NetWitness Community

DariaMuravyova · ‎2016-11-14

Hello!

I'm trying to add Windows 2008 R2 log source through basic authentication. I have done all settings and check it with the RSA script. I have created alias with "basic" autentication, login and password. I have added a host. And I have this error: 401/Unauthorized. Possible causes: - Invalid credentials.

I chacked credentials many times, and recreated alias as well.

I have these settings in "alias":

Alias: hostname

Auth method: Basic

User Name: rsauser

I tried to use Administrator account - all the same. On tcpdump I see answer from Windows server like "WWW-Authenticate: Negotiate Date: Mon, 14 Nov 2016, Connection: close". I don't understand how to interpret this.

This is fresh installation and I don't have any log sources on it.

Anonymous · ‎2016-11-14

check your winrm configuration. use basic. http, and allow unencrypted traffic.

DariaMuravyova · ‎2016-11-15

Checked. All set as you said.

Anonymous · ‎2016-11-16

also has disable the kerberos?

try to put hostname of the server in /etc/hosts of the sa server and logdecoder.

AndreasFunk · ‎2016-11-17

Can you please share the output of the following command from an admin command shell on the Windows server?

winrm get winrm/config/service/auth

DariaMuravyova · ‎2016-11-22

Hello!

Thank you for your help. It turned out, that I set basic auth for client, not for server. I thought that script would check it...

Now I have solved this problem.

kunalkishore · ‎2018-05-14

Hello,

How to set basic auth for the server?

NetWitness Community

Windows Integration