Windows Event Collector broken since at least 25099

Copper Contributor

In my lab I use a Windows Event Collector Server based in the insider version (now on 25151, upgrading atm to 25158).

 

Unfortunately it is very hard getting Windows Event Collector to work reliable. 

Subscriptions just stop working after a few day and they have to be recreated.

 

In the Runtime Status I see the following error: (no google results)

Last retry time: 15.07.2022 07:16:14. Code (0x138C): <f:ProviderFault provider="Unknown provider" path="Unknown path" xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault"><t:ProviderError xmlns:t="http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog">Windows Event Forward plugin can't read any event from the query since the query returns no active channel. Please check channels in the query and make sure they exist and you have access to them.</t:ProviderError></f:ProviderFault>

 

Can anybody enable Windows Event Collector, make a push subscription and collect some logs and see if they have the same probem?

A Windows Event Collector using Windows Server 2022 works fine.

 

Edit: additionally "wevtutil gl Security" shows the following error:

name: Security
enabled: true
type: Admin
Failed to get owningPublisher property.
The data is invalid.

0 Replies