Windows Event Forwarding subscriptions healthy but one server never sends logs

Scenario

Most sources forward events correctly, but one server never contributes logs to the collector.

Recommended Resolution Path

1. Check collector subscription scope and source-initiated forwarding configuration on the server.
2. Verify WinRM and firewall reachability to the collector.
3. Review event forwarding operational logs on both source and collector.
4. If the source was cloned or rebuilt, ensure its identity and subscription state are current.

Technician Notes

Capture the exact scope of impact, confirm which dependency failed first, and document whether the issue reflects broader domain or server drift.