Skip to content

Windows (WMI)

The Windows Management Interface (WMI) is a Microsoft technology leveraged by vScope to inventory Windows-based operating systems. Windows (WMI) communicates over the Distributed Component Object Model (DCOM) protocol, which allows remote access to system information.

If you rather inventory Windows over WinRM or PowerShell, please see Windows (WinRM) or Windows (PowerShell).


Requirements

  • Permission: Ensure the account used for WMI discovery has the necessary permissions on the target Windows systems. These settings can be controlled:
    • using GPO
    • using local/domain administrator.
  • Access: Ensure that the selected port is open on the target machine.

You may want to review different options for Windows Discovery

Adding WMI to vScope

  1. Go to Discovery > Credentials.
  2. Click Create Credential, and select Windows (WMI).
  3. Ensure that “Use WinRM” is disabled under Advanced settings.
  4. Configure your Integration Settings by adding the credential details. You can reuse an existing credential, or create a new one from scratch.
  5. Select the target to be discovered by this credential and click Create.

How it works

vScope collects information from Windows operating systems using various WMI scripts, utilizing VBscript. The scripts can be run from the vScope server using plain WMI, or locally on the target machine using PowerShell using WinRM.

Change Default Timeout

To prevent prolonged discovery sessions, vScope enforces a default timeout of 15 minutes (900 seconds) for WMI discovery. If a WMI probe on a resource does not complete within this timeframe, vScope will halt the inventory process for that target.

  1. Locate the Config File
    Navigate to the ..\vScopeData\configuration\config.ini file on your vScope server.

  2. Add a Custom Timeout
    Open config.ini and add a new row to specify the desired timeout in seconds. For example, setting the timeout to 1800 seconds (30 minutes) would look like this:

    discovery.probe.wmi.timeout=1800
  3. Restart the vScope Service After saving your changes, restart the vScope service for the new timeout settings to take effect. Increasing the timeout may be useful in environments where WMI requests take longer due to network latency or processing constraints on the target systems.


Troubleshooting/Common Errors

ErrorWhat HappenedSuggested Action
Job Aborted Due to OverduevScope’s discovery probe for WMI has timed out on the target machine.Verify any issues on the target machine that could cause timeouts. Refer to Microsoft’s WMI Connection Timed Out troubleshooting guide.
RPC Server Is Unavailable: Stopped RPC ServiceThe RPC service on the targeted servers might be stopped.Check if the RPC service is running and accessible on the servers.
RPC Server Is Unavailable: Name Resolution IssuesThe RPC server’s name is possibly resolving to the wrong IP address, causing WMI discovery attempts on an incorrect IP.Test connectivity by pinging the hostname and confirming the correct IP address.
RPC Server Is Unavailable: Traffic Blocked by FirewallFirewall or security applications may be blocking traffic on TCP port 135 or dynamic ports (TCP/UDP 49152-65535).Ensure that the firewall settings on both the vScope server and target servers allow traffic on these ports.
RPC Server Is Unavailable: Connectivity IssuesThe target server might be down or inaccessible due to network-related issues.Verify connectivity from the vScope server to the target using the WMI access confirmation guide.
Access Denied: Insufficient PrivilegesThe WMI credential lacks necessary permissions to read the target machine(s).Ensure that the credential has appropriate permissions as outlined in Setting up WMI access via AD GPO.
Access Denied: Incorrect or Expired PasswordThe credential password is incorrect or expired.Verify the password in both vScope and Active Directory, ensuring it doesn’t contain unsupported special characters.
Access Denied: Time DifferenceThere is a significant time difference between the vScope server and the target machine(s).Confirm the local time on both the vScope server and target machines are synchronized.
Access Denied: NTLM DisabledNTLM is disabled on the server, which is necessary for WMI authentication.Enable NTLM on the target machines to allow authentication.
Could Not Build Unique ID for TargetvScope cannot find a MAC address on the target machine, often due to limited permissions.Confirm that permissions are set correctly as per WMI and WinRM setup guide. If unresolved, try re-joining the machine to the domain.
Recently scanned by WMI through another IP. Delaying scan.The WMI target was recently scanned with a different WMI credential and was put furthest back in the queue.Make sure the target machine has been scanned with WMI.
WinRM Login failed: HTTP: 401: Unspecific Access DeniedMost commonly combined with WMI succeeding. vScope not able to login to the target machines using WinRM.Ensure the correct credentials are used.