Server 2022 - Online - Data Retrieval Failures Occurred Windows

Outbound access is the most common block.

For more information on troubleshooting online data retrieval failures on Windows Server 2022, check out the following resources:

The error "Online - Data retrieval failures occurred" in Windows Server 2022 Server Manager is a common manageability issue, frequently appearing when servers are part of a Failover Cluster or used in an Exchange Database Availability Group (DAG). This error indicates that Server Manager cannot successfully pull inventory or status data from a managed node, often due to corrupted event log metadata or restrictive WinRM (Windows Remote Management) limits. Core Causes of Data Retrieval Failures

Corrupted Event Log Metadata: The most common culprit is a corrupted metadata provider for specific event log channels, particularly Microsoft-Windows-Kernel-IoTrace/Diagnostic.

WinRM Envelope Size Limits: When a server belongs to a cluster or DAG, the data payload sent via WinRM may exceed the default maxEnvelopeSize, causing the retrieval to fail.

Insufficient Permissions: The account used for management may lack rights to access certain event logs through WinRM.

Missing Event Log Files: Following a system migration (e.g., VMware to Hyper-V), some event log providers may not be properly registered, or their .etl files may be missing. Primary Troubleshooting Solutions 1. Increase WinRM maxEnvelopeSize

If your server is part of a Failover Cluster or Exchange DAG, the default data packet size might be too small to transmit the full inventory.

Registry Method: Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client and set a new DWORD value named maxEnvelopeSize to 8192 (decimal).

PowerShell Method: Run the following command as an Administrator on both the management server and the target nodes:Set-WSManInstance -ResourceURI winrm/config -ValueSet @MaxEnvelopeSizekb = "8192"

Restart Service: Restart the Windows Remote Management (WinRM) service to apply changes. 2. Disable the Kernel-IoTrace Diagnostic Log

Corrupted metadata in this specific channel is a documented bug in Windows Server 2022 that triggers the "Online - Data retrieval failures" message.

Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-IoTrace/Diagnostic. Change the Enabled DWORD value from 1 to 0.

Reboot the node. In many cases, Windows will automatically re-enable this with clean metadata upon restart, resolving the error. 3. Grant Event Log Reader Permissions

Ensure the server's own computer account has permission to read its logs via remote management. Open Computer Management > Local Users and Groups > Groups.

Add the server's own Computer Account to the Event Log Readers group.

If using Cluster-Aware Updating (CAU), add the CAU computer object to this group as well. 4. Rebuild Event Log Metadata

If specific logs are broken, you can list and attempt to reload all event log metadata via PowerShell:wevtutil.exe el | foreach wevtutil.exe gl $_Identify logs that fail to load and consider deleting the corresponding .evtx files in C:\Windows\System32\winevt\Logs to allow the system to recreate them (ensure you have backups first). Comparison of Fixes Primary Use Case Risk Level Increase WinRM Envelope Clusters, DAGs, and large inventories Disable IoTrace Registry General manageability "Refresh failed" errors Medium (Registry change) Permissions Update Access-denied errors in Server Manager logs SFC / DISM Scan General system file corruption

Windows Server 2022 , the "Online - Data retrieval failures occurred" error in Server Manager is a common manageability issue often linked to corrupted event log channels or WinRM configuration limits. While frequently considered "cosmetic" because it doesn't always impact core server performance, it prevents Server Manager from refreshing correctly. Microsoft Learn Core Causes Corrupted Event Log Channels : The most frequent culprit is the Microsoft-Windows-Kernel-IoTrace/Diagnostic Outbound access is the most common block

channel. Corruption or missing metadata in this channel prevents WinRM from retrieving full status data. WinRM Packet Size Limits

: If the server is part of a cluster (e.g., Failover Cluster or Exchange DAG), the data being sent via WinRM may exceed the default MaxEnvelopeSize Insufficient Permissions

: The account or computer object may lack rights to read specific event logs. Feature Residuals

