000032317 - Windows event source integration fails with error "Test connection failed:Error! 500/Unexpected transport error" in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Sep 6, 2019
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000032317
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Log Collector
RSA Version/Condition: 10.6.x, 11.x
IssueWhile integrating the Windows Event Source, The Test connection in ADMIN/Administration -> Services -> Log Collector -> View -> Config -> Event Sources -> Windows/Config page fails with the error below.

Test connection failed:Error! 500/Unexpected transport error
Possible causes:
- Unexpected HTTP error code (500)

User-added image
CauseThis integration process fails due to disabled local windows firewall in Windows server.
ResolutionFollow the steps below to resolve the error.
  1. RDP to the Windows Event source and verify the local Windows Firewall is started.
  2. Open Command prompt as Administrator and type the commands below in sequence.

    winrm set winrm/config/service @{AllowUnencrypted="true"}
    winrm e winrm/config/listener
    winrm quickconfig
    winrm set winrm/config/client @{AllowUnencrypted="true"}
    winrm set winrm/config/service @{AllowUnencrypted="true"}

  3. Stop the Local Windows Firewall in Windows Server.
  4. Login to the Security Analytics UI and Navigate to ADMIN/Administration -> Services -> Log Collector -> View -> Config -> Event Sources -> Windows/Config page to test the connection for Event Source.
    User-added image

The result will appear as shown below.
User-added image