Windows Event Forwarding on a Multihomed Windows Server

J

Jabba9999

Hi,

I'm having issues with Windows Event Forwarding to my Collector a Multihomed Windows Server 2016 sat behind an F5!

The desired setup is to foward events using an F5 which forwards https traffic to port 5986 to the second nic of my Event Collector (the DNS name of the 2nd nic is servername-fe1) and the clients point to https://F5NAME/wsman/SubscriptionManager/WEC, the clients connect ok to the subscription as I have a SAN cert bound to WinRM but no events get forwarded (I understand this to be Kerbros authentication working as it should).

When bypassing the F5 and forwarding events to the 1st NIC on the server WEF works, but due to security issues in the DC we can't apparentley do this :-(

MS have suggested using Cert Authentication and not Kerbros.

Has anyone setup Windows Event Forwarding before using a F5 to forward events or an alias?

Will forwarding events to the 2nd NIC on the server work?

I probably should have added more info but it would have read like a novel like War and Peace!

Cheers

Simon

Continue reading...
 
You must log in or register to reply here.

Similar threads

J
Systems not forwarding events, but getting subscription
Replies
0
Views
43
Jay9x
J
M
Windows event Forwarding by using Source Initiated method
Replies
0
Views
42
Muthu Mahadevan
M
S
Is the any way to push Windows Event Forwarder logs to my java application irrespective of the platform (linux,mac,windows)
Replies
0
Views
54
S Srinidhi
S
S
How to Enable Logging for Host File Edits and General File Edits on Windows Server
Replies
0
Views
60
Saurabh Sutone
S
B
Windows Server 2019 not recording failed logins (Event 4625)
Replies
0
Views
63
Burce Matute Gunes
B
Back
Top Bottom