Guest mlai Posted November 5, 2007 Posted November 5, 2007 Hi, How can I view event logs on a remote machine running Vista? I can view remote events on machines running XP and 2003 but not Vista..... The Vista machine all have their remote registry service running already. But when I connect to a remote machine via event viewer, it always complain that rpc server is not available...... Please help. Marshall
Guest Jabez Gan [MVP] Posted November 5, 2007 Posted November 5, 2007 Re: Vista Remote Event Log viewer Try disabling the Firewall on Vista and see if this works. If it works , re-enable the firewall and work from there. Alternatively, you can setup Event Forwarding on Vista. -- Jabez Gan Microsoft MVP: Windows Server - File Storage "mlai" <mlai@community.nospam> wrote in message news:796FBBA1-C9E7-48E4-9B75-F8C661593AD7@microsoft.com... > Hi, > How can I view event logs on a remote machine running Vista? I can > view remote events on machines running XP and 2003 but not Vista..... The > Vista machine all have their remote registry service running already. But > when I connect to a remote machine via event viewer, it always complain > that rpc server is not available...... > > Please help. > > Marshall
Guest mlai Posted November 5, 2007 Posted November 5, 2007 Re: Vista Remote Event Log viewer Something strange is going on. On my domain server (Server 2003), I can access the event logs on Vista PCs. But when I am at my station running Vista, I cannot access the logs on other Vista PCs.... Doesn't sound quite like a firewall issue as it should have blocked the 2003 server as well.... "Jabez Gan [MVP]" <mingteikg@blizNOSPAMhosting.com> wrote in message news:D867D26A-CF73-4E21-876E-A1CEFBFDE198@microsoft.com... > Try disabling the Firewall on Vista and see if this works. If it works , > re-enable the firewall and work from there. > > Alternatively, you can setup Event Forwarding on Vista. > > -- > Jabez Gan > Microsoft MVP: Windows Server - File Storage > "mlai" <mlai@community.nospam> wrote in message > news:796FBBA1-C9E7-48E4-9B75-F8C661593AD7@microsoft.com... >> Hi, >> How can I view event logs on a remote machine running Vista? I can >> view remote events on machines running XP and 2003 but not Vista..... >> The Vista machine all have their remote registry service running already. >> But when I connect to a remote machine via event viewer, it always >> complain that rpc server is not available...... >> >> Please help. >> >> Marshall >
Guest Kerry Brown Posted November 5, 2007 Posted November 5, 2007 Re: Vista Remote Event Log viewer You need to make a registry change. http://www.jimmah.com/vista/Administration/filtertoken.aspx -- Kerry Brown Microsoft MVP - Shell/User http://www.vistahelp.ca "mlai" <mlai@community.nospam> wrote in message news:796FBBA1-C9E7-48E4-9B75-F8C661593AD7@microsoft.com... > Hi, > How can I view event logs on a remote machine running Vista? I can > view remote events on machines running XP and 2003 but not Vista..... The > Vista machine all have their remote registry service running already. But > when I connect to a remote machine via event viewer, it always complain > that rpc server is not available...... > > Please help. > > Marshall
Guest mlai Posted November 5, 2007 Posted November 5, 2007 Re: Vista Remote Event Log viewer Thanks for the link. Followed the link, added the DWORD to the registry and rebooted. Fired up Event view and tried to connect to a remote machine. Same error of RPC Server unavailable..... "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message news:DDA47E46-E3B3-4FBC-9A4E-C56B5EEABC17@microsoft.com... > You need to make a registry change. > > http://www.jimmah.com/vista/Administration/filtertoken.aspx > > > > -- > Kerry Brown > Microsoft MVP - Shell/User > http://www.vistahelp.ca > > > "mlai" <mlai@community.nospam> wrote in message > news:796FBBA1-C9E7-48E4-9B75-F8C661593AD7@microsoft.com... >> Hi, >> How can I view event logs on a remote machine running Vista? I can >> view remote events on machines running XP and 2003 but not Vista..... >> The Vista machine all have their remote registry service running already. >> But when I connect to a remote machine via event viewer, it always >> complain that rpc server is not available...... >> >> Please help. >> >> Marshall >
