I'm trying to add Windows 2008 R2 log source through basic authentication. I have done all settings and check it with the RSA script. I have created alias with "basic" autentication, login and password. I have added a host. And I have this error: 401/Unauthorized. Possible causes: - Invalid credentials.
I chacked credentials many times, and recreated alias as well.
I have these settings in "alias":
Auth method: Basic
User Name: rsauser
I tried to use Administrator account - all the same. On tcpdump I see answer from Windows server like "WWW-Authenticate: Negotiate Date: Mon, 14 Nov 2016, Connection: close". I don't understand how to interpret this.
This is fresh installation and I don't have any log sources on it.
- Community Thread
- Forum Thread
- RSA NetWitness
- RSA NetWitness Platform
- windows 2008
- winrm troubleshooting
Thank you for your help. It turned out, that I set basic auth for client, not for server. I thought that script would check it...
Now I have solved this problem.