Active, couldn't classify: No WMI connection

anandtk
Giga Contributor

Getting this popular error in discovery.

Usually the issues would be around any of the following, not this time.

Already verified the following.

MID server and target (Windows7) are reachable.

Target TCP 135 , 139, 445, DCOM Ports: â—¦High port range 49152 - 65535
â—¦Low port range 1025 - 5000 All are kept open.

Account has :

Local admin right,

Domain wide account,

with password as never expire,

access to execute 'WMI queries' on the target servers.

I have personally used the discovery account to login to the server and ran a simple command on the command prompt and it works well.

Wondering what could be the next step.

WBEM test???

Please share your ideas.

1 ACCEPTED SOLUTION

Hi,



By the payload It's clear it's failing due to permissions. You may want to check your MID Server is running with the right account.



Connection failed to WMI service. Error: Permission denied


Thanks,
Berny


View solution in original post

17 REPLIES 17

Hi Anand,



Please post your ECC queue input for Windows classifier probe. Lets see what is the error it showing there.



Regards,


Vivek


ecc.PNG



Below is the xml of the last input:



<results probe_time="2636" result_code="0"><result><error>Connection failed to WMI service. Error: Permission denied</error></result><parameters><parameter name="agent" value="mid.server.OA_DEV_Discovery_MID_Server"/><parameter name="glide.xmlhelper.trim.enable" value="true"/><parameter name="use_class" value="discovery_classy_windows"/><parameter name="runner_type" value="WMIRunner"/><parameter name="source" value="10.32.xx.xx"/><parameter name="WMI_FetchData" value="root\virtualization\v2\Msvm_ComputerSystem.Name,HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters/Domain,HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters/Hostname,root\MSCluster\MSCluster_Resource.PrivateProperties,root\MSCluster\MSCluster_Resource.Name,root\MSCluster\MSCluster_Node.Name,root\MSCluster\MSCluster_Cluster.Name,root\MSCluster\MSCluster_ClusterToResource.GroupComponent,root\MSCluster\MSCluster_ClusterToResource.PartComponent,root\MSCluster\MSCluster_ClusterToNode.Antecedent,root\MSCluster\MSCluster_ClusterToNode.Dependent,root\virtualization\Msvm_ComputerSystem.Name,root\MSCluster\MSCluster_Resource.Type,Win32_ComputerSystem.Domain,Win32_ComputerSystem.Name,Win32_OperatingSystem.Caption,Win32_OperatingSystem.Version"/><parameter name="port_probe" value="9802b18f0a0a0703009d322d5b5540e5"/><parameter name="sys_id" value="65434f8313697240689651a63244b068"/><parameter name="sys_created_on" value="2017-03-21 17:31:48"/><parameter name="used_by_discovery" value="true"/><parameter name="state" value="ready"/><parameter name="probe_name" value="Windows - Classify"/><parameter name="discover" value="CIs"/><parameter name="response_to" value="054387cb4fe5368055a0bc218110c73f"/><parameter name="priority" value="2"/><parameter name="agent_correlator" value="1a3303cb4fe5368055a0bc218110c708"/><parameter name="probe" value="b11360600a0a0ba500c41bcbae55c5c4"/><parameter name="GenerateWMIScriptJS_WMI_FetchData.js" value="var scanner = getScanner();


if (scanner) {


      scanner.addFetch('root\\virtualization\\v2\\Msvm_ComputerSystem.Name');


      scanner.addFetch('HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters/Domain');


      scanner.addFetch('HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters/Hostname');


      scanner.addFetch('root\\MSCluster\\MSCluster_Resource.PrivateProperties');


      scanner.addFetch('root\\MSCluster\\MSCluster_Resource.Name');


      scanner.addFetch('root\\MSCluster\\MSCluster_Node.Name');


      scanner.addFetch('root\\MSCluster\\MSCluster_Cluster.Name');


      scanner.addFetch('root\\MSCluster\\MSCluster_ClusterToResource.GroupComponent');


      scanner.addFetch('root\\MSCluster\\MSCluster_ClusterToResource.PartComponent');


      scanner.addFetch('root\\MSCluster\\MSCluster_ClusterToNode.Antecedent');


      scanner.addFetch('root\\MSCluster\\MSCluster_ClusterToNode.Dependent');


      scanner.addFetch('root\\virtualization\\Msvm_ComputerSystem.Name');


      scanner.addFetch('root\\MSCluster\\MSCluster_Resource.Type');


      scanner.addFetch('Win32_ComputerSystem.Domain');


      scanner.addFetch('Win32_ComputerSystem.Name');


      scanner.addFetch('Win32_OperatingSystem.Caption');


      scanner.addFetch('Win32_OperatingSystem.Version');


      scanner.fetch();


}


"/><parameter name="sequence" value="15af1ecbd540000001"/><parameter name="port" value="135"/><parameter name="cidata" value="<CIData><data><fld name="ip_address">10.32.xx.xx</fld><fld name="dns_name">houvtstwsvt02.msn00.oneamerica.com</fld><fld name="name">HOUVTSTWSVT02</fld><fld name="dns_domain">MSN00.ONEAMERICA.COM</fld></data><rl name="cmdb_ip_service_ci:ci"><fld name="isM2M">true</fld><fld name="table_name">cmdb_ip_service_ci</fld><fld name="field_name">ci</fld><fld name="target_table_name">cmdb_ip_service</fld><fld name="target_ref_field_name">service</fld><rl_rec><fld name="description"> </fld><fld name="service">e433d6bdc0a8016400081f03a8dd1536</fld></rl_rec></rl></CIData>"/><parameter name="name" value="WMI: Classify (nodes: 1)"/><parameter name="topic" value="WMIRunner"/><parameter name="queue" value="output"/><parameter name="ecc_queue" value="65434f8313697240689651a63244b068"/></parameters></results>


Hi,



By the payload It's clear it's failing due to permissions. You may want to check your MID Server is running with the right account.



Connection failed to WMI service. Error: Permission denied


Thanks,
Berny


Thanks Berny for taking a look. You have nailed it.


Just found it was running with the local credentials that was not domain wide as well not local admin.



I just tied to change it to the right one. It does not let me stop and start the service.


Here is the extract from the MID server agent log.


"


expedited.queued: 0 probes, expedited.processing: 0 probes interactive.queued: 0 probes, interactive.processing: 0 probes


03/24/17 12:24:40 (579) WrapperListener_stop_runner Running under Java version: 1.8.0_60, java PID: 17552, args: stop


03/24/17 12:24:40 (579) WrapperListener_stop_runner Stopping MID server


03/24/17 12:24:40 (579) WrapperListener_stop_runner interrupting thread IdleConnectionMonitor.5


03/24/17 12:24:51 (155) LogStatusMonitor.60 stats threads: 2090, memory max: 910.0mb, allocated: 891.0mb, used: 813.0mb, standard.queued: 0 probes, standard.processing: 0 probes expedited.queued: 0 probes, expedited.processing: 0 probes interactive.queued: 0 probes, interactive.processing: 0 probes



"


I fixed the service restart issues. I have made the necessary changes to the account that need to be used by the MID server. Restarted the services.


I re-ran the scan but it still fails with the same error.