locked
Event log subscription not pulling through event details RRS feed

  • Question

  • Hi all,

    I am having a problem creating an event subscription: both collector and source are 2008 R2. I have specified a Collector Initiated subscription and chosen the source computer from Select Computers. When I test I get the following error:

    A specified logon session does not exist. It may already have been terminated.

    I should mention that the source computer is in a child of the domain that the collector is in. However the account I am using has domain admin rights to the top level domain, which then has administrative rights to all boxes in the child by way of membership of the local Administrator group.

    I can ignore the error above and create the subscription. It dumps the events it collects into the Forwarded Events log as specified, however under the General tab I get a warning telling me that 'the description for the Event ID cannot be found', and that 'the component that raises this event is not installed on your local computer or is corrupted'. I do get an xml dump under the Details tab that gives the event description though.

    Any ideas?

    I can still create the subscription and it

    Friday, September 3, 2010 12:46 PM

Answers

  • Hi,

     

    Thanks for the post.

     

    In this case, please check the following points:

     

    1.       Did you configure a subscription to use the HTTP protocol? If not, please switch it for test.

    2.       Have you followed this article to configure computers in a domain to forward and collect events?

    http://technet.microsoft.com/en-us/library/cc748890.aspx

    3.       Please also configure Advanced Subscription Settings as follows:

    http://technet.microsoft.com/en-us/library/cc749167.aspx

     

    Hope this helps.

     

    Miles


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Miles Zhang Monday, September 13, 2010 1:27 AM
    Monday, September 6, 2010 4:44 AM

All replies

  • Hi,

     

    Thanks for the post.

     

    In this case, please check the following points:

     

    1.       Did you configure a subscription to use the HTTP protocol? If not, please switch it for test.

    2.       Have you followed this article to configure computers in a domain to forward and collect events?

    http://technet.microsoft.com/en-us/library/cc748890.aspx

    3.       Please also configure Advanced Subscription Settings as follows:

    http://technet.microsoft.com/en-us/library/cc749167.aspx

     

    Hope this helps.

     

    Miles


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Miles Zhang Monday, September 13, 2010 1:27 AM
    Monday, September 6, 2010 4:44 AM
  • Hi,

     

    I just want to check if the information provided was helpful. If there is any update on this issue, please feel free to let me know.

     

    We are looking forward to your reply.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, September 13, 2010 1:27 AM
  • Hi Miles, 
     
    I'm a newbie in AD and I have the same problem which another guy mentioned. The only difference is that my Windows server edition is 2016. 
    I have added the collecting computer and related account into the event log readers group, and this account is also in the administration group. I try to follow the linkages you posted, but it doesn't seem to work as I wish. Could you give another possible solution to solve it? 
     
    Much thanks and appreciation!

    Friday, July 31, 2020 8:46 AM