.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Issue
When trying to access Windows logs from a machine in a domain/workgroup in another domain, if that machine's domain name is not resolvable by the Windows Legacy Collector instance, then an error message similar to the example below will be reported for every event that is collected.
id=8106858 time=1398847139 level=failure module=WindowsLegacyCollection msg=[windows.Win2K8_2.sys_2] [processing] [WorkUnit] [processing] <ip_address>,
System sGetDcName failed with error 1212 for the DC
Workaround
In order to prevent the errors from being reported for each event, add the domain entry for the machine that is not resolvable into the host's file of the Windows Legacy Collector server.
Notes
Open the 'hosts' file ("c:\windows\System32\drivers\etc\hosts") in a text editor.Verify that there are no incorrect entries related to the domain you're trying to access
Remove or correct the problematic entries and save the changes to the 'hosts' file.
Below is a screenshot of the 'hosts' file that must be edited.
Product Details
Netwitness Product Set: Netwitness PlatformNetwitness Product/Service Type: Windows Legacy Collector
Netwitness Version/Condition: 11.x, 12.x or later
Platform: Windows Server
Approval Reviewer Queue
Technical approval queue