: In-place upgrades to 2022 sometimes leave orphaned registry entries for removed features that Server Manager still tries to query. Microsoft Community Hub Recommended Resolutions 1. Repair the Kernel-IoTrace Log Channel

This is the most successful fix for standalone and clustered Windows Server 2022 instances. Microsoft Learn Registry Editor Navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-IoTrace/Diagnostic Change the DWORD value from Reboot the server

. After rebooting, Windows typically rebuilds the channel metadata and resets this value to automatically. Microsoft Community Hub 2. Increase WinRM MaxEnvelopeSize

Required if your logs are too large for standard remote management packets.

Server Manager problem: Online - Data retrieval failures occurred

The solution for me was as following and is important to follow the order as below: Add the affected node itself (computer object) Microsoft Community Hub

In Windows Server 2022, "Online - Data retrieval failures occurred" typically occurs because of corrupted event log channels permission issues preventing Server Manager from collecting inventory data Quick Fixes & Immediate Actions Add Computer to "Event Log Readers": Computer Management Local Users and Groups Event Log Readers and add the server's own computer account If using a cluster, add the Cluster-Aware Updating (CAU) computer object as well. Increase WinRM Envelope Size:

In some cases, especially with Exchange DAG members, the data payload exceeds the default size. Run PowerShell as Administrator and execute:

Set-WSManInstance -ResourceURI winrm/config -ValueSet @MaxEnvelopeSizekb = "700" Step-by-Step Troubleshooting Guide 1. Identify the Problematic Channel

Server Manager often fails because it cannot access a specific event log provider. Event Viewer Applications and Services Logs ServerManager Operational for specific provider names. A common culprit is the Microsoft-Windows-Kernel-IoTrace/Diagnostic 2. Reset Corrupted Log Channels (Registry Fix)

If a channel is identified as broken, you can force Windows to rebuild its metadata. Registry Editor Navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\ Locate the problematic channel (e.g., Microsoft-Windows-Kernel-IoTrace/Diagnostic Change the DWORD value from Reboot the server. Windows should automatically set this back to and recreate missing files during boot. 3. Clean Up Legacy Registry Entries (For Upgraded Servers)

If you performed an in-place upgrade to Windows Server 2022, removed features like "Media Foundation" or "File Services" may leave behind ghost registry entries. WINEVT\Channels

registry key for entries related to removed features and consider removing them after a full backup. 4. Run System Repairs The error "Online - Data retrieval failures occurred"

Corruption in system files can interfere with management providers. Open PowerShell as Administrator and run: sfc /scannow DISM /Online /Cleanup-Image /RestoreHealth 5. Verify Cluster "DumpPolicy" (Advanced)

In clustered environments, a specific binary value in the cluster's dump policy can trigger this error.

In Windows Server 2022, the error "Online - Data retrieval failures occurred" in Server Manager typically signals a communication or configuration break between the management console and target nodes. This error often surfaces in Failover Clusters or complex environments like Exchange DAGs, preventing administrators from viewing real-time health and status data. Common Causes

WinRM Envelope Size Limits: The default WinRM packet size (MaxEnvelopeSize) may be too small to transmit the large volume of metadata required for complex cluster configurations.

Corrupted Event Log Channels: Specifically, the Microsoft-Windows-Kernel-IoTrace/Diagnostic channel is known to trigger this failure if its metadata becomes corrupted or missing.

Insufficient Permissions: The account running Server Manager may lack rights to access specific event logs on remote nodes.

WMI Repository Issues: Corruption in the WMI repository can halt the data flow required by Server Manager. Troubleshooting and Resolution Steps 1. Increase WinRM MaxEnvelopeSize

If your server is part of a large cluster, increasing the allowed packet size for the WS-Management service often resolves the issue instantly.

