Windows (WMI)
The Windows Management Interface (WMI) is a Microsoft technology leveraged by vScope to inventory Windows-based operating systems. Windows (WMI) communicates over the Distributed Component Object Model (DCOM) protocol, which allows remote access to system information.
If you rather inventory Windows over WinRM or PowerShell, please see Windows (WinRM) or Windows (PowerShell).
Requirements
- Permission: Ensure the account used for WMI discovery has the necessary permissions on the target Windows systems. These settings can be controlled:
- using GPO
- using local/domain administrator.
- Access: Ensure that the selected port is open on the target machine.
You may want to review different options for Windows Discovery
Adding WMI to vScope
- Go to Discovery > Credentials.
- Click Create Credential, and select Windows (WMI).
- Ensure that “Use WinRM” is disabled under Advanced settings.
- Configure your Integration Settings by adding the credential details. You can reuse an existing credential, or create a new one from scratch.
- Select the target to be discovered by this credential and click Create.
How it works
vScope collects information from Windows operating systems using various WMI scripts, utilizing VBscript. The scripts can be run from the vScope server using plain WMI, or locally on the target machine using PowerShell using WinRM.
Change Default Timeout
To prevent prolonged discovery sessions, vScope enforces a default timeout of 15 minutes (900 seconds) for WMI discovery. If a WMI probe on a resource does not complete within this timeframe, vScope will halt the inventory process for that target.
-
Locate the Config File
Navigate to the..\vScopeData\configuration\config.ini
file on your vScope server. -
Add a Custom Timeout
Openconfig.ini
and add a new row to specify the desired timeout in seconds. For example, setting the timeout to 1800 seconds (30 minutes) would look like this:discovery.probe.wmi.timeout=1800 -
Restart the vScope Service After saving your changes, restart the vScope service for the new timeout settings to take effect. Increasing the timeout may be useful in environments where WMI requests take longer due to network latency or processing constraints on the target systems.
Troubleshooting/Common Errors
Error | What Happened | Suggested Action |
---|---|---|
Job Aborted Due to Overdue | vScope’s discovery probe for WMI has timed out on the target machine. | Verify any issues on the target machine that could cause timeouts. Refer to Microsoft’s WMI Connection Timed Out troubleshooting guide. |
RPC Server Is Unavailable: Stopped RPC Service | The RPC service on the targeted servers might be stopped. | Check if the RPC service is running and accessible on the servers. |
RPC Server Is Unavailable: Name Resolution Issues | The RPC server’s name is possibly resolving to the wrong IP address, causing WMI discovery attempts on an incorrect IP. | Test connectivity by pinging the hostname and confirming the correct IP address. |
RPC Server Is Unavailable: Traffic Blocked by Firewall | Firewall or security applications may be blocking traffic on TCP port 135 or dynamic ports (TCP/UDP 49152-65535). | Ensure that the firewall settings on both the vScope server and target servers allow traffic on these ports. |
RPC Server Is Unavailable: Connectivity Issues | The target server might be down or inaccessible due to network-related issues. | Verify connectivity from the vScope server to the target using the WMI access confirmation guide. |
Access Denied: Insufficient Privileges | The WMI credential lacks necessary permissions to read the target machine(s). | Ensure that the credential has appropriate permissions as outlined in Setting up WMI access via AD GPO. |
Access Denied: Incorrect or Expired Password | The credential password is incorrect or expired. | Verify the password in both vScope and Active Directory, ensuring it doesn’t contain unsupported special characters. |
Access Denied: Time Difference | There is a significant time difference between the vScope server and the target machine(s). | Confirm the local time on both the vScope server and target machines are synchronized. |
Access Denied: NTLM Disabled | NTLM is disabled on the server, which is necessary for WMI authentication. | Enable NTLM on the target machines to allow authentication. |
Could Not Build Unique ID for Target | vScope cannot find a MAC address on the target machine, often due to limited permissions. | Confirm that permissions are set correctly as per WMI and WinRM setup guide. If unresolved, try re-joining the machine to the domain. |
Recently scanned by WMI through another IP. Delaying scan. | The WMI target was recently scanned with a different WMI credential and was put furthest back in the queue. | Make sure the target machine has been scanned with WMI. |
WinRM Login failed: HTTP: 401: Unspecific Access Denied | Most commonly combined with WMI succeeding. vScope not able to login to the target machines using WinRM. | Ensure the correct credentials are used. |