Hey all,
I'm currently trying to implement Event collection in our environment but, I cannot get WEF working. The following are things I've done:
1. Configured winrm on the client and collector machines
2. Deployed a GPO that pointed the client machines to the collector for event forwarding
3. created a subscription on my WEF machine and selected:
1. Destination: Forwarded Events
2. Source Computer initiated
3. Computer groups: Domain Computers
4. Select Events: Critical, warning
4. Then selected OK and activated the subscription.
I currently have all my source computers checking in but, I'm still getting the same error (Event 102 / Code 5004). I've added the WEF to the domain group Event Reader and confirmed winRM connection.
What am I doing wrong?