In Windows Server 2022, the "Online – Data retrieval failures occurred" error in Server Manager typically signifies a breakdown in communication between the Server Manager console and its management providers. This is frequently reported in Failover Clusters or after an in-place upgrade. Primary Causes

Corrupted Event Log Channels: A common culprit is the Microsoft-Windows-Kernel-IoTrace/Diagnostic channel, which may be missing metadata or referencing an invalid provider.

WinRM Packet Size Limitations: The management data package (envelope) might exceed the default maximum size allowed by the Windows Remote Management (WinRM) service.

Leftover Registry Entries: Following an upgrade, Server Manager may still try to pull data from features or services (like "Media Foundation") that were removed during the installation process.

Permission Issues: The server node's computer account may lack the necessary permissions to read certain event logs required for the dashboard refresh. Common Fixes and Workarounds

Users and experts from Microsoft Q&A and the Microsoft Community Hub suggest the following solutions:

Increase WinRM Maximum Envelope Size:If you are in a clustered environment (like an Exchange DAG), try increasing the maxEnvelopeSize to allow larger data transfers. Run this command in an Administrative Command Prompt:winrm set winrm/config @MaxEnvelopeSizekb="8192".

Disable/Reset the Problematic Diagnostic Channel:For issues specifically involving Kernel-IoTrace, you can disable the channel in the Registry Editor to force a rebuild on reboot:

Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-IoTrace/Diagnostic. Change the Enabled DWORD value from 1 to 0. Reboot the server.

Add Account to Event Log Readers:Ensure the affected node's own computer account is a member of the local Event Log Readers group via Local Users and Groups. VMware to Hyper-V)

Remove Obsolete Registry Keys:If you recently upgraded, check for orphaned keys under ...\WINEVT\Channels for features no longer present on your system and rename them to -old to stop Server Manager from attempting to query them.

While these errors are often categorized as "cosmetic" and may not impact the server's actual functionality, addressing them ensures your monitoring dashboard remains accurate.

Do you see any specific error codes (like "The system cannot find the file specified") in the Server Manager notification flag?

In Windows Server 2022, the "Online - Data retrieval failures occurred" error in Server Manager is typically caused by corrupted event log channels or WinRM size limitations. This often presents as a "manageability error" and may appear after system updates or migrations. Common Fixes for Data Retrieval Failures

Reset Corrupted Event Log Channels: A frequent culprit is the Kernel-IoTrace/Diagnostic channel.

Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-IoTrace/Diagnostic in the Registry Editor. Change the Enabled value from 1 to 0.

Reboot the server. Windows should automatically reset the value to 1 and rebuild the clean metadata.

Increase WinRM MaxEnvelopeSize: If the data being retrieved is too large, you must increase the allowable packet size on the target server.

PowerShell Command: Run as Administrator:Set-WSManInstance -ResourceURI winrm/config -ValueSet @MaxEnvelopeSizekb = "8192"

Manual Registry Fix: Create or modify the DWORD maxEnvelopeSize at HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client and set it to 8192.

Update Permissions: Ensure the server can properly read its own event logs by adding the computer object to the local Event Log Readers group. Open Computer Management > Local Users and Groups > Groups.

Add the server's own computer account (and the Cluster Object if using Failover Clustering) to the group.

Rebuild WMI Repositories: If the issue persists, use the Microsoft Support Community Guide to run the mofcomp command for auto-recovery.

For detailed technical walkthroughs, refer to official Microsoft Q&A threads or specialized hardware guides like the Dell Support Knowledge Base.

Create a minimal reproduction script:

$url = "https://your-online-data-source.com/api/data"
try 
    $response = Invoke-WebRequest -Uri $url -Method Get -UseBasicParsing -ErrorVariable err
    Write-Host "Success: $($response.StatusCode)"
 catch 
    Write-Host "Failure: $($_.Exception.Message)"
    Write-Host "Details: $($_.Exception.Response)"

Run as Local System to test service account access:

psexec -i -s powershell.exe

Windows Server 2022 defaults to NTFS but heavily utilizes ReFS for virtualization workloads.