Configure Event Collection Services and Windows Firewall
For source computers to communicate with the event collector machine:
- The correct inbound firewall ports must be open and accepting connections.
- The WinRM and event collector services must be running.
To run quickconfig:
- On the event collector machine, open a command prompt.
- Type winrm quickconfig.
- When prompted to continue with the configuration, type Y.
- This command checks the current configuration and makes the necessary changes. Upon completion, the following is configured:
- Windows Remote Management service set to Automatic (Delayed Start) and Started.
- Windows Firewall ports Windows Remote Management (HTTP-In): Port 5985 configured for inbound communication OR
- Windows Firewall ports Windows Remote Management (HTTP-In) – Compatibility Mode: Port 80 configured for inbound communication.
In addition, the event collector service must be configured and started.
- On the event collector machine, open a command prompt.
- Type wecutil qc.
- When prompted to continue with the configuration type Y.
This command checks the current configuration and makes the necessary changes. Upon completion the following is configured:
- Windows Event Collector service set to Automatic (Delayed Start) and Started.