choose desired events.

      Under Advanced Settings select: Normal and HTTP

5.      Create a new GPO on the DC.

6.      Configure the new created „Event Forwarding“ GPO

7.      Enable the Configure Target Subscription Manager. You have to add the Event collector. Therefore:

        Show: Add Event collector: Server=http://<eventcollector FQDN>:5985/wsman/SubscriptionManager/WEC,Refresh=10

8.      Gpupdate

9.      Forwarded Events should now be visible on the Event Collector Server.

Happy Troubleshooting.