Windows Event Collector Source Based Subscription for non-domain computers shows active, not showing any Forwarded Events

R

Roger_That

I have configured a source-based subscription on a Windows 2016 Server for non-domain computers from another domain.

I have setup the local account and mapped it to authenticate the certificates.

I have configured 3 computers to Forward Logs to the WEC Server using HTTPS on Port 5986

The Subscription shows it is Active and shows 3 Source computers

I can run a PCAP on both the source workstations and the WEC server and see that they are communicating.

However, I am not seeing any logs in the "Forwarded Events" Log on the WEC Server

Continue reading...
 
You must log in or register to reply here.

Similar threads

V
How to preview: Azure Arc-connected Hotpatching for Windows Server 2025
Replies
0
Views
40
VishalBajaj
V
R
Windows Server 2025 Secured-core Server
Replies
0
Views
48
RoySasabe
R
H
Configuring Windows Event Forwarding with Non Domain Computers
Replies
0
Views
843
heatguy1986
H
S
WEC - Windows Event collector Subscription Exclude some events for same events but all
Replies
0
Views
353
Shonlea
S
S
How WEC - Windows Event collector Subscription Exclude some events for same events but all
Replies
0
Views
332
Shonlea
S
Back
Top Bottom