Hi Team, I am working as Qradar administrator and onboarding domain controller logs to Qradar through wincollect. We have few Read Only DCs (RODC) which needs to be integrated but we are unable to collect the logs and receiving error - Error code 1727: The remote procedure call failed and did not execute.
Wincollect account is added to Event Log Readers group.
If anyone onboarded RODC logs successfully without using a standalone wincollect for that server, please let me know.
------------------------------
Home Prakash
------------------------------