none
GPO - Event Forwarding - not showing in the client the values

    Question


  • GPO - Event Forwarding    

    OS: Windows 7 - Client
    DC: Windows 2012 R2 

    I create new GPO in DC , but I noticed the value of policies is not populating to workstation 

    Policy Name: Event_Forwarding_GPO  

    I Expand Computer Configuration > Policies > Administrative Templates > Windows Components > Event Forwarding. On the right hand side of the window right-click Configure target Subscription Manager and choose Edit.


    In Show: Add Event collector: Server=http://<eventcollector FQDN>:5985/wsman/SubscriptionManager/WEC,Refresh=10

    I'm expecting the value that I created in the client will be show in the workstation (after I reboot / gpupdate /force) 

    I log-in the client , I run the GPRESULT /R 

    I see the policies is applied -> Name: Event_Forwarding_GPO

    Unfortunately , I can't see the values in the client while validating the result 


    Please advise 


    Robert

    Monday, March 6, 2017 9:08 AM

Answers

  • Hi Robert,
    I would suggest you start troubleshooting from:
    1. Check the status of the Windows Remote Management (WinRM) service on the source computer and make sure that WinRM is running and set to start automatically.
    2. Make sure that the event collector can reach the source computer, you could check if the user account has the proper permission, and check if firewall is blocking…
    Here is an article regarding to troubleshoot Windows event forwarding and collection, you could follow it and check one by one:
    http://windowsitpro.com/security/q-what-are-some-simple-tips-testing-and-troubleshooting-windows-event-forwarding-and-collec
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, March 7, 2017 2:36 AM
    Moderator

All replies

  • Hi

    I created a GPO for  Event Forwarding (source initiated)

    I noticed the Windows 7 machine is NOT forwarding event , I thought it will take by the GPO everything 

    But the Windows 2012, Windows 2016 is working perfectly

    I don't why the Windows 7 is not forwarding the event , do missed something ?

    Please advise


    Robert

    Monday, March 6, 2017 9:34 AM
  • Hi Robert,
    I would suggest you start troubleshooting from:
    1. Check the status of the Windows Remote Management (WinRM) service on the source computer and make sure that WinRM is running and set to start automatically.
    2. Make sure that the event collector can reach the source computer, you could check if the user account has the proper permission, and check if firewall is blocking…
    Here is an article regarding to troubleshoot Windows event forwarding and collection, you could follow it and check one by one:
    http://windowsitpro.com/security/q-what-are-some-simple-tips-testing-and-troubleshooting-windows-event-forwarding-and-collec
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, March 7, 2017 2:36 AM
    Moderator