2016-11-14 01:22 PM
Hello!
I'm trying to add Windows 2008 R2 log source through basic authentication. I have done all settings and check it with the RSA script. I have created alias with "basic" autentication, login and password. I have added a host. And I have this error: 401/Unauthorized. Possible causes: - Invalid credentials.
I chacked credentials many times, and recreated alias as well.
I have these settings in "alias":
Alias: hostname
Auth method: Basic
User Name: rsauser
I tried to use Administrator account - all the same. On tcpdump I see answer from Windows server like "WWW-Authenticate: Negotiate Date: Mon, 14 Nov 2016, Connection: close". I don't understand how to interpret this.
This is fresh installation and I don't have any log sources on it.
2016-11-14 10:31 PM
check your winrm configuration. use basic. http, and allow unencrypted traffic.
2016-11-15 03:24 AM
Checked. All set as you said.
2016-11-16 11:08 AM
also has disable the kerberos?
try to put hostname of the server in /etc/hosts of the sa server and logdecoder.
2016-11-17 05:48 AM
Can you please share the output of the following command from an admin command shell on the Windows server?
winrm get winrm/config/service/auth
2016-11-22 07:06 AM
Hello!
Thank you for your help. It turned out, that I set basic auth for client, not for server. I thought that script would check it...
Now I have solved this problem.
2018-05-14 11:46 PM
Hello,
How to set basic auth for the server?