This post should give you a quick understanding of WinRM, WinRS, forwarding event logs and when you’re likely to see the 0x80338126 error.
WinRM (Windows Remote Management) is Microsoft’s new remote management which allows remote management of Windows machines. It was introduced in Server 2003 R2, but I didn’t really hear much about it until Server 2008.
WinRM is the ‘server’ component and WinRS is the ‘client’ that can remotely manage the machine with WinRM configured.
Differences you should be aware of:
Vista and Server 2008
Port 80 for HTTP and Port 443 for HTTPS
Windows 7 and Server 2008 R2
Port 5985 for HTTP and Port 5986 for HTTPS
WinRM 1.1 can also be downloaded and installed on pre-R2 2003 and XP from here.
You can never have too many logs, said the tree surgeon to the forest. We all know the importance of reviewing the event logs, not only for troubleshooting current issues, but to predict future ones. There are plenty of paid enterprise solutions for this, but let’s take a look at some free options.
Mr Roboto’s Event monitor
This tool will allow you to monitor windows machines live, using a default polling time of 5 seconds. You can choose from the usual event viewer categories and as an additional bonus DNS / FRS / DS are also included. Once you have selected the categories you’d like to monitor, you can then select the log type, error, warning, information, audit success and audit failure.
In the server box, type the hostname or IP of the machines you would like to monitor, separated by a comma.
This is a handy tool if you’re keeping an eye out for a specific entry, or a server that is playing up.