We have this setup of two domain controllers in the domain, and we are collecting the logs from using event forwarding to a third server, both were working just fine, but for some reason logs is not received no more from one of the two DCs; a Windows 2008 R2 Datacenter box, after checking I find that winRM on it is broken,
nothing works winRM quickconfig, winrm invoke Restore winrm/Config,
I tried the solution mentioned in http://support.microsoft.com/kb/2269634 with no luck,
every switch for winRM results in the following error:
C:\Windows\system32>winrm invoke Restore winrm/Config
WSManFault
Message = WinRM cannot process the request. The following error occured whil
e using Negotiate authentication: An unknown security error occurred.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified
.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does n
ot exist.
-The client and remote computers are in different domains and there is no trus
t between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM T
rustedHosts configuration setting or use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: w
inrm help config.
Please advise,
Thanks a lot,