AnsweredAssumed Answered

Unable to collect events from non-domain controllers

Question asked by RSA Admin Employee on Mar 26, 2014
Latest reply on Dec 28, 2016 by Atul Chavan

Off-late we are experiencing a strange issue, we are unable to pull logs from non-domain controllers. However with the same event source able to pull events from Domain controllers.

 

While investigating we found the below error message.

 

[windows:WrkUnit[1]:3549] [doWork:165] [NawrasAd.10_x_x_x] [processing] [NawrasAd.10_x_x_x] Unable to subscribe for events with Windows event source 10.x.x.x: 401/Unauthorized.

Possible causes:

- Event source (10.x.x.x) not a FQDN. DNS resolution failed or does not map to a Kerberos Realm.

 

 

Recently we upgraded SA to 10.3 after the suggestion from technical support, yet issue persists.

 

Thanks in advance.

Outcomes