In the past week or two we have been receiving a lot of email from customers reporting that their Event Log Monitor has suddenly started failing on a number of servers.  We don’t have proof, but we’re guessing a recent Windows Update must have disabled the Remote Event Log Management rules.

 

(Edit):  Confirmed!   Thanks Paul!    Please see https://docs.microsoft.com/en-us/windows/release-health/resolved-issues-windows-8.1-and-windows-server-2012-r2#1623msgdesc

 

event log firewall rules

 

We’ve been telling customers to re-enable those rules, and so far it has fixed the issue for everyone.

 

EDIT: ANOTHER update that messes with Event Log monitoring.   Please see:

 

https://support.microsoft.com/en-us/topic/june-8-2021-kb5003638-os-build-14393-4467-d9dfce91-b425-483a-8280-f54d7005b231

 

Especially note where it says “This issue is resolved if the local and remote devices both have installed updates released June 8, 2021 or later.

 

Also see the June 2021 heading on:

 

https://docs.microsoft.com/en-us/windows/release-health/resolved-issues-windows-10-1607#1623msgdesc

 

Share →
(19)