J
JohnMcClure2
I am attempting to setup source initiated event forwarding using two Windows 10 Enterprise Version 1809 computers. I completed the following steps, and continue to receive the message below.
Collector Machine
Open command line and run winrm quickconfig type y [Yes] for two questions and wecutil qc type y [Yes] for question
Configure event subscription making sure to select Source computer initiated under subscription type
Source Machine
Open command line as admin and run winrm quickconfig type y [Yes] for two questions
Edit Local group policy
Computer Config>Admin Temp>Windows Comp>Event Forwarding>Config target add Server=FQDN
"Server=http://FQDN:5985/wsman/SubscriptionManager/WEC,Refresh=10"
Every time I retry the policy I receive the following in the collecting computers systems event log.
The WinRM service is not listening for HTTP requests because there was a failure binding to the URL (http://+:5985/wsman/SubscriptionManager/WEC) in HTTP.SYS.
No remote requests will be serviced on that URL.
User Action
Please use "netsh http" to check if ACL for URL (http://+:5985/wsman/SubscriptionManager/WEC) is set to Network Service.
Additional Data
The error code received from HTTP.sys is 5: %%5
When I ran “netsh http show urlacl” on the collector, the results include
URL Reservations:
-----------------
Reserved URL : https://+:5986/wsman/
User: NT SERVICE\WinRM
Listen: Yes
Delegate: No
SDDL: D
A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)
Reserved URL : http://+:47001/wsman/
User: NT SERVICE\WinRM
Listen: Yes
Delegate: No
SDDL: DA;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)
Reserved URL : http://+:5985/wsman/
User: NT SERVICE\WinRM
Listen: Yes
Delegate: No
SDDL: DA;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)
Continue reading...
Collector Machine
Open command line and run winrm quickconfig type y [Yes] for two questions and wecutil qc type y [Yes] for question
Configure event subscription making sure to select Source computer initiated under subscription type
Source Machine
Open command line as admin and run winrm quickconfig type y [Yes] for two questions
Edit Local group policy
Computer Config>Admin Temp>Windows Comp>Event Forwarding>Config target add Server=FQDN
"Server=http://FQDN:5985/wsman/SubscriptionManager/WEC,Refresh=10"
Every time I retry the policy I receive the following in the collecting computers systems event log.
The WinRM service is not listening for HTTP requests because there was a failure binding to the URL (http://+:5985/wsman/SubscriptionManager/WEC) in HTTP.SYS.
No remote requests will be serviced on that URL.
User Action
Please use "netsh http" to check if ACL for URL (http://+:5985/wsman/SubscriptionManager/WEC) is set to Network Service.
Additional Data
The error code received from HTTP.sys is 5: %%5
When I ran “netsh http show urlacl” on the collector, the results include
URL Reservations:
-----------------
Reserved URL : https://+:5986/wsman/
User: NT SERVICE\WinRM
Listen: Yes
Delegate: No
SDDL: D
A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)Reserved URL : http://+:47001/wsman/
User: NT SERVICE\WinRM
Listen: Yes
Delegate: No
SDDL: D
A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)Reserved URL : http://+:5985/wsman/
User: NT SERVICE\WinRM
Listen: Yes
Delegate: No
SDDL: D
A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)Continue reading...