WMI Troubleshoot

Comments Off on WMI Troubleshoot

This guide will go through the most common scenarios when WMI is not working properly.

1. Job aborted due to overdue

The warning message “Job aborted due to overdue” means that vScope’s discovery probe for WMI has timed out on the target machine,

1.1 Troubleshooting

There might be some issues on the target machine that causes the time out. This article by Microsoft discusses this issue in their “WMI Connection Timed Out” session: https://docs.microsoft.com/en-us/windows/win32/wmisdk/troubleshooting-a-remote-wmi-connection

2. RPC server is unavailable

If you receive the error message “RPC server is unavailable” when trying to discover information with WMI there are four plausible issues:

2.1 Stopped RPC service

Ensure that the RPC service on the targeted servers is running and accessible.

TROUBLESHOOT – Look at the running services on the servers.

2.2 Name resolution issues

The RPC server’s name may be resolving to the wrong IP address which results in vScope attempting to discover WMI information from an IP that is not in use.

TROUBLESHOOT – Try to ping the hostname and the corresponding IP address.

2.3 Traffic blocked by firewall

Overview the firewall settings or if any security application is preventing traffic on the TCP port 135. The RPC service may also alternate on dynamic ports between TCP/UDP 49152-65535.

TROUBLESHOOT – First check if the port on the vScope server is open for outgoing traffic. Secondly, ensure that the port is open on the targeted servers.

2.4 Connectivity issues

The server might be down or inaccessible due to network-related issues. You can ensure access from the vScope server to the target using the following guide:

How to confirm WMI access through DCOM and WinRM

3. Access Denied

If you are unable to Discover machines with WMI and receive “Access Denied.” as error message, here are som tips to troubleshoot it.

3.1 Check the privileges of the WMI-credential

Make sure that the account that is used is allowed to read the targeted machine(s). Here is a guide describing how set up local accounts to access specific machine/machines: Setting up WMI access via AD GPO.

3.2 Ensure that the account’s password is correct and not expired

Please verify this in both vScope and through your Active Directory. If your password contains special characters (eg. “,$,%,<), some Windows OS:s might not accept the password and throw “access denied”.

3.3 Make sure the local time is correctly set on the targeted machine(s)

A major time difference between the vScope server and the targeted machine(s) can cause unexpected results.

3.4 Ensure that NTLM is enabled on target machines

NTLM needs to be enabled on the server for the WMI authentication to work.

4. Could not find any way to build a reliable unique ID for target

This error message appears when vScope is not able to find any MAC address on the target machine during a discovery. The service account has probably not enough permissions. Make sure you have followed every step in this guide.

If the above suggested solutions does not solve the error message, please try removing and re-adding the machine to the domain or contact us via the Online support form or on support@infrasightlabs.com.