Getting Active, couldn't classify: No WMI connection in discovery

John Vo1 · ‎03-21-2020

Getting Active, couldn't classify: No WMI connection in discovery. I was able to see 5 computers classify but all others were getting this message. I tested my credentials on my laptop and it failed but passed on the 5 computers that were classify. Is there something I need to do to have them scan? Since we are remote I'm scanning the VPN ip address subnets.

DaveHertel · ‎03-21-2020

Hi John - This generally (most often) means the credentials failed during the classification phase. On the WMI - classification input probe (ecc queue), look at details of inbound response. I'm betting it'll state something about problems with creds.

Use Discovery>Credentials to test whatever cred you think should work against the target IP to check.

Hope this helps?

John Vo1 · ‎03-21-2020

Dave,

I test the credentials on a computer that was discovered and it pass, but when I tested mine which was active couldn't classify: No WMI connection and the credentials test failed. I know these are valid username and password for this. It worked before when we were in the office and now that we are remote and on vpn it doesn't classify it.

DaveHertel · ‎03-21-2020

if you are trying to discover your own computer, using the same credentials and you know the ID and password of that credential, then try just logging in to your own computer using those credentials - it should work if the CRED truly has access to your computer. Since the CRED should have administrative rights to your computer....

Its unlikely VPN has much to do with this -- unless there is something unusual about your network setup, perhaps firewalls or other blockers between the MID and your computer.

Hope this helps?

John Vo1 · ‎03-21-2020

Dave,

My admin gave local admin rights to the account servicenow that I use to scan with. This is my payload. Looks like port 135 refused.

Thanks,

John