|Applies To||RSA Product Set: Security Analytics, NetWitness Logs & Network|
RSA Product/Service Type: Log Collector (WinRM Collection)
RSA Version/Condition: 10.x, 11.x
O/S Version: EL6, EL7
|Issue||Error message "WinRM collection:Failed to refresh Kerberos TGT" is displayed in RSA Security Analytics / NetWitness Logs & Network.|
Event collection fails for a few event sources from the same Kerberos realm.
Error messages similar to the following are displayed:
An error message similar to the following is displayed:
Command-line 'curl' test returns successful results.
This issue is caused by incorrect Event Source credentials.
Once a subscription has been created, the Windows event source returns an "Enumeration Context" in each pull request. It must be returned to the event source in the next pull request.
In order to resolve the issue, follow the steps below.
|Legacy Article ID||a65022|