Event log forwarding in a Workgroup RRS feed

  • Question

  • I have posted this before but I havent had a response from Microsoft

    I have come up against a few issues trying to set up an event log forwarder in a work group environment using Windows 7 as the Collector server, and then the source machines are windows XP SP2.

    From the documentation I can find this is compatible. I have had success with this configuration in a domain environment, but as soon as I try to configure this for a domain environment I have the below issues.

    • The Workgroup environment doesn’t have any DHCP servers (all machines hard addressed), which automatically puts the network mode to public in windows 7 and there is no way I can see or to change this. This then stops me running “winrm qc” as it can’t be run in a public network.
    • I can’t use https as this requires a certificate
    • XP doesn’t have the buitin Event Log Readers Group

    Machine configuration’s

    • Windows 7 machine is in a workgroup, but with access to a DHCP server so the network type can be changed to private.
    • Run wecutil qc
    • Add account to the Event Log Readers group.
    • Run Winrm qc
    • Run winrm set winrm/config/client @{TrustedHosts=<sources>”} to add the source the machines.
    • XP machines, run winrm qc
    • On both machines run winrm e winrm/config/listeners to check the listeners are listing on the IP address and are using the correct ports
    • On both machines run winrm id ad check that works
    • On both machines run winrm id /r:<Machinesname> to make sure they can see each other.
    • Create a subscription on the collector PC. The subscription comes up with a Green tick and is active. But the source machines never get populated.
    • I have turned off the windows firewall.

    I would like to know if anyone has configured event forwarding in a workgroup environment and if they have then I would be very interested to find out how they have configured it.

    Tuesday, April 9, 2013 2:42 PM

All replies