Active, couldn't classify: No WMI connection

Kumar96
Kilo Contributor

‎02-28-2018 09:57 AM

I am getting this error when discovering windows servers.  We were able to run this in sub production and aftger I cloned the sub prod to Prod for go live we are facing this issue

I have checked the Mid Server.  It is running with the correct credentials

The credentials stored in service-now authenticate to the windows server.  There is no issue with the credentials.  I have run the powershell script in the mid server to check the credentails and it passed.

 

The service now service in the mid server is running with the service account credentials. 

Below is the payload

Can someone help me with this

 

Vijay

 

 

Payload

 

<results probe_time="9405" result_code="0">
<result>
<error>
Error evaling C:\Users\SVC~1.SNM\AppData\Local\Temp\GenerateWMIScriptJS_WMI_FetchData2244137724049011562.js: Expected ';'
</error>
</result>
<parameters>
<parameter name="mid_selector_details" value="{"mode":"specific_mid"}"/>
<parameter name="agent" value="mid.server.MidServer_EUR_PROD"/>
<parameter name="glide.xmlhelper.trim.enable" value="true"/>
<parameter name="use_class" value="discovery_classy_windows"/>
<parameter name="runner_type" value="WMIRunner"/>
<parameter name="source" value="172.16.17.10"/>
<parameter name="WMI_FetchData"value="root\virtualization\v2\Msvm_ComputerSystem.Name,HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters/Domain,HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters/Hostname,root\MSCluster\MSCluster_Resource.PrivateProperties,root\MSCluster\MSCluster_Resource.Name,root\MSCluster\MSCluster_Node.Name,root\MSCluster\MSCluster_Cluster.Name,root\MSCluster\MSCluster_ClusterToResource.GroupComponent,root\MSCluster\MSCluster_ClusterToResource.PartComponent,root\MSCluster\MSCluster_ClusterToNode.Antecedent,root\MSCluster\MSCluster_ClusterToNode.Dependent,root\virtualization\Msvm_ComputerSystem.Name,root\MSCluster\MSCluster_Resource.Type,Win32_ComputerSystem.Domain,Win32_ComputerSystem.Name,Win32_OperatingSystem.Caption,Win32_OperatingSystem.Version"/>
<parameter name="port_probe" value="9802b18f0a0a0703009d322d5b5540e5"/>
<parameter name="sys_id" value="5bf46af9db685fc4a48f3ebd7c961993"/>
<parameter name="from_host" value=""/>
<parameter name="sys_created_on" value="2018-02-28 17:26:36"/>
<parameter name="used_by_discovery" value="true"/>
<parameter name="state" value="ready"/>
<parameter name="probe_name" value="Windows - Classify"/>
<parameter name="discover" value="CIs"/>
<parameter name="response_to" value="c2f42af9db685fc4a48f3ebd7c9619d9"/>
<parameter name="from_sys_id" value=""/>
<parameter name="priority" value="2"/>
<parameter name="agent_correlator" value="1fd4e671dbe093c840ea5498dc9619eb"/>
<parameter name="probe" value="b11360600a0a0ba500c41bcbae55c5c4"/>
<parameter name="GenerateWMIScriptJS_WMI_FetchData.js" value="var scanner = getScanner(); if (scanner) { scanner.addFetch('root\\virtualization\\v2\\Msvm_ComputerSystem.Name'); scanner.addFetch('HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters/Domain'); scanner.addFetch('HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters/Hostname'); scanner.addFetch('root\\MSCluster\\MSCluster_Resource.PrivateProperties'); scanner.addFetch('root\\MSCluster\\MSCluster_Resource.Name'); scanner.addFetch('root\\MSCluster\\MSCluster_Node.Name'); scanner.addFetch('root\\MSCluster\\MSCluster_Cluster.Name'); scanner.addFetch('root\\MSCluster\\MSCluster_ClusterToResource.GroupComponent'); scanner.addFetch('root\\MSCluster\\MSCluster_ClusterToResource.PartComponent'); scanner.addFetch('root\\MSCluster\\MSCluster_ClusterToNode.Antecedent'); scanner.addFetch('root\\MSCluster\\MSCluster_ClusterToNode.Dependent'); scanner.addFetch('root\\virtualization\\Msvm_ComputerSystem.Name'); scanner.addFetch('root\\MSCluster\\MSCluster_Resource.Type'); scanner.addFetch('Win32_ComputerSystem.Domain'); scanner.addFetch('Win32_ComputerSystem.Name'); scanner.addFetch('Win32_OperatingSystem.Caption'); scanner.addFetch('Win32_OperatingSystem.Version'); scanner.fetch(); } "/>
<parameter name="processed" value=""/>
<parameter name="error_string" value=""/>
<parameter name="sequence" value="161dd739b2e0000001"/>
<parameter name="port" value="135"/>
<parameter name="cidata" value="<CIData><data><fld name="ip_address">172.16.17.10</fld><fld name="location">4a1ee37cdb724300c296d7795e9619cb</fld></data></CIData>"/>
<parameter name="name" value="WMI: Classify (nodes: 1)"/>
<parameter name="topic" value="WMIRunner"/>
<parameter name="queue" value="output"/>
<parameter name="ecc_queue" value="5bf46af9db685fc4a48f3ebd7c961993"/>
</parameters>
</results>
Labels:
  • 3,656 Views
2 REPLIES 2

vinothkumar
Tera Guru

‎03-15-2018 12:41 PM

Active, couldn't classify: No WMI connection clearly indicates that this was an issue with credentials, may be the mid server was not added to access control list.

 

If you are having credentials and the IP address, you can validate by clicking the Test credentials and the pop up will come, there enter your IP address to validate the credentials

 

find_real_file.png

Preview file
18 KB
0 Helpfuls

Nithish1
Tera Guru

‎03-15-2018 01:24 PM

Hi,

Please verify

MID server and target (Windows7) are reachable.

Target TCP 135 , 139, 445, DCOM Ports: High port range 49152 - 65535, Low port range 1025 - 5000 are kept open.

Does account has : Local admin rights?

You may also want to check your MID Server is running with the right account.

 

Thanks,

Nithish

0 Helpfuls