Active, couldn't classify: No WMI connection

Go to solution
anandtk
Giga Contributor

‎03-22-2017 04:28 AM

Getting this popular error in discovery.

Usually the issues would be around any of the following, not this time.

Already verified the following.

MID server and target (Windows7) are reachable.

Target TCP 135 , 139, 445, DCOM Ports: â—¦High port range 49152 - 65535
â—¦Low port range 1025 - 5000 All are kept open.

Account has :

Local admin right,

Domain wide account,

with password as never expire,

access to execute 'WMI queries' on the target servers.

I have personally used the discovery account to login to the server and ran a simple command on the command prompt and it works well.

Wondering what could be the next step.

WBEM test???

Please share your ideas.

Labels:
0 Helpfuls
  • 8,610 Views
1 ACCEPTED SOLUTION

Go to solution
bernyalvarado
Mega Sage
In response to anandtk

‎03-24-2017 07:12 AM

Hi,



By the payload It's clear it's failing due to permissions. You may want to check your MID Server is running with the right account. 



Connection failed to WMI service. Error: Permission denied


Thanks,
Berny


View solution in original post

17 REPLIES 17

Go to solution
VivekSattanatha
Mega Sage
In response to anandtk

‎03-24-2017 12:48 AM

Hi Anand,



Please post your ECC queue input for Windows classifier probe. Lets see what is the error it showing there.



Regards,


Vivek


Go to solution
anandtk
Giga Contributor
In response to VivekSattanatha

‎03-24-2017 06:59 AM

ecc.PNG



Below is the xml of the last input:



<results probe_time="2636" result_code="0"><result><error>Connection failed to WMI service. Error: Permission denied</error></result><parameters><parameter name="agent" value="mid.server.OA_DEV_Discovery_MID_Server"/><parameter name="glide.xmlhelper.trim.enable" value="true"/><parameter name="use_class" value="discovery_classy_windows"/><parameter name="runner_type" value="WMIRunner"/><parameter name="source" value="10.32.xx.xx"/><parameter name="WMI_FetchData" value="root\virtualization\v2\Msvm_ComputerSystem.Name,HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters/Domain,HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters/Hostname,root\MSCluster\MSCluster_Resource.PrivateProperties,root\MSCluster\MSCluster_Resource.Name,root\MSCluster\MSCluster_Node.Name,root\MSCluster\MSCluster_Cluster.Name,root\MSCluster\MSCluster_ClusterToResource.GroupComponent,root\MSCluster\MSCluster_ClusterToResource.PartComponent,root\MSCluster\MSCluster_ClusterToNode.Antecedent,root\MSCluster\MSCluster_ClusterToNode.Dependent,root\virtualization\Msvm_ComputerSystem.Name,root\MSCluster\MSCluster_Resource.Type,Win32_ComputerSystem.Domain,Win32_ComputerSystem.Name,Win32_OperatingSystem.Caption,Win32_OperatingSystem.Version"/><parameter name="port_probe" value="9802b18f0a0a0703009d322d5b5540e5"/><parameter name="sys_id" value="65434f8313697240689651a63244b068"/><parameter name="sys_created_on" value="2017-03-21 17:31:48"/><parameter name="used_by_discovery" value="true"/><parameter name="state" value="ready"/><parameter name="probe_name" value="Windows - Classify"/><parameter name="discover" value="CIs"/><parameter name="response_to" value="054387cb4fe5368055a0bc218110c73f"/><parameter name="priority" value="2"/><parameter name="agent_correlator" value="1a3303cb4fe5368055a0bc218110c708"/><parameter name="probe" value="b11360600a0a0ba500c41bcbae55c5c4"/><parameter name="GenerateWMIScriptJS_WMI_FetchData.js" value="var scanner = getScanner();


if (scanner) {


      scanner.addFetch('root\\virtualization\\v2\\Msvm_ComputerSystem.Name');


      scanner.addFetch('HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters/Domain');


      scanner.addFetch('HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters/Hostname');


      scanner.addFetch('root\\MSCluster\\MSCluster_Resource.PrivateProperties');


