question

BalaSmart-5063 avatar image
0 Votes"
BalaSmart-5063 asked jiayaozhu-MSFT commented

OpenEvtLog failed with error The requested operation is not supported on 2003 windows server

Hi,
We are fetching events from remote machine by using OpenEvtLog API on 2003 server. It's working without an issue, Unfortunately when i applied Windows Security update KB5003646. I am not able to fetch events from windows 2003 server.

 How to read event from remote machine(Windows 2003 server) by using OpenEvtLog.
 Note:
    OpenEvtLog API from 2012 R2 ==> The requested operation is not supported (1764)
    OpenEvtLog API from 2016/Win10 ==> The RPC server is unavailable (1722).
    
 Remaining windows version working when i applying June 2021 update.([Issue resolved][1]). Windows 2003 server only not working
    
 How can i fix this issue?

[1]: https://docs.microsoft.com/en-us/windows/release-health/resolved-issues-windows-8.1-and-windows-server-2012-r2#issue-details.








windows-server
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello,

I would like to check if you have made any progress on solving your issue and if the reply could be of help? If yes, please help accept answer, so that others meet a similar issue can find useful information quickly. If you have any other concerns or questions, please feel free to feedback.

Best Regards,
Joan

0 Votes 0 ·
MotoX80 avatar image
0 Votes"
MotoX80 answered

It looks like you found your answer On that web page it says:

Issue details
Apps might have issues accessing event logs on remote devices
Resolution: This is expected due to security hardening changes relating to Event Tracing for Windows (ETW) for CVE-2021-31958. This issue is resolved if the local and remote devices both have KB5003671 installed.

Server 2003 is no longer supported. Microsoft has not released any updates in years. They have on occasion released an update for critical vulnerabilities like WannaCry, but I would not expect to see a 2003 version of KB5003646.

https://msrc-blog.microsoft.com/2017/05/12/customer-guidance-for-wannacrypt-attacks/

You should migrate your applications off of WS2003 and on to a supported version of Win Server.

If that's not an option, then you could dump the eventlogs on the 2003 server and then use something like FTP to send the data to your eventlog processing server..



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

jiayaozhu-MSFT avatar image
0 Votes"
jiayaozhu-MSFT answered jiayaozhu-MSFT edited

Hi,

Thanks for posting on our forum!

I totally agree with the suggestions given by @MotoX80. Besides, I think uninstalling KB5003646 and use your previous version can be a quicker way to solve your issue, if KB5003646 is the root cause for your issue.

In addition, as @MotoX80 said, Server 2003 is no longer supported by Microsoft, so I think you can take this chance to upgrade your OS version, at lease up to server 2008 r2. You will need a two-step method:

How to Upgrade to Windows Server 2008 from Windows Server 2003
https://www.pluralsight.com/blog/tutorials/upgrading-to-server-2008-from-server-2003

Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

Server update from 2003 to 2019
https://techcommunity.microsoft.com/t5/microsoft-teams/server-upgrading-from-2003-to-2019/m-p/392787

Thanks for your understanding and support! : )

BR,
Joan


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.