Guest Adams Qu [MSFT] Posted November 5, 2007 Posted November 5, 2007 Re: Vista Remote Event Log viewer Dear Marshall, Thank you for posting here. From your problem description, my understanding is: When you attempt to check the Event Log on the remote Windows Vista machine, the error message saying "RPC is unavailable" appears. As I understand, the connection can be established successfully from your DC. If I have misunderstood about your concern, feel free to let me know. Generally, this issue may occur: a. The remote computer is un-available on the network. b. The Remote Event Log Management firewall exception has been NOT set on the remote computer. c. Your user account has permission to access the remote computer. Considering the current situation, please try to ensure the "Remote Event Log Management firewall" exception is enabled on the remote Vista machine by the steps below: NOTE: You can check these settings via Remote Desktop session. 1. On the remote Windows Vista machine, click Start, type: firewall in the Start Search bar. 2. Click Windows Firewall in the list. 3. Click Change settings. 4. In the ""Windows Firewall Settings" panel, please click "Exceptions" tab and then ensure that "Remote Event Log Management firewall" is enabled in the list. 5. Click OK to apply this setting. 6. After that, please go to the "Services.msc" and then restart the "Remote Registry service". 7. On the local Vista machine, let's first use the following wevtutil utility command-line to check if we are able to manage event logs on a remote computer wevtutil el /r:<remote_computer_name> /u:<user_name> /p:<password> 8. If it is successful, please try to test the issue again in the Event View console. Additional Reference -------------------------------- Troubleshooting Event Viewer in Vista http://technet2.microsoft.com/WindowsVista/en/library/2564192f-b638-47c8-ad3 1-9dbdf6f198f91033.mspx Work with Event Logs on a Remote Computer http://www.microsoft.com/technet/WindowsVista/library/ops/cfad9c47-96cc-46d8 -b432-2baf661a72bb.mspx Have a nice day! Best regards, Adams Qu MCSE, MCDBA, MCTS Microsoft Online Support Microsoft Global Technical Support Center Get Secure! - http://www.microsoft.com/security ===================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ===================================================== This posting is provided "AS IS" with no warranties, and confers no rights. -------------------- | From: "mlai" <mlai@community.nospam> | References: <796FBBA1-C9E7-48E4-9B75-F8C661593AD7@microsoft.com> <DDA47E46-E3B3-4FBC-9A4E-C56B5EEABC17@microsoft.com> | Subject: Re: Vista Remote Event Log viewer | Date: Mon, 5 Nov 2007 16:39:49 +0800 | Lines: 1 | Message-ID: <D28BED3C-8B46-4A55-98DF-E0F486006B97@microsoft.com> | MIME-Version: 1.0 | Content-Type: text/plain; | format=flowed; | charset="iso-8859-1"; | reply-type=response | Content-Transfer-Encoding: 7bit | X-Priority: 3 | X-MSMail-Priority: Normal | Importance: Normal | X-Newsreader: Microsoft Windows Live Mail 12.0.1365 | X-MimeOLE: Produced By Microsoft MimeOLE V12.0.1365 | X-MS-CommunityGroup-PostID: {D28BED3C-8B46-4A55-98DF-E0F486006B97} | X-MS-CommunityGroup-ThreadID: 796FBBA1-C9E7-48E4-9B75-F8C661593AD7 | X-MS-CommunityGroup-ParentID: DDA47E46-E3B3-4FBC-9A4E-C56B5EEABC17 | Newsgroups: microsoft.public.windows.server.general,microsoft.public.windows.vista.netwo rking_sharing,microsoft.public.windows.vista.performance_maintenance | Path: TK2MSFTNGHUB02.phx.gbl | Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.vista.networking_sharing:16788 microsoft.public.windows.vista.performance_maintenance:14794 microsoft.public.windows.server.general:26015 | NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1 | X-Tomcat-NG: microsoft.public.windows.server.general | | Thanks for the link. Followed the link, added the DWORD to the registry and | rebooted. Fired up Event view and tried to connect to a remote machine. | Same error of RPC Server unavailable..... | | | | "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message | news:DDA47E46-E3B3-4FBC-9A4E-C56B5EEABC17@microsoft.com... | > You need to make a registry change. | > | > http://www.jimmah.com/vista/Administration/filtertoken.aspx | > | > | > | > -- | > Kerry Brown | > Microsoft MVP - Shell/User | > http://www.vistahelp.ca | > | > | > "mlai" <mlai@community.nospam> wrote in message | > news:796FBBA1-C9E7-48E4-9B75-F8C661593AD7@microsoft.com... | >> Hi, | >> How can I view event logs on a remote machine running Vista? I can | >> view remote events on machines running XP and 2003 but not Vista..... | >> The Vista machine all have their remote registry service running already. | >> But when I connect to a remote machine via event viewer, it always | >> complain that rpc server is not available...... | >> | >> Please help. | >> | >> Marshall | > |
Guest Kerry Brown Posted November 5, 2007 Posted November 5, 2007 Re: Vista Remote Event Log viewer The change has to be done on the remote machine if the remote machine is running Vista. -- Kerry Brown Microsoft MVP - Shell/User http://www.vistahelp.ca "mlai" <mlai@community.nospam> wrote in message news:D28BED3C-8B46-4A55-98DF-E0F486006B97@microsoft.com... > Thanks for the link. Followed the link, added the DWORD to the registry > and rebooted. Fired up Event view and tried to connect to a remote > machine. Same error of RPC Server unavailable..... > > > > "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message > news:DDA47E46-E3B3-4FBC-9A4E-C56B5EEABC17@microsoft.com... >> You need to make a registry change. >> >> http://www.jimmah.com/vista/Administration/filtertoken.aspx >> >> >> >> -- >> Kerry Brown >> Microsoft MVP - Shell/User >> http://www.vistahelp.ca >> >> >> "mlai" <mlai@community.nospam> wrote in message >> news:796FBBA1-C9E7-48E4-9B75-F8C661593AD7@microsoft.com... >>> Hi, >>> How can I view event logs on a remote machine running Vista? I can >>> view remote events on machines running XP and 2003 but not Vista..... >>> The Vista machine all have their remote registry service running >>> already. But when I connect to a remote machine via event viewer, it >>> always complain that rpc server is not available...... >>> >>> Please help. >>> >>> Marshall >>
Guest mlai Posted November 5, 2007 Posted November 5, 2007 Re: Vista Remote Event Log viewer I have done it on all my domain machines..... And still didn't work. "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message news:66A87FDD-9948-4D07-B261-2A2F7B4FEE6F@microsoft.com... > The change has to be done on the remote machine if the remote machine is > running Vista. > > -- > Kerry Brown > Microsoft MVP - Shell/User > http://www.vistahelp.ca > > > "mlai" <mlai@community.nospam> wrote in message > news:D28BED3C-8B46-4A55-98DF-E0F486006B97@microsoft.com... >> Thanks for the link. Followed the link, added the DWORD to the registry >> and rebooted. Fired up Event view and tried to connect to a remote >> machine. Same error of RPC Server unavailable..... >> >> >> >> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message >> news:DDA47E46-E3B3-4FBC-9A4E-C56B5EEABC17@microsoft.com... >>> You need to make a registry change. >>> >>> http://www.jimmah.com/vista/Administration/filtertoken.aspx >>> >>> >>> >>> -- >>> Kerry Brown >>> Microsoft MVP - Shell/User >>> http://www.vistahelp.ca >>> >>> >>> "mlai" <mlai@community.nospam> wrote in message >>> news:796FBBA1-C9E7-48E4-9B75-F8C661593AD7@microsoft.com... >>>> Hi, >>>> How can I view event logs on a remote machine running Vista? I can >>>> view remote events on machines running XP and 2003 but not Vista..... >>>> The Vista machine all have their remote registry service running >>>> already. But when I connect to a remote machine via event viewer, it >>>> always complain that rpc server is not available...... >>>> >>>> Please help. >>>> >>>> Marshall >>> >
