question

Brian820-0515 avatar image
0 Votes"
Brian820-0515 asked Brian820-0515 answered

Event Forwarding in a Disjointed domain

I am attempting to set up a forwarding server. I have followed the guide in setting up both the collector and the forwarding client. I have set up the collector server and set up group policy to configure the target Subscription Manager as follows with the name changed to reflect generic information (Server=http://server.dns.generic.dom:5985/wsman/SubscriptionManager/WEC,Refresh=60), it also has the log access enabled as well. On the test client, I have checked the eventlog-forwardingPlugin and get the following error message>
The forwarder is having a problem communicating with subscription manager at address http://server.dns.generic.dom:5985/wsman/SubscriptionManager/WEC. Error code is 53 and Error Message is <f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="53" Machine="server2.domain.generic.dom"><f:Message>WinRM cannot process the request. The following error occurred while using Kerberos authentication: Cannot find the computer server.dns.generic.dom. Verify that the computer exists on the network and that the name provided is spelled correctly. </f:Message></f:WSManFault>.
I have a disjointed domain where the FQDN is different than the DNS resolution name. The SPN in AD have both the FQDN and the DNS name in it.
Can anyone provide me more guidance on how to get the event forwarding working (besides not having a disjointed domain which is not controlled by me). I have limited admin rights in this domain.

Thanks

windows-active-directorywindows-server-2016
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Brian820-0515 avatar image
0 Votes"
Brian820-0515 answered

I solved the issue by putting the FQDN in the server address. This alone does not fix the issue as DNS can not resolved the address. The fix is to place the server's address in a host file on the client computers.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.