|Applies To||RSA Security Analytics|
RSA Security Analytics Log Collector
|Issue||WinRM Event Source does not map to a Kerberos Realm in RSA Security Analytics.|
WinRM collection might not work with the following errors on Log Collector logs:
To Resolve the issue, follow the steps below.
1. In the Log Collector, open the /et/krb5.conf.
2. Add rdns=false under [libdefaults].
3. Save the file.
4. In the Security Analytics user interface configure the Event Source using the FQDN, not the IP address.
5. Restart the Wiindows collection from the Security Analytics user interface
|Notes||If rdns is set to false, it prevents the use of reverse DNS resolution when translating hostnames into service principal names. The default is set to true. Setting this flag to false is more secure, but forces users to exclusively use fully qualified domain names when authenticating to services.|
|Legacy Article ID||a65532|