Reading event log remotely with Get-EventLog in Powershell
Reading event log remotely with Get-EventLog in Powershell
@Lars Truijenss suggestion solved my issue. But other suggestions are also important to check.
So, here is the checklist if you get this kind of error when you try to get log files remotely:
- Disable or set firewall settings on both sides.
- Enable Remote Desktop and Remote Assistance on client machine.
- Can you ping to the client machine?
- Run
dir \dc1c$
to see that you are allowed to reach to the
harddisk. (@Shay Levys suggestion) - Run
Get-Service -ComputerName YOURCOMPUTERNAME
to see that you are
allowed to reach to the services. (@Shay Levys suggestion) - Start the Remote Registry service. (@Lars Truijenss suggestion and
this made it work for me)
Here is the screenshot of this solution:
Starting the RemoteRegistry service did not help in my case.
Apparently, there is a difference between the remoting that is accessed via the ComputerName parameter in some cmdlets such as Get-Service and the newer form of remoting accessed with cmdlets such as Invoke-Command.
Since traditional remote access is implemented by individual cmdlets,
it is inconsistent (uses different techniques and demands different
requirements) and available only in selected cmdlets. The technology
used for remote access can vary from cmdlet to cmdlet and is not
readily known to you. Each cmdlet uses whatever remoting technology
its author chose. Most cmdlets use Remote Procedure Call (RPC), but
might also require additional services and settings on the target
system.Beginning in Windows PowerShell 2.0, there is an alternate and more
universal way of accessing remote systems: Windows PowerShell
Remoting. With this type of remoting, Windows PowerShell handles
remote access for all commands. It transfers your commands to the
remote system using the relatively new and highly configurable WinRM
service, executes the code in a separate session that runs on the
remote system, and returns the results to the calling system.
When I swapped from this command
get-eventlog -LogName System -computername <ServerName>
to this
invoke-command {get-eventlog -LogName System} -ComputerName <ServerName>
I no longer got the following error
get-eventlog : The network path was not found.