J
jlss4e
Guest
I am writing a software program for the company that I work for that relies very heavily on event forwarding. It uses a collector-initiated subscription. After the subscription is created it works fine, as expected. Sometime later, could be a week or a month, the subscription will fail. Events will no longer get forwarded. When I run the command "wecutil gr" it gets stuck. If I try to view the subscription through the event viewer, the event viewer will freeze up and I will have to kill the event viewer task to close it. Once I get to this point the event forwarding will not work again. The only way to fix it is to reinstall the Windows Management Framework. I started observing this issue about 3 years ago running Windows 7 Professional.
Below is the configuration:
<Subscription xmlns="http://schemas.microsoft.com/2006/03/windows/events/subscription">
<SubscriptionId>Subscription</SubscriptionId>
<SubscriptionType>CollectorInitiated</SubscriptionType>
<Description>Subscription</Description>
<Enabled>false</Enabled>
<Uri>http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog</Uri>
<ConfigurationMode>Custom</ConfigurationMode>
<Delivery Mode="Pull">
<Batching>
<MaxLatencyTime>5000</MaxLatencyTime>
</Batching>
<PullSettings>
<Heartbeat Interval="60000" />
</PullSettings>
</Delivery>
<Query>
<![CDATA[
<QueryList>
<Query Id="0" Path="SourceLog">
<Select Path="SourceLog">*</Select>
</Query>
</QueryList>
]]></Query>
<ReadExistingEvents>false</ReadExistingEvents>
<TransportName>http</TransportName>
<TransportPort>5985</TransportPort>
<ContentFormat>RenderedText</ContentFormat>
<Locale Language="en-US" />
<LogFile>ForwardedEvents</LogFile>
<CredentialsType>Default</CredentialsType>
<EventSources>
</EventSources>
</Subscription>
Any help would be greatly appreciated.
Thanks!
More...
Below is the configuration:
<Subscription xmlns="http://schemas.microsoft.com/2006/03/windows/events/subscription">
<SubscriptionId>Subscription</SubscriptionId>
<SubscriptionType>CollectorInitiated</SubscriptionType>
<Description>Subscription</Description>
<Enabled>false</Enabled>
<Uri>http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog</Uri>
<ConfigurationMode>Custom</ConfigurationMode>
<Delivery Mode="Pull">
<Batching>
<MaxLatencyTime>5000</MaxLatencyTime>
</Batching>
<PullSettings>
<Heartbeat Interval="60000" />
</PullSettings>
</Delivery>
<Query>
<![CDATA[
<QueryList>
<Query Id="0" Path="SourceLog">
<Select Path="SourceLog">*</Select>
</Query>
</QueryList>
]]></Query>
<ReadExistingEvents>false</ReadExistingEvents>
<TransportName>http</TransportName>
<TransportPort>5985</TransportPort>
<ContentFormat>RenderedText</ContentFormat>
<Locale Language="en-US" />
<LogFile>ForwardedEvents</LogFile>
<CredentialsType>Default</CredentialsType>
<EventSources>
</EventSources>
</Subscription>
Any help would be greatly appreciated.
Thanks!
More...
