Server 2012 Event log forwarding - windows

I am having issues getting the Event logs to forward to my collector server. I have followed various articles on how to set this up and, enabled winrm on the source and wecutil on the collector. I ensured the collector was in the Event Log Readers Group, and the windows firewall rules were enabled, however the firewall is not enabled. I have set up the subscription properly with collector initiated and machine account for the user account, however No events show up in the "Forwarded Events" log, and the runtime status fails with the following error:
Error - Last retry time: 10/12/2016 8:55:12 AM. Code (0x80338095): The connectivity test from the push subscription source to the client failed. This can happen if the client machine initiating the push subscription is unreachable from the server machine where the event source is located. Possible reasons include firewall or some other network boundary. Modify subscription to use Pull based subscription. Next retry time: 10/12/2016 9:00:12 AM.
I haven't found much on the web to troubleshoot this. Are there any steps I can take to determine the issue, or am I missing something simple? One technet article talked about a hotfix for 2008 servers, mine are all 2012. Could it be GPO related?

Used the following article to troubleshoot various parts of the process.
http://tutorial.programming4.us/windows_7/forwarding-events-(part-2)---how-to-troubleshoot-event-forwarding---how-to-configure-event-forwarding-in-workgroup-environments.aspx
Ended up deleting the subscription and re-creating it and the events started to forward.

I just changed the Event Delivery Optimization back to Normal, then ran the command wecutil gr <Subscription name> and it looked like it worked.

Related

Bitstream PageFlex Storefront Server Crash

this question is about PageFlex StoreFront server crash and recovery. We were able to recover the OS Drive and all Storage. We moved it via clonning to a new box.
The License Administrator displays the Host Server and License as OK -- no errors. The software runs as it always has except we have this error in event viewer regarding the PFLicenseServer Service:
PFLicenseServer
Computer: WEBSERVER
Description: Licensing failure: Not enough licenses for Pageflex Server Job machine 'WEBSERVER'.
And yet the License Administrator displays OK!
On reboot a Service startup problem alert popsup. Any ideas how I can resolve this? I've scoured the registry and the path to the Service is correct. So I'm at a brick wall.
A few things you can check:
Server Admin
- Is the host that failed still in the list of hosts?
- Does the failed host still have engines it can run? Try setting Minimum Idle Engines and Maximum Concurrent Jobs to 0.
- Host logs
Licensing Administrator:
How many CPUs are in use?
More information on what version of Pageflex you are running would be helpful. Also is this a server license or are you running storefront? If Storefront, does this come up successfully?

Retrieving status of IIS in real time

I want to build a service that will keep polling and will let me know if IIS service on a machine has been reset, and instantly send the status to a client (client could be anything).
I want this to work in a scenario where the target IIS is going to be reset by a lot of people remotely in a network. I came across the command iisreset /status which gives me the following output:
Status for Windows Process Activation Service ( WAS ) : Running
Status for World Wide Web Publishing Service ( W3SVC ) : Stopped
But somehow this approach seems inefficient to me, considering that IIS might get reset very fast and the polling might happen just after IIS resets and no status would get sent to the client.
As an alternative, I am trying to see if there is a log that is maintained for all these activities performed on IIS? Can someone suggest any other way to achieve this?
The IIS WMI Provider springs to mind:
http://msdn.microsoft.com/en-us/library/aa347459(v=vs.90).aspx
The Windows Management Instrumentation is a very powerful native tool.
iis.net has pratical examples for the WMI providers, including solutions for your problem.

all publish requests are stuck on "Ready to transport" status

I am new to tridion and trying to setup a new instance of tridion 2011. I was able to successfully publish all my requests to file system and broker db. Suddenly it stopped publishing and all requests are stuck in "Ready to transport" mode.
I have already gone through many related threads on this forum, but could not sort out the problem. I am using Widows server 2008, with Jre 1.6 (32 bit and 64 bit both installed). Any pointer to finding the issue will be appreciated.
First thing to check is if your transport service is running.
Second thing I would look at is the config files to make sure the transport service is looking in the same directory that the publisher is storing them. Then see if files are being dropped in the transactions folder on the CM machine.
In our environment this issue arose due to a change in the SSL ciphers supported on our Content Deployer server. We are using the SSHFTP transport protocol and for security reasons the RC-4 cipher suite that had been supported by the CD server was no longer supported. We logged a case with SDL support and they issued Hotfix CD_2011.1.2.2350 which adds support for the stronger ciphers.
Unfortunately, the logs gave absolutely no indication of the issue, even with TRACE level logging.
So if you face this issue and you're using SSHFTP and the other solutions don't work for you, maybe this will help.

