We have this setup of two domain controllers in the domain, and we are collecting the logs from using event forwarding to a third server, both were working just fine, but for some reason logs is not received no more from one of the two DCs; a Windows 2008
R2 Datacenter box, after checking I find that winRM on it is broken,
nothing works winRM quickconfig, winrm invoke Restore winrm/Config,
I tried the solution mentioned in http://support.microsoft.com/kb/2269634 with no luck,
every switch for winRM results in the following error:
C:\Windows\system32>winrm invoke Restore winrm/Config
Message = WinRM cannot process the request. The following error occured whil
e using Negotiate authentication: An unknown security error occurred.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does n
-The client and remote computers are in different domains and there is no trus
t between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM T
rustedHosts configuration setting or use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: w
inrm help config.
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.