      scanner.addFetch('root\\MSCluster\\MSCluster_Resource.Name');


      scanner.addFetch('root\\MSCluster\\MSCluster_Node.Name');


      scanner.addFetch('root\\MSCluster\\MSCluster_Cluster.Name');


      scanner.addFetch('root\\MSCluster\\MSCluster_ClusterToResource.GroupComponent');


      scanner.addFetch('root\\MSCluster\\MSCluster_ClusterToResource.PartComponent');


      scanner.addFetch('root\\MSCluster\\MSCluster_ClusterToNode.Antecedent');


      scanner.addFetch('root\\MSCluster\\MSCluster_ClusterToNode.Dependent');


      scanner.addFetch('root\\virtualization\\Msvm_ComputerSystem.Name');


      scanner.addFetch('root\\MSCluster\\MSCluster_Resource.Type');


      scanner.addFetch('Win32_ComputerSystem.Domain');


      scanner.addFetch('Win32_ComputerSystem.Name');


      scanner.addFetch('Win32_OperatingSystem.Caption');


      scanner.addFetch('Win32_OperatingSystem.Version');


      scanner.fetch();


}


"/><parameter name="sequence" value="15af1ecbd540000001"/><parameter name="port" value="135"/><parameter name="cidata" value="<CIData><data><fld name="ip_address">10.32.xx.xx</fld><fld name="dns_name">houvtstwsvt02.msn00.oneamerica.com</fld><fld name="name">HOUVTSTWSVT02</fld><fld name="dns_domain">MSN00.ONEAMERICA.COM</fld></data><rl name="cmdb_ip_service_ci:ci"><fld name="isM2M">true</fld><fld name="table_name">cmdb_ip_service_ci</fld><fld name="field_name">ci</fld><fld name="target_table_name">cmdb_ip_service</fld><fld name="target_ref_field_name">service</fld><rl_rec><fld name="description"> </fld><fld name="service">e433d6bdc0a8016400081f03a8dd1536</fld></rl_rec></rl></CIData>"/><parameter name="name" value="WMI: Classify (nodes: 1)"/><parameter name="topic" value="WMIRunner"/><parameter name="queue" value="output"/><parameter name="ecc_queue" value="65434f8313697240689651a63244b068"/></parameters></results>


Preview file
35 KB
0 Helpfuls

Go to solution
bernyalvarado
Mega Sage
In response to anandtk

‎03-24-2017 07:12 AM

Hi,



By the payload It's clear it's failing due to permissions. You may want to check your MID Server is running with the right account. 



Connection failed to WMI service. Error: Permission denied


Thanks,
Berny


Go to solution
anandtk
Giga Contributor
In response to bernyalvarado

‎03-24-2017 08:52 AM

Thanks Berny for taking a look. You have nailed it.


Just found it was running with the local credentials that was not domain wide as well not local admin.



I just tied to change it to the right one. It does not let me stop and start the service.


Here is the extract from the MID server agent log.


"


expedited.queued: 0 probes, expedited.processing: 0 probes interactive.queued: 0 probes, interactive.processing: 0 probes


03/24/17 12:24:40 (579) WrapperListener_stop_runner Running under Java version: 1.8.0_60, java PID: 17552, args: stop


03/24/17 12:24:40 (579) WrapperListener_stop_runner Stopping MID server


03/24/17 12:24:40 (579) WrapperListener_stop_runner interrupting thread IdleConnectionMonitor.5


03/24/17 12:24:51 (155) LogStatusMonitor.60 stats threads: 2090, memory max: 910.0mb, allocated: 891.0mb, used: 813.0mb, standard.queued: 0 probes, standard.processing: 0 probes expedited.queued: 0 probes, expedited.processing: 0 probes interactive.queued: 0 probes, interactive.processing: 0 probes



"


0 Helpfuls

Go to solution
anandtk
Giga Contributor
In response to bernyalvarado

‎03-24-2017 10:12 AM

I fixed the service restart issues. I have made the necessary changes to the account that need to be used by the MID server. Restarted the services.


I re-ran the scan but it still fails with the same error.


0 Helpfuls