• Support
  • Forums
  • Blogs
A New Community Experience is Coming! For more information, please see our announcement.

Windows Event Collector

eric.samuelsoneric.samuelson

New Life Form
edited August 2018 in AlienVault USM Anywhere > Plugins
Wondering if anyone else has run into a similar problem. We have event logs forwarding set up successfully on several Windows Servers. We have one Read Only Domain Controller that is not working correctly. The PS script fails so we do a manual install of the SSL cert.
The event log was first showing that the cert was not working correctly but now we get a connection error.

The forwarder is having a problem communicating with subscription manager at address HTTPS://XXX:5986/wsman/. ; Error code is 2150859046 and Error Message is <f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="2150859046" Machine="XXXl"><f:Message>WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. </f:Message></f:WSManFault>.

Support says that we need to allow traffic on port 5986 to the Windows box but when I test that port via telnet, it fails to connect to any of the Window Servers that work. I also disabled the Windows firewall and the connection still fails.
When I check the winrm listener on the servers, it shows port 5985 configured and telnet to that port works fine.

I think support is sending me down the wrong path so wanted to see if anyone else has run into this issue.

Thanks
Tagged:

Share post:

Sign In or Register to comment.