Adding Source Computer Manually to WEC Subscription on windows server

The error message "Server cannot be translated to a security identifier" typically indicates that the Windows Event Collector (WEC) is unable to resolve the server name to a security identifier (SID). This can happen for several reasons, including issues with DNS resolution or the server not being part of the same domain as the WEC.

Here are some steps you can take to troubleshoot and resolve this issue:

1. Check DNS Resolution: Ensure that the server you are trying to add can be resolved by the WEC. You can test this by using the ping command or nslookup to verify that the server's hostname resolves correctly.
2. Verify Network Connectivity: Make sure that there is network connectivity between the WEC and the server you are trying to add. Check firewall settings to ensure that traffic is allowed on the necessary ports (e.g., port 5986 for WinRM).
3. Check Domain Membership: If the server is not part of the same domain as the WEC, you may need to add it as a non-domain computer. Ensure that you are following the correct procedure for adding non-domain computers to the WEC subscription.
4. Review Permissions: Ensure that the account you are using to create the subscription has the necessary permissions to access the server and its event logs.
5. Use FQDN: When adding the server, try using the Fully Qualified Domain Name (FQDN) instead of just the hostname to avoid any resolution issues.
6. Event Viewer Logs: Check the Event Viewer logs on both the WEC and the server for any additional error messages that might provide more context about the issue.

By following these steps, you should be able to identify the cause of the error and successfully add the server to the WEC subscription.

Hi Sudha P,

Thank you for your question. The error message “Server cannot be translated to a security identifier. It will not be added to the list” typically occurs when the target server cannot be resolved to a valid computer account in Active Directory. This can happen if the server is not domain-joined, if there are replication delays, or if the account lacks the necessary permissions.

To resolve this, please verify the following:

1. Ensure the server is properly joined to the domain and visible in Active Directory.
2. Confirm that the Network Service or Event Collector service account has permission to read the computer object.
3. Run nltest /dsgetdc:<domain> from the affected server to confirm domain controller connectivity.
4. If adding servers manually, use the fully qualified domain name (FQDN) rather than NetBIOS names.
5. Allow time for AD replication if the server was recently added.

These steps should help ensure the subscription can be created successfully. If this guidance resolves your issue, please click “Accept Answer” so others can benefit as well.

Thank you so much!!!!

Best regards,

QQ.

Hi Sudha P,

How is your problem? Has it been solved? If it has, please hit ACCEPT THE ANSWER to support me. If it hasn't, please feel free to tell me more about your issue details.

QQ.