Event log subscription returns error code (0x138C)

windows-event-log eventviewer domain-controller windows-server-2012-r2 winrm

Solution 1:

The solution is to add the “channel access permissions” for the security log.

• Ensure the computer account of the collector is in the “Event Log Readers” builtin local security group. • Configure Event Collection on the computer to be monitored - Add the SID (S-1-5-20) of the Network Service account to the Channel Access permissions of the Security Event Log. - From an elevated command prompt: 

wevtutil sl security /ca:O:BAG:SYD:(A;;0xf0005;;;SY)(A;;0x5;;;BA)(A;;0x1;;;S-1-5-32-573)(A;;0x1;;;s-1-5-20)

After approximately 20 minutes you should start to see events in the Forwarded Events

Reference: https://rockyprogress.wordpress.com/2011/12/04/security-event-log-collection-from-a-domain-controller/

Related

how to parse some mails from html code [closed]
Storing files encrypted and sharing them over NFS or other
How to DNSSEC Sign Bind9 Reverse Zone
Ansible vs. custom made solution
Can you configure per-network SSH settings?
systemd unit stops when required unit is stopped, but then does not start again when required unit starts
Postfix forwarding - SPF issues - Sender rewrite
Can haproxy log unknown headers?
login failed in initializing the provider
Configuring Hyper-V on Windows 10 for pass-through DHCP
How to properly setup SSL with Apache2 and multiple Docker containers?
OpenVPN doesn't works with TCP