Guest Adams Qu [MSFT] Posted November 6, 2007 Posted November 6, 2007 Re: Vista Remote Event Log viewer Dear Marshall, Thank you for posting back. 1. Do you have checked the "Remote Event Log Management" and "Remote Administration" options in the Firewall Exception list on the remote Vista machine? Please NOTE: Unlike the 2000/XP/2003, when we use the local Windows Vista to connect to the Event Viewer (or other management tool) on remote Vista, it will call the SMB2 Protocol, other than the SMB Protocol. So, even if we are able to connect to the remote Vista machine on 2003 DC, we still recommend checking above settings for the troubleshooting purposes. 2. Does the same error occur when we use the "wevtutil" utility? If the issue still persists, please help us to capture a network capture for the further research via the Network Monitor 3.1: a. Download Network Monitor 3.1 from the following link: http://www.microsoft.com/downloads/details.aspx?FamilyID=18b1d59d-f4d8-4213- 8d17-2f6dde7d7aac&DisplayLang=en b. Install the Network Monitor on the local Vista client and remote Vista machine. c. Click Start->Programs-> Microsoft Network Monitor-> Network Monitor, open Network Monitor on the client. d. Select the network connection in use, and then click "Create a new capture tab" button. e. Click Start on the Capture menu in Network Monitor window on the both Windows Vista client and remote Vista machine. f. Now from the client, please check if the problem is reproduced. g. After reproducing the problem, click Stop on the Capture menu, and click File->Save As to save the captured files on both the local client and remote machine. h. Please send me the network traces files at v-adamqu@microsoft.com i. Please also let me know the IP address for these machines. Have a nice day! Best regards, Adams Qu MCSE, MCDBA, MCTS Microsoft Online Support Microsoft Global Technical Support Center Get Secure! - http://www.microsoft.com/security ===================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ===================================================== This posting is provided "AS IS" with no warranties, and confers no rights. -------------------- | From: "mlai" <mlai@community.nospam> | References: <796FBBA1-C9E7-48E4-9B75-F8C661593AD7@microsoft.com> <DDA47E46-E3B3-4FBC-9A4E-C56B5EEABC17@microsoft.com> <D28BED3C-8B46-4A55-98DF-E0F486006B97@microsoft.com> <66A87FDD-9948-4D07-B261-2A2F7B4FEE6F@microsoft.com> | Subject: Re: Vista Remote Event Log viewer | Date: Mon, 5 Nov 2007 23:53:52 +0800 | Lines: 1 | Message-ID: <85881ADE-7FBF-4AE0-9923-8CBA0C4012C0@microsoft.com> | MIME-Version: 1.0 | Content-Type: text/plain; | format=flowed; | charset="iso-8859-1"; | reply-type=response | Content-Transfer-Encoding: 7bit | X-Priority: 3 | X-MSMail-Priority: Normal | Importance: Normal | X-Newsreader: Microsoft Windows Live Mail 12.0.1365 | X-MimeOLE: Produced By Microsoft MimeOLE V12.0.1365 | X-MS-CommunityGroup-PostID: {85881ADE-7FBF-4AE0-9923-8CBA0C4012C0} | X-MS-CommunityGroup-ThreadID: 796FBBA1-C9E7-48E4-9B75-F8C661593AD7 | X-MS-CommunityGroup-ParentID: 66A87FDD-9948-4D07-B261-2A2F7B4FEE6F | Newsgroups: microsoft.public.windows.server.general,microsoft.public.windows.vista.netwo rking_sharing,microsoft.public.windows.vista.performance_maintenance | Path: TK2MSFTNGHUB02.phx.gbl | Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.vista.networking_sharing:16804 microsoft.public.windows.vista.performance_maintenance:14810 microsoft.public.windows.server.general:26047 | NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1 | X-Tomcat-NG: microsoft.public.windows.server.general | | I have done it on all my domain machines..... And still didn't work. | | "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message | news:66A87FDD-9948-4D07-B261-2A2F7B4FEE6F@microsoft.com... | > The change has to be done on the remote machine if the remote machine is | > running Vista. | > | > -- | > Kerry Brown | > Microsoft MVP - Shell/User | > http://www.vistahelp.ca | > | > | > "mlai" <mlai@community.nospam> wrote in message | > news:D28BED3C-8B46-4A55-98DF-E0F486006B97@microsoft.com... | >> Thanks for the link. Followed the link, added the DWORD to the registry | >> and rebooted. Fired up Event view and tried to connect to a remote | >> machine. Same error of RPC Server unavailable..... | >> | >> | >> | >> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message | >> news:DDA47E46-E3B3-4FBC-9A4E-C56B5EEABC17@microsoft.com... | >>> You need to make a registry change. | >>> | >>> http://www.jimmah.com/vista/Administration/filtertoken.aspx | >>> | >>> | >>> | >>> -- | >>> Kerry Brown | >>> Microsoft MVP - Shell/User | >>> http://www.vistahelp.ca | >>> | >>> | >>> "mlai" <mlai@community.nospam> wrote in message | >>> news:796FBBA1-C9E7-48E4-9B75-F8C661593AD7@microsoft.com... | >>>> Hi, | >>>> How can I view event logs on a remote machine running Vista? I can | >>>> view remote events on machines running XP and 2003 but not Vista..... | >>>> The Vista machine all have their remote registry service running | >>>> already. But when I connect to a remote machine via event viewer, it | >>>> always complain that rpc server is not available...... | >>>> | >>>> Please help. | >>>> | >>>> Marshall | >>> | > |
Guest Kerry Brown Posted November 6, 2007 Posted November 6, 2007 Re: Vista Remote Event Log viewer "Adams Qu [MSFT]" <v-adamqu@online.microsoft.com> wrote in message news:Uu$P3KFIIHA.360@TK2MSFTNGHUB02.phx.gbl... > Dear Marshall, > > Thank you for posting back. > Marshall had cross posted this to many newsgroups. It was solved in another group. It was a firewall problem. -- Kerry Brown Microsoft MVP - Shell/User http://www.vistahelp.ca
Guest Adams Qu [MSFT] Posted November 7, 2007 Posted November 7, 2007 Re: Vista Remote Event Log viewer Dear Kerry, I am glad to hear that the problem has been fixed. Have a nice day! Best regards, Adams Qu MCSE, MCDBA, MCTS Microsoft Online Support Microsoft Global Technical Support Center Get Secure! - http://www.microsoft.com/security ===================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ===================================================== This posting is provided "AS IS" with no warranties, and confers no rights. -------------------- | From: "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> | References: <796FBBA1-C9E7-48E4-9B75-F8C661593AD7@microsoft.com> <DDA47E46-E3B3-4FBC-9A4E-C56B5EEABC17@microsoft.com> <D28BED3C-8B46-4A55-98DF-E0F486006B97@microsoft.com> <66A87FDD-9948-4D07-B261-2A2F7B4FEE6F@microsoft.com> <85881ADE-7FBF-4AE0-9923-8CBA0C4012C0@microsoft.com> <Uu$P3KFIIHA.360@TK2MSFTNGHUB02.phx.gbl> | In-Reply-To: <Uu$P3KFIIHA.360@TK2MSFTNGHUB02.phx.gbl> | Subject: Re: Vista Remote Event Log viewer | Date: Tue, 6 Nov 2007 06:52:38 -0800 | Lines: 17 | Message-ID: <FA1120BC-1C75-4B3C-B8C7-6D6C203B3494@microsoft.com> | MIME-Version: 1.0 | Content-Type: text/plain; | format=flowed; | charset="Windows-1252"; | reply-type=original | Content-Transfer-Encoding: 7bit | X-Priority: 3 | X-MSMail-Priority: Normal | X-Newsreader: Microsoft Windows Mail 6.0.6000.16480 | X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16545 | X-MS-CommunityGroup-PostID: {FA1120BC-1C75-4B3C-B8C7-6D6C203B3494} | X-MS-CommunityGroup-ThreadID: 796FBBA1-C9E7-48E4-9B75-F8C661593AD7 | X-MS-CommunityGroup-ParentID: 06562ED3-DEBD-4731-B05B-EBA3D9A8357B | Newsgroups: microsoft.public.windows.server.general | Path: TK2MSFTNGHUB02.phx.gbl | Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.general:26159 | NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1 | X-Tomcat-NG: microsoft.public.windows.server.general | | "Adams Qu [MSFT]" <v-adamqu@online.microsoft.com> wrote in message | news:Uu$P3KFIIHA.360@TK2MSFTNGHUB02.phx.gbl... | > Dear Marshall, | > | > Thank you for posting back. | > | | | Marshall had cross posted this to many newsgroups. It was solved in another | group. It was a firewall problem. | | -- | Kerry Brown | Microsoft MVP - Shell/User | http://www.vistahelp.ca | | |
Recommended Posts