Hello,
i've got 2 DCs in my domain (win server 2008 r2). i want to forward security logs to another domain machine.
so, on Forwarding computers (in this case DCs) i run "winrm quickconfig" command. then created gpo and attached to Domain Controllers and specified in "COMPUTER CONFIGURATION\POLICIES\ADMINISTRATIVE TEMPLATES\WINDOWS COMPONENTS\EVENT FORWARDING", i enabled "Configure the server address, refresh interval, and issuer certificate authority of target Subscription Manager policy" and inside this policy i specified in SubscribtionManager field "Server=http://wsus01.abc.com".
after that on Collector Computer i ran "winrm quickconfig" and "wecutil qc". after that i entered in Event viewer and created Subscription. gave a name. in Destination log specified Forwarded Events. in Source Compiuter initiated i chose Domain Computers. in Select Events i specified Event levels, Even log types.
after that green checkmark appeared on created subsciption but in Source computers there is "0". and nothing is forwarded.
can someone help me?
Costa Curta