IBM Support

QRadar: WinCollect Error Code 0x2471.

Question & Answer


Question

How do you resolve a Windows Server 2003 R2 Error, code 0x2471: The requested address is not valid in its context?

Cause

The ability for the name to resolve is going to depend on how your DNS server is configured and the location of the agent that is trying to register. Essentially, the hostname or IP Address that the system attempted to bind to was non-local. WinSock was trying to create a socket connection for a host name or IP it does not believe is local to the host.

For example: If the destination you created is in another domain than where you are located, unless trust is setup, then you would expect this to fail. If you do a lookup from the windows host, does that hostname MyHostName1 resolve back to an IP address? If it does return an IP Address, is that the expected IP Address for the local system?

Answer

What you are hitting is a Microsoft error. You have a hostname that is defined, but Windows is sending back Error code 10049. For more information, see https://support.microsoft.com/en-us/kb/819124


How to resolve this problem
Administrators should confirm from both the Windows host and the QRadar appliance that the host name is reachable using nslookup host_name. Optionally, users can replace the hostname with an IP Address in the Log Source or Destinations they create for WinCollect as the IP should always resolve for your destination unless blocked by a firewall or proxy.

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"WinCollect","Platform":[{"code":"PF033","label":"Windows"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
31 March 2020

UID

swg21989506