Get-eventlog not working remotely

This topic contains 1 reply, has 2 voices, and was last updated by  Don Jones 6 months, 3 weeks ago.

  • Author
  • #85046

    Deepinder Singh


    I am working on a script to pull specific eventID from Citrix broker servers running on Windows 2008R2 and 2012R2.
    I use a simple command to do this:
    get-eventlog -logname application -cn $server -after $date | ?{$_.eventid -eq "3013"} | select MachineName,EventID,TimeWritten,Message

    I run this remotely and it is working on most of the servers except few of the Windows Server 2012R2 OS servers. I get the following error:
    Cannot open log application on . Windows has not provided an error code

    The same command run flawlessly when run locally on that server.
    The user account has the exact same privileges on all the servers.
    Tried using get-winevent cmdlet — fails with similar error.
    Running get-service -computername also fails with an error, for not working servers.
    Remote-registry service is not working on all servers.
    Powershell remoting is not enabled in the environment, thus using Invoke-Command is not an option.

    What possible could be causing the issue? Is there an alternate way to read the event IDs off the remote server?

  • #85082

    Don Jones

    I'd guess the necessary RPC stuff either isn't working or has been oddly locked-down. It's definitely related to the Remote Registry Service.

You must be logged in to reply to this topic.