Discussion:
Security Log Event Forwarding
(too old to reply)
Tim Chin
2010-04-29 04:25:13 UTC
Permalink
Has anyone had success forwarding events from the Security log? I was able
to get the Application & System logs working as expected using the machine
account, but nothing from the Security log will work. I'm trying to pull DS
Access Changes events from all Domain Controllers running Server 2008 R2 in
a single forest AD domain to a Server 2008 R2 member server. I've also
tried running the subscription as a Domain Admin for testing, but I receive
the same error:

Code (0x138C): <f:ProviderFault provider="Event Forwarding Plugin"
path="%systemroot%\system32\wevtfwd.dll"
xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault"><t:ProviderError
xmlns:t="http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog">Windows
Event Forward plugin can't read any event from the query since the query
returns no active channel. Please check channels in the query and make sure
they exist and you have access to them.</t:ProviderError></f:ProviderFault>

Any help is appreciated. Thank you.
Tim
Tim Chin
2010-05-02 01:16:06 UTC
Permalink
I was actually able to get this going by restarting the source computers.
Apparently, this step is necessary after adding NETWORK SERVICE to the
builtin Event Log Readers group.

Tim
Post by Tim Chin
Has anyone had success forwarding events from the Security log? I was
able to get the Application & System logs working as expected using the
machine account, but nothing from the Security log will work. I'm trying
to pull DS Access Changes events from all Domain Controllers running
Server 2008 R2 in a single forest AD domain to a Server 2008 R2 member
server. I've also tried running the subscription as a Domain Admin for
Code (0x138C): <f:ProviderFault provider="Event Forwarding Plugin"
path="%systemroot%\system32\wevtfwd.dll"
xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault"><t:ProviderError
xmlns:t="http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog">Windows
Event Forward plugin can't read any event from the query since the query
returns no active channel. Please check channels in the query and make
sure they exist and you have access to
them.</t:ProviderError></f:ProviderFault>
Any help is appreciated. Thank you.
Tim
Vitaly K
2011-01-17 14:58:15 UTC
Permalink
Sorry, but tt does not help
Post by Tim Chin
I was actually able to get this going by restarting the source computers.
Apparently, this step is necessary after adding NETWORK SERVICE to the
builtin Event Log Readers group.
Tim
Post by Tim Chin
Has anyone had success forwarding events from the Security log? I was
able to get the Application & System logs working as expected using the
machine account, but nothing from the Security log will work. I'm trying
to pull DS Access Changes events from all Domain Controllers running
Server 2008 R2 in a single forest AD domain to a Server 2008 R2 member
server. I've also tried running the subscription as a Domain Admin for
Code (0x138C): <f:ProviderFault provider="Event Forwarding Plugin"
path="%systemroot%\system32\wevtfwd.dll"
xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault"><t:ProviderError
xmlns:t="http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog">Windows
Post by Tim Chin
Post by Tim Chin
Event Forward plugin can't read any event from the query since the query
returns no active channel. Please check channels in the query and make
sure they exist and you have access to
them.</t:ProviderError></f:ProviderFault>
Any help is appreciated. Thank you.
Tim
--
______________________________________
Posted from http://outlook-center.com
Outlook forums, articles, tips.
Loading...