Hi there,
We are running Sentinel 7 and have configured a windows 2008 R2 64bit
server to run the Windows Event Collection service. Communications from
the WECS server to the Sentinel server are fine as seen in the swecs.log
file. I've configured the Group Policy per the documentation for a
domain environment so that the WECS service can run as
"Domain\Sentinel-proxy" user and the myriad of additional settings.
However, I'm still unable to retrieve events from member server and DC's
(auditing is enabled).

What is really interesting is that I can login to the WECS server as
Sentinel-proxy and successfully run evtget.exe (a tool provided with
sentinel of validate WMI connectivity). Really strange and there are no
errors in the swecs.log in debug mode or in the event logs in the target

Any thoughts?

kmaule's Profile: https://forums.netiq.com/member.php?userid=306
View this thread: https://forums.netiq.com/showthread.php?t=46137