Windows Server - Vista Remote Event Log viewer

Asked By mlai

04-Nov-07 08:11 PM

Hi,
How can I view event logs on a remote machine running Vista?  I can view
remote events on machines running XP and 2003 but not Vista.....  The Vista
machine all have their remote registry service running already.  But when I
connect to a remote machine via event viewer, it always complain that rpc
server is not available......

Please help.

Marshall

Jabez Gan [MVP] replied...

04-Nov-07 08:44 PM

Try disabling the Firewall on Vista and see if this works. If it works ,
re-enable the firewall and work from there.

Alternatively, you can setup Event Forwarding on Vista.

--
Jabez Gan
Microsoft MVP: Windows Server - File Storage

mlai replied...

04-Nov-07 10:33 PM

Something strange is going on.  On my domain server (Server 2003), I can
access the event logs on Vista PCs.  But when I am at my station running
Vista, I cannot access the logs on other Vista PCs....  Doesn't sound quite
like a firewall issue as it should have blocked the 2003 server as well....

Kerry Brown replied...

05-Nov-07 01:13 AM

You need to make a registry change.

http://www.jimmah.com/vista/Administration/filtertoken.aspx



--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca

mlai replied...

05-Nov-07 03:39 AM

Thanks for the link.  Followed the link, added the DWORD to the registry and
rebooted.  Fired up Event view and tried to connect to a remote machine.
Same error of RPC Server unavailable.....

v-adamq replied...

05-Nov-07 06:41 AM

Dear Marshall,

Thank you for posting here.

From your problem description, my understanding is: When you attempt to
check the Event Log on the remote Windows Vista machine, the error message
saying "RPC is unavailable" appears. As I understand, the connection can be
established successfully from your DC. If I have misunderstood about your
concern, feel free to let me know.

Generally, this issue may occur:

a. The remote computer is un-available on the network.
b. The Remote Event Log Management firewall exception has been NOT set on
the remote computer.
c. Your user account has permission to access the remote computer.

Considering the current situation, please try to ensure the "Remote Event
Log Management firewall" exception is enabled on the remote Vista machine
by the steps below:

NOTE: You can check these settings via Remote Desktop session.

1. On the remote Windows Vista machine, click Start, type: firewall in the
Start Search bar.
2. Click Windows Firewall in the list.
3. Click Change settings.
4. In the ""Windows Firewall Settings" panel, please click "Exceptions" tab
and then ensure that "Remote Event Log Management firewall" is enabled in
the list.
5. Click OK to apply this setting.
6. After that, please go to the "Services.msc" and then restart the "Remote
Registry service".
7. On the local Vista machine, let's first use the following wevtutil
utility command-line to check if we are able to manage event logs on a
remote computer

wevtutil el /r:<remote_computer_name> /u:<user_name> /p:<password>

8. If it is successful, please try to test the issue again in the Event
View console.

Additional Reference
--------------------------------
Troubleshooting Event Viewer in Vista
http://technet2.microsoft.com/WindowsVista/en/library/2564192f-b638-47c8-ad3
1-9dbdf6f198f91033.mspx

Work with Event Logs on a Remote Computer
http://www.microsoft.com/technet/WindowsVista/library/ops/cfad9c47-96cc-46d8
-b432-2baf661a72bb.mspx

Have a nice day!

Best regards,

Adams Qu
MCSE, MCDBA, MCTS
Microsoft Online Support

Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
microsoft.public.windows.server.general,microsoft.public.windows.vista.netwo
rking_sharing,microsoft.public.windows.vista.performance_maintenance
microsoft.public.windows.vista.networking_sharing:16788
microsoft.public.windows.vista.performance_maintenance:14794
microsoft.public.windows.server.general:26015
and
already.

Kerry Brown replied...

05-Nov-07 09:26 AM

The change has to be done on the remote machine if the remote machine is
running Vista.

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca

mlai replied...

