Author Posts

November 28, 2017 at 11:33 am

Hi,

I am working on a script to pull specific eventID from Citrix broker servers running on Windows 2008R2 and 2012R2.
I use a simple command to do this:
get-eventlog -logname application -cn $server -after $date | ?{$_.eventid -eq "3013"} | select MachineName,EventID,TimeWritten,Message

I run this remotely and it is working on most of the servers except few of the Windows Server 2012R2 OS servers. I get the following error:
Cannot open log application on . Windows has not provided an error code

The same command run flawlessly when run locally on that server.
The user account has the exact same privileges on all the servers.
Tried using get-winevent cmdlet — fails with similar error.
Running get-service -computername also fails with an error, for not working servers.
Remote-registry service is not working on all servers.
Powershell remoting is not enabled in the environment, thus using Invoke-Command is not an option.

What possible could be causing the issue? Is there an alternate way to read the event IDs off the remote server?

November 28, 2017 at 6:15 pm

I'd guess the necessary RPC stuff either isn't working or has been oddly locked-down. It's definitely related to the Remote Registry Service.