Tag: WMI

Troubleshooting WMI Access Permissions

Overview

Windows Management Instrumentation (WMI) is a key component used by the LogicMonitor Collector to monitor Windows servers. However, issues can arise when the Collector machine attempts to query hosts for data due to permission restrictions. This guide provides an overview of WMI access permissions and offers troubleshooting steps to resolve common issues.

Establishing WMI Access

To ensure proper WMI access, the Collector services should reference an administrative account that has sufficient privileges on the target Windows hosts. Follow these steps to set up the correct user credentials for the Collector services:

  1. Open the Services management console on the Collector machine.
  2. Locate the “LogicMonitor Collector” and “LogicMonitor Watchdog” services.
  3. Right-click on each service and select “Properties”.
  4. Go to the “Log On” tab and enter the credentials of a domain user with administrative privileges or a local administrator account that exists on the target hosts.
  5. Apply the changes and restart both services.

By running the Collector services under an appropriate user account, you can ensure that the necessary WMI queries are executed with the required permissions.

Testing WMI Access from the Local Host

To verify WMI access on the host itself, follow these steps:

  1. Click Start > Run… > wbemtest to launch the WBEMTEST utility.
  2. Click “Connect” and keep the default settings.
  3. Enter the name of the local or remote host, followed by \root\cimv2, in the remote namespace field. For example, \\localhost\root\cimv2.
  4. Enter the credentials of the user account used by the Collector services for authentication.
  5. Click “Connect”.

If the connection is successful, you will be able to explore and perform WMI queries using the WBEMTEST utility. If the connection fails, there may be an issue with the WMI or RPC services on the host. Check that these services are running correctly or repair the WMI installation if necessary.

Establishing WMI Access for Non-host-based Firewalls

If you are using non-host-based firewalls or third-party firewalls on your Windows hosts, you may need to open specific ports to allow for WMI communication. By default, port 135/tcp (RPC Endpoint Mapper) is used to establish initial communication. After that, DCOM assigns ports dynamically within a specified range.

To enable WMI communication through firewalls, follow these steps:

  1. Determine the dynamic port range used by your Windows version (e.g., 49152-65535 for Windows Server 2008 and later versions).
  2. Configure your firewall to allow incoming connections on the RPC Endpoint Mapper port (default: 135/tcp).
  3. Configure your firewall to allow incoming connections on the dynamic port range used by WMI. This range should match the configured dynamic port range.
  4. Consider restricting access to the above ports based on your network security requirements.

By properly configuring your firewall settings, you can ensure that WMI communication is allowed between the Collector machine and the target Windows hosts.

Repairing WMI Access

If you are experiencing issues with WMI access, you may need to troubleshoot and repair your WMI class structure. Follow these steps to repair your WMI access:

  1. Run the Command Prompt as an administrator on the affected host.
  2. Enter the following command to stop the WMI service: 
    net stop winmgmt
  3. Navigate to the C:\Windows\System32\wbem directory.
  4. Rename the repository folder to repository.old.
  5. Restart the host.
  6. Open the Command Prompt as an administrator again.
  7. Enter the following command to rebuild the WMI repository: 
    winmgmt /resetrepository
  8. You may be prompted to confirm the repository reset. Type “Y” and press Enter.
  9. Wait for the reset process to complete.
  10. Restart the host once again.

After completing these steps, the WMI class structure should be repaired, and you should be able to establish proper WMI access.

Common WMI Error Codes

Here are some common WMI error codes and their possible causes:

  • Error: 0x800706BA RPC Server Unavailable

    • Possible Issue: The Windows Firewall is blocking the connection.
    • Quick Fix: Execute netsh firewall set service RemoteAdmin enable from the command console at the monitored host (not the host on which the Collector is running).

  • Error: 0x80070005 – Access is denied by DCOM

    • Possible Issue: The user does not have remote access to the computer through DCOM.
    • Quick Fix: Give the user Remote Launch and Remote Activation permissions in dcomcnfg.

  • Error: 0x80041003 – Access is denied by a WMI provider

    • Possible Issue: The user does not have access to the specific WMI namespace.
    • Quick Fix: Assign remote access permissions for the user to the desired WMI namespace using the WMI Control utility.

Conclusion

Establishing and troubleshooting WMI access is essential for successful Windows monitoring with LogicMonitor. By following the steps outlined in this guide, you can ensure that your Collector has the necessary permissions to query Windows hosts via WMI. If you encounter any issues or need further assistance, don’t hesitate to reach out to LogicMonitor Support.

Tags: WMI, Windows monitoring, troubleshooting, access permissions
Reference Link