Thursday 22 February 2018

Error 2150858882 with Event Log Fowarding

After setting up a GPO for the event log forwarding service to use https instead of http to talk to our collector, with the recommended settings of server, refresh and issuerCA, I kept getting this 105 error in the Eventlog-FowardingPlugin log on my workstations:

The forwarder is having a problem communicating with subscription manager at address  Error code is 2150858882 and Error Message is .
That's it, no error message. Frustrating. However, removing the IssuerCA, leaving the server and refresh values from the GPO's SubscriptionManager line seems to have resulted in a happy event forwarding service.

I would also check Kerberos is set up on the listening server, or at least the SPN exists.