WMI

The Windows Management Interface (WMI) is a protocol used in vScope for inventorying Windows-based operating systems. WMI enables vScope to collect detailed data about Windows resources, such as system hardware, software, and configurations.

---

WMI in vScope

WMI can be used for discovery by disabling “Use WinRM” in a WMI credential. It is not net preferred method, but will be used if WinRM fails on the target machine.

Requirements

• User Account: Ensure the account used for WMI discovery has read permissions on the target Windows systems.

Tip

For guidance on enabling and configuring WMI for your systems, see:

• Setting up WMI on target machine
• Setting up WMI Access Through Active Directory GPO

How it works

vScope collects information from Windows operating systems using various WMI scripts, utilizing VBscript. The scripts can be run from the vScope server using plain WMI, or locally on the target machine using PowerShell via WinRM. Though we recommend using WinRM due to performance and security, you can configure vScope to use WMI in Discovery Manager > Credentials > [WMI Credential]

If using WinRM, vScope will pack and send the VBScript to the temp catalog on the target machine. The scripts are then run using a command. The command is encrypted to make it easier to run. After the results of the scripts are collected, the information is sent back to the vScope server and the VBscript in the temp catalog is removed.

Change Default Timeout

To prevent prolonged discovery sessions, vScope enforces a default timeout of 15 minutes (900 seconds) for WMI discovery. If a WMI probe on a resource does not complete within this timeframe, vScope will halt the inventory process for that target.

Note

This setting ensures discovery performance by preventing WMI probes from stalling the process.

1. Locate the Config File
   Navigate to the ..\vScopeData\configuration\config.ini file on your vScope server.

2. Add a Custom Timeout
   Open config.ini and add a new row to specify the desired timeout in seconds. For example, setting the timeout to 1800 seconds (30 minutes) would look like this:

   discovery.probe.wmi.timeout=1800

3. Restart the vScope Service After saving your changes, restart the vScope service for the new timeout settings to take effect. Increasing the timeout may be useful in environments where WMI requests take longer due to network latency or processing constraints on the target systems.

---

Common Errors

Error	What Happened	Suggested Action
Job Aborted Due to Overdue	vScope’s discovery probe for WMI has timed out on the target machine.	Verify any issues on the target machine that could cause timeouts. Refer to Microsoft’s WMI Connection Timed Out troubleshooting guide.
RPC Server Is Unavailable: Stopped RPC Service	The RPC service on the targeted servers might be stopped.	Check if the RPC service is running and accessible on the servers.
RPC Server Is Unavailable: Name Resolution Issues	The RPC server’s name is possibly resolving to the wrong IP address, causing WMI discovery attempts on an incorrect IP.	Test connectivity by pinging the hostname and confirming the correct IP address.
RPC Server Is Unavailable: Traffic Blocked by Firewall	Firewall or security applications may be blocking traffic on TCP port 135 or dynamic ports (TCP/UDP 49152-65535).	Ensure that the firewall settings on both the vScope server and target servers allow traffic on these ports.
RPC Server Is Unavailable: Connectivity Issues	The target server might be down or inaccessible due to network-related issues.	Verify connectivity from the vScope server to the target using the WMI access confirmation guide.
Access Denied: Insufficient Privileges	The WMI credential lacks necessary permissions to read the target machine(s).	Ensure that the credential has appropriate permissions as outlined in Setting up WMI access via AD GPO.
Access Denied: Incorrect or Expired Password	The credential password is incorrect or expired.	Verify the password in both vScope and Active Directory, ensuring it doesn’t contain unsupported special characters.
Access Denied: Time Difference	There is a significant time difference between the vScope server and the target machine(s).	Confirm the local time on both the vScope server and target machines are synchronized.
Access Denied: NTLM Disabled	NTLM is disabled on the server, which is necessary for WMI authentication.	Enable NTLM on the target machines to allow authentication.
Could Not Build Unique ID for Target	vScope cannot find a MAC address on the target machine, often due to limited permissions.	Confirm that permissions are set correctly as per WMI and WinRM setup guide. If unresolved, try re-joining the machine to the domain.
Recently scanned by WMI through another IP. Delaying scan.	The WMI target was recently scanned with a different WMI credential and was put furthest back in the queue.	Make sure the target machine has been scanned with WMI.
WinRM Login failed: HTTP: 401: Unspecific Access Denied	Most commonly combined with WMI succeeding. vScope not able to login to the target machines using WinRM.	Ensure the correct credentials are used.