Setting up WECS and using a test machine that is a member of our domain.
The event source settings have been configured individually instead of
via GPO for testing purposes.

In this scenario, the test device is the WECS server. Is that a problem?

WMI connector was added and the target testing device added as event
source in the ESM. Running .NET 4.5.1 Full on the target device.

The device shows up with no errors in the ESM. When running a test
connection, it connects, but no data is coming from the event source.
The test connection only displays the following:
"Windows Event Collection Service connected from <ip addr> and port
53850. Trying to connect to the event source."

Here is what is displayed in the swecs.log at the corresponding time:
2014-05-07 13:47:06,493|21|INFO|Registered query worker for
SM/1967F0B0-B80D-1031-9E27-7CEAE317C679@test_device.domain/Security
2014-05-07 13:47:06,493|21|INFO|Registered query worker for
SM/1967F0B0-B80D-1031-9E27-7CEAE317C679@test_device.domain/System
2014-05-07 13:47:06,493|21|INFO|Starting query worker for
SM/1967F0B0-B80D-1031-9E27-7CEAE317C679@test_device.domain/Security
2014-05-07 13:47:06,493|21|INFO|Starting query worker for
SM/1967F0B0-B80D-1031-9E27-7CEAE317C679@test_device.domain/System
2014-05-07 13:47:06,493|STP SmartThreadPool Thread #8|INFO|Opening
connection 1967F0B0-B80D-1031-9E27-7CEAE317C679 to
\\test_device.domain\root\cimv2 (encrypted: True)
2014-05-07 13:47:06,493|STP SmartThreadPool Thread #1|INFO|Opening
connection 1967F0B0-B80D-1031-9E27-7CEAE317C679 to
\\test_device.domain\root\cimv2 (encrypted: True)
2014-05-07 13:53:35,014|15|INFO|Removed query workers for
1967F0B0-B80D-1031-9E27-7CEAE317C679
2014-05-07 13:53:35,014|15|INFO|Disposing query worker for
SM/1967F0B0-B80D-1031-9E27-7CEAE317C679@test_device.domain/Security
2014-05-07 13:53:35,014|15|INFO|Removing connection scope
\\test_device.domain\root\cimv2
2014-05-07 13:53:35,014|15|INFO|Disposing query worker for
SM/1967F0B0-B80D-1031-9E27-7CEAE317C679@test_device.domain/System
2014-05-07 13:53:35,014|15|INFO|Removing connection scope
\\test_device.domain\root\cimv2

I typically kill the test connection after a few minutes hence the last
few lines of the log.

Other note: I am still running Security Manager in tandem until I can
get the WECS up and running and then we will retire SM. This test device
does have an SM agent on it. I thought that might be an issue, though I
haven't tested it.

Hopefully that provides enough information on the issue.


--
psmcgovern
------------------------------------------------------------------------
psmcgovern's Profile: https://forums.netiq.com/member.php?userid=5730
View this thread: https://forums.netiq.com/showthread.php?t=50777