Off-late we are experiencing a strange issue, we are unable to pull logs from non-domain controllers. However with the same event source able to pull events from Domain controllers.
While investigating we found the below error message.
[windows:WrkUnit:3549] [doWork:165] [NawrasAd.10_x_x_x] [processing] [NawrasAd.10_x_x_x] Unable to subscribe for events with Windows event source 10.x.x.x: 401/Unauthorized.
- Event source (10.x.x.x) not a FQDN. DNS resolution failed or does not map to a Kerberos Realm.
Recently we upgraded SA to 10.3 after the suggestion from technical support, yet issue persists.
Thanks in advance.