Security Log Event Forwarding [Windows Servers]

Prev: Joing Domain
Next: Windows 2008 Enterprize with 20 giga RAM, IIS see's only 4 Giga.

From: Tim Chin on 29 Apr 2010 00:25

Has anyone had success forwarding events from the Security log? I was able
to get the Application & System logs working as expected using the machine
account, but nothing from the Security log will work. I'm trying to pull DS
Access Changes events from all Domain Controllers running Server 2008 R2 in
a single forest AD domain to a Server 2008 R2 member server. I've also
tried running the subscription as a Domain Admin for testing, but I receive
the same error:

Code (0x138C): <f:ProviderFault provider="Event Forwarding Plugin"
path="%systemroot%\system32\wevtfwd.dll"
xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault"><t:ProviderError
xmlns:t="http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog">Windows
Event Forward plugin can't read any event from the query since the query
returns no active channel. Please check channels in the query and make sure
they exist and you have access to them.</t:ProviderError></f:ProviderFault>

Any help is appreciated. Thank you.
Tim

From: Tim Chin on 1 May 2010 21:16

I was actually able to get this going by restarting the source computers.
Apparently, this step is necessary after adding NETWORK SERVICE to the
builtin Event Log Readers group.

Tim

"Tim Chin" <donotemail> wrote in message
news:eYuA5O15KHA.1924(a)TK2MSFTNGP06.phx.gbl...
> Has anyone had success forwarding events from the Security log? I was
> able to get the Application & System logs working as expected using the
> machine account, but nothing from the Security log will work. I'm trying
> to pull DS Access Changes events from all Domain Controllers running
> Server 2008 R2 in a single forest AD domain to a Server 2008 R2 member
> server. I've also tried running the subscription as a Domain Admin for
> testing, but I receive the same error:
>
> Code (0x138C): <f:ProviderFault provider="Event Forwarding Plugin"
> path="%systemroot%\system32\wevtfwd.dll"
> xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault"><t:ProviderError
> xmlns:t="http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog">Windows
> Event Forward plugin can't read any event from the query since the query
> returns no active channel. Please check channels in the query and make
> sure they exist and you have access to
> them.</t:ProviderError></f:ProviderFault>
>
> Any help is appreciated. Thank you.
> Tim

|
Pages: 1
Prev: Joing Domain
Next: Windows 2008 Enterprize with 20 giga RAM, IIS see's only 4 Giga.