05-Nov-07 10:53 AM

I have done it on all my domain machines.....  And still did not work.

v-adamq replied...

06-Nov-07 03:54 AM

Dear Marshall,

Thank you for posting back.

1. Do you have checked the "Remote Event Log Management" and "Remote
Administration" options in the Firewall Exception list on the remote Vista
machine?

Please NOTE: Unlike the 2000/XP/2003, when we use the local Windows Vista
to connect to the Event Viewer (or other management tool) on remote Vista,
it will call the SMB2 Protocol, other than the SMB Protocol. So, even if we
are able to connect to the remote Vista machine on 2003 DC, we still
recommend checking above settings for the troubleshooting purposes.

2. Does the same error occur when we use the "wevtutil" utility?

If the issue still persists, please help us to capture a network capture
for the further research via the Network Monitor 3.1:

a. Download Network Monitor 3.1 from the following link:
http://www.microsoft.com/downloads/details.aspx?FamilyID=18b1d59d-f4d8-4213-
8d17-2f6dde7d7aac&DisplayLang=en

b. Install the Network Monitor on the local Vista client and remote Vista
machine.
c. Click Start->Programs-> Microsoft Network Monitor-> Network Monitor,
open Network Monitor on the client.
d. Select the network connection in use, and then click "Create a new
capture tab" button.
e. Click Start on the Capture menu in Network Monitor window on the both
Windows Vista client and remote Vista machine.
f. Now from the client, please check if the problem is reproduced.
g. After reproducing the problem, click Stop on the Capture menu, and click
File->Save As to save the captured files on both the local client and
remote machine.
h. Please send me the network traces files at v-adamqu@microsoft.com
i. Please also let me know the IP address for these machines.

Have a nice day!

Best regards,

Adams Qu
MCSE, MCDBA, MCTS
Microsoft Online Support

Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
microsoft.public.windows.server.general,microsoft.public.windows.vista.netwo
rking_sharing,microsoft.public.windows.vista.performance_maintenance
microsoft.public.windows.vista.networking_sharing:16804
microsoft.public.windows.vista.performance_maintenance:14810
microsoft.public.windows.server.general:26047
is
registry
can
Vista.....

Kerry Brown replied...

06-Nov-07 09:52 AM

Marshall had cross posted this to many newsgroups. It was solved in another
group. It was a firewall problem.

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca

v-adamq replied...

07-Nov-07 05:10 AM

Dear Kerry,

I am glad to hear that the problem has been fixed.

Have a nice day!

Best regards,

Adams Qu
MCSE, MCDBA, MCTS
Microsoft Online Support

Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.



--------------------
another

v-helen replied...

05-Nov-07 02:56 AM

Dear Marshall,

This issue can be reproduced on my side and when connecting to a Windows
Vista computer from another Windows Vista system, the following error
appears:
Event Viewer cannot connect to computer computer_name and the reported
error: "The RPC server is unavailable".

It is related to the default settings on the Windows Firewall and we can
take the following steps to eliminate this error:

1. Click Start and enter firewall.cpl in the Start Search. Press Enter.
2. In the left tasks pane, click Allow a program through Windows Firewall.
3. Under the Exceptions tab, ensure "Remote Administration" and "Remote
Event Log Management" are checked.
4. Click Apply and OK.

If you have any concerns on the above, please feel free to post back and I
am happy to answer any of your questions.

Regards,

Helen Li, MCSE 2003

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
{E4FCE0A9-75B4-4168-BFF9-16C22D8747EC}
microsoft.public.windows.server.general,microsoft.public.windows.vista.netwo
rking_sharing,microsoft.public.windows.vista.performance_maintenance
microsoft.public.windows.vista.networking_sharing:16774
microsoft.public.windows.vista.performance_maintenance:14786
microsoft.public.windows.server.general:26000
view
Vista
I

Robert L. \(MS-MVP\) replied...

05-Nov-07 01:05 PM

You may also need to add TCP port 135 to the firewall. This link may help.

