Article Number
000032317
Applies To
RSA Product Set: Security Analytics
RSA Product/Service Type: Log Collector
RSA Version/Condition: 10.6.x, 11.x
RSA Product/Service Type: Log Collector
RSA Version/Condition: 10.6.x, 11.x
Issue
While integrating the Windows Event Source, The Test connection in ADMIN/Administration -> Services -> Log Collector -> View -> Config -> Event Sources -> Windows/Config page fails with the error below.
Image description
Test connection failed:Error! 500/Unexpected transport error Possible causes: - Unexpected HTTP error code (500)
Image descriptionCause
This integration process fails due to disabled local windows firewall in Windows server.
Resolution
Follow the steps below to resolve the error.
The result will appear as shown below.
Image description
- RDP to the Windows Event source and verify the local Windows Firewall is started.
- Open Command prompt as Administrator and type the commands below in sequence.
winrm set winrm/config/service @{AllowUnencrypted="true"} winrm e winrm/config/listener winrm quickconfig winrm set winrm/config/client @{AllowUnencrypted="true"} winrm set winrm/config/service @{AllowUnencrypted="true"} - Stop the Local Windows Firewall in Windows Server.
- Login to the Security Analytics UI and Navigate to ADMIN/Administration -> Services -> Log Collector -> View -> Config -> Event Sources -> Windows/Config page to test the connection for Event Source.
Image description
The result will appear as shown below.
Image descriptionIn this article