Test Controller exception: No such host is known

I'm getting following errors on the test controller machine, when I'm trying to run CodedUI Tests remotely:
(QTController.exe, PID 3032, Thread 12)
ControllerDeployment.DoDeployment: System.Net.Sockets.SocketException
(0x80004005): No such host is known
During controller and agent configuration no errors came up. And when I go to Manage test controller dialog in Visual Studio I can see all the agents active. But when I try to execute any CodedUI test remotely it's hanging forever.
Not sure if it's connected with the fact that I've upgraded client/controller/agents to 2012 versions recently, but I've started seeing the problem only after this upgrade.
From Microsoft KB 2643086:
This issue occurs because the test agent computer sends its Network
Basic Input/Output System (NetBIOS) name instead of sending its Fully
Qualified Domain Name (FQDN) name to the test controller computer.
When the DNS server of the test controller computer does not have the
IP address mapping of the NetBIOS name of the test agent computer, the
issue that is described in the "Symptoms" section occurs.
You should ensure you are using fully qualified domain names (FQDN).
There is also a hotfix is available from Microsoft. However, you have to contact Microsoft Customer Support Services to obtain the hotfix.
I had similar problem, still not completely resolved but a workaround is to install Visual Studio on controller box and keeping result DB on same box.
Mostly the issue is restriction / firewall on VPN which might be blocking incoming traffic on TCP ports of machine / laptop.

Issues remoting to perfmon

Hey all,
I'm having trouble with PerfMon on one system out of fifteen in a development environment. Accessing it from the local machine is fine but connecting to it remotely throws a "Cannot connect" error.
Each machine is running Win 2003, is connected to the same domain and I have admin rights to all.
There were some services set to disabled which are normally enabled by default so I've set these to match the other machines on the network - still have the same problem.
Any ideas?
Cheers
**Update**
Ok - I found it was the remote registry service not running correctly causing the above error; Once that was enabled Perfmon is now telling me "No such interface supported".
If I connect through Computer Management, it fails the first time, but the second attempt is successful. Connecting through perfmon fails everytime.
Fixed - for anyone that runs into this issue, hopefully this can help you..
Enabling Remote Registry fixed my first problem.
The second issue, "No such interface supported" turned out to be permissions issues within the registry. Apparently the machine had some pretty obscure permissions set to specific registry keys a long time ago, which are now irrelevant.
Resetting permissions with secedit fixed it up -
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose
Perfmon counters are now accessible remotely.
We encountered the second issue - "No such interface supported" when attempting to "Connect to another computer" in Performance monitor.
All the rules and services are running.
We found the following:
If the user was added to the local admin group, they were able to connect to another computer (irrespective of belonging to the Performance Monitor group).
If the user was not a local admin and in the performance monitor group - we were unable to connect to another computer via the "Connect to another computer" context menu.
But we were able to add the performance counters. In Performance monitor when you add a counter there is an option to "Select counters from computer". We were able to connect to the counters on the remote machine this way. Also note that if you are planning on data collecting, you would need to set the correct credentials (by default it appears to run under a local system user).
I fixed my case as follows:
Add Firewall rule Performance Logs and Alerts from the predefined rule list.
From client, run the Performance Monitor as the remote user
Eg: runas /user:remote_machine\username "mmc perfmon.msc"
Of course, the user must be at least in the user groups "Performance Log users" or "Performance Monitor Users".
The reason why perfmon.exe do not want to connect to the remote server is, it wants to connect to the Perf Monitor and the Perf Logs (Data collections).
So you have to add the user account to also the Log User group and of course to the Monitor Users.
you don't need to be local admin on the remote server!

Resources