Remote Management Issues
http://www.chicagotech.net/Windows/remotemgr.htm

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com

mlai replied...

05-Nov-07 10:19 PM

Thanks.  Anyway to do this via a group policy object?

mlai replied...

05-Nov-07 10:26 PM

Thanks!  but I did not specifically enable the TCP port 135 and it still
worked....

mlai replied...

05-Nov-07 10:48 PM

Never mind.  Done it thru group policy and everything is working fine.
Thankyou very much!

v-helen replied...

06-Nov-07 12:24 AM

Hello Marshall,

Thanks for your reply!

It is great to hear that the information I provided is useful for you.

Regards,

Helen Li, MCSE 2003

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
microsoft.public.windows.vista.networking_sharing:16851
Firewall.
and I
microsoft.public.windows.server.general,microsoft.public.windows.vista.netwo
can

Source Code Windows Server

Source Code Windows Server Here is an article about how the NT source code was leaked and apparently even will it be before Microsoft has new operating systems with new source code. Wikipedia mentions Windows 7 will use the Windows NT source code much to my dismay. How about the successor to Windows 7 will people finally get an operating system with new source code that will be co.uk / 1 / hi / technology / 3485545.stm http: / / en.wikipedia.org / wiki / Windows_7 Security Discussions Windows XP Embedded (1) SQL Server (1) Windows XP (1) Windows Server 2003 (1) Windows Server 2008 (1) Internet Explorer 7

SBS VPN setup? Windows Server

SBS VPN setup? Windows Server I haven't done this before, but will be installing SBS Windows 2003 R2 or 2008 whichever is best suitable for my client, and like to know how he can VPN into the server off site using the internet? My question(s) are, does VPN come with SBS 2003 R2 / 2008, and is it easy to setup and configure so that he can use it remotely? Please advise? Thanks- Dave- Windows Server SBS Discussions Small Business Server 2003 R2 (1) CumdndNz38KhfzbVnZ2dnUVZ (1) Windows Server 2003 (1

VPN connect error 691 help Windows Server

VPN connect error 691 help Windows Server SBS R2 ISA 2004 D-Link DIR 130 router (PPTP enabled) I used IECW to create my VPN. Every time I use the connect to SBS via VPN connector loaded on my laptop, I get a secure connection then it fails on error group. How do I get a valid logon authentication? Thx John Client log: * ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** * Operating System : Windows NT 6.0 Service Pack 1 Dialer Version : 7.2.6001.18000 Connection Name : Connect to Small Business Server All Users / Single User : Single User Start Date / Time : 10 / 2 / 2008, 17:23:46 Time, Log ID, Log Item Name, Other Info For Connection Type, 0 = dial-up, 1 = VPN, 2 = VPN over dial-up * ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** * [cmdial32] 17:23:46 03 Pre-Init Event CallingProcess = C

The list of servers for this workgroup is not currently availiable Windows Server

The list of servers for this workgroup is not currently availiable Windows Server I have been struggling w / this one and have found no answers on the Internet. Server 2003 (home office) Windows 2000 server (remote office). Not exactly sure when this problem started whether it begin before two (2 Vista machines were added to the network. Mixed environment of XP, W2K, and Vista pcs. I already had all pcs mapped to either server w / no error messages. . . . could

POSSIBLE HACK. . .PLEASE, PLEASE HELP! Windows Server

POSSIBLE HACK. . .PLEASE, PLEASE HELP! Windows Server Three days ago, I had RoadRunner (cable internet connection) hooked up. The tech turned off I do? Please help. I'm a nervous wreck right now! Thanks, Annie Security Discussions Windows XP (1) Windows Vista (1) BigBoxStoreUSA (1) Vista (1) BootItNG (1) SuperAntiSpyware (1) LiveOneCare (1) MultiAV (1) Windows version (e.g., WinXP SP3; Vista SP1)? What do you mean by "both firewalls"? You