- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-06-2025 07:05 AM
I am trying to discover windows server using the credentials and keep encountering "Active, couldn't classify: No WMI connection". I have performed the following steps:
- Validate the Credential using RDP
- Validate the ServiceNow Discovery WMI ports 135 and port ranges 49152 - 65535 between the MID Server and the Remote Windows host are open
Do I need to open 5985 for "WinRM((HTTP)"?
In addition, I am unable to discover Windows server in the same domain as my MID server (no Firewall) with the same error.
Looking forward to all your valuable suggestions.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-06-2025 02:17 PM
Hi @Kalpan2
How to Troubleshoot Windows WMI Discovery Failures in ServiceNow
Here's a systematic approach to resolve your WMI connection issues:
Verify Credentials and Permissions
Test WMI access using PowerShell from the MID Server:
powershell
$cred = Get-Credential -UserName "domain\username" -Message "Enter credentials"
Get-WmiObject -Class Win32_OperatingSystem -ComputerName "TARGET_SERVER" -Credential $cred
- Ensure the account has local Administrator rights.
- Verify membership in required groups (Administrators, Remote Management Users).
- Test credentials directly in ServiceNow using the "Test Credential" UI action.
Network Connectivity Checks
Verify required ports are open:
- Port 135 (WMI)
- Dynamic ports (49152-65535)
- Port 5985 (WinRM HTTP) - if using WinRM
Test port connectivity:
powershell
Test-NetConnection -ComputerName "TARGET_SERVER" -Port 135
Test-NetConnection -ComputerName "TARGET_SERVER" -Port 5985
WMI Service Verification
Check WMI service status on the target:
powershell
Get-Service -Name "Winmgmt" | Select-Object Name, Status, StartType
If the service needs a restart:
powershell
Restart-Service -Name "Winmgmt" -Force
Configure WinRM (if needed)
Run the following on the target server:
powershell
winrm quickconfig
DCOM Configuration
- Open dcomcnfg.
- Navigate to Component Services > Computers > My Computer > DCOM Config.
- Check permissions for "Windows Management and Instrumentation."
- Enable "Remote Launch" and "Remote Activation."
UAC Remote Restrictions
Create or modify the registry key to disable UAC remote restrictions:
powershell
New-ItemProperty -Path "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "LocalAccountTokenFilterPolicy" -Value 1 -PropertyType DWord -Force
MID Server Specific Checks
- Verify the MID Server status in ServiceNow.
- Check MID Server logs for WMI-related errors.
- Ensure Windows and WMI capabilities are enabled.
Additional Troubleshooting Steps
If issues persist:
- Enable debug logging on the MID Server.
- Check Windows Event Logs on the target server.
- Review ServiceNow discovery logs.
- Test WMI connectivity using the wbemtest utility.
Common Error Resolution
"Active, couldn't classify: No WMI connection"
- Verify network connectivity.
- Check firewall rules.
- Confirm service account permissions.
- Validate the WMI service is running.
"RPC server unavailable"
- Check port 135 accessibility.
- Verify the WMI service status.
- Review firewall rules.
Best Practices
- Use domain accounts when possible.
- Implement least privilege access.
- Document successful configurations.
- Regularly monitor discovery logs.
If you need further assistance, please provide:
- MID Server logs.
- Discovery job logs.
- Windows Event logs from the target server.
- A list of troubleshooting steps already attempted.
This should help resolve your WMI discovery issues. Please share the logs or screenshots to help you further.
If you believe the solution provided has adequately addressed your query, could you please **mark it as 'Helpful'** and **'Accept it as a Solution'**? This will help other community members who might have the same question find the answer more easily.
Thank you for your consideration
Selva Arun
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-06-2025 12:40 PM
Hi,
Please try performing network packet capture to see if there is any drop in the packet and also from the MID server try connecting to the remote using WMI explorer and check if the able to access the namespace remotely.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-06-2025 02:17 PM
Hi @Kalpan2
How to Troubleshoot Windows WMI Discovery Failures in ServiceNow
Here's a systematic approach to resolve your WMI connection issues:
Verify Credentials and Permissions
Test WMI access using PowerShell from the MID Server:
powershell
$cred = Get-Credential -UserName "domain\username" -Message "Enter credentials"
Get-WmiObject -Class Win32_OperatingSystem -ComputerName "TARGET_SERVER" -Credential $cred
- Ensure the account has local Administrator rights.
- Verify membership in required groups (Administrators, Remote Management Users).
- Test credentials directly in ServiceNow using the "Test Credential" UI action.
Network Connectivity Checks
Verify required ports are open:
- Port 135 (WMI)
- Dynamic ports (49152-65535)
- Port 5985 (WinRM HTTP) - if using WinRM
Test port connectivity:
powershell
Test-NetConnection -ComputerName "TARGET_SERVER" -Port 135
Test-NetConnection -ComputerName "TARGET_SERVER" -Port 5985
WMI Service Verification
Check WMI service status on the target:
powershell
Get-Service -Name "Winmgmt" | Select-Object Name, Status, StartType
If the service needs a restart:
powershell
Restart-Service -Name "Winmgmt" -Force
Configure WinRM (if needed)
Run the following on the target server:
powershell
winrm quickconfig
DCOM Configuration
- Open dcomcnfg.
- Navigate to Component Services > Computers > My Computer > DCOM Config.
- Check permissions for "Windows Management and Instrumentation."
- Enable "Remote Launch" and "Remote Activation."
UAC Remote Restrictions
Create or modify the registry key to disable UAC remote restrictions:
powershell
New-ItemProperty -Path "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "LocalAccountTokenFilterPolicy" -Value 1 -PropertyType DWord -Force
MID Server Specific Checks
- Verify the MID Server status in ServiceNow.
- Check MID Server logs for WMI-related errors.
- Ensure Windows and WMI capabilities are enabled.
Additional Troubleshooting Steps
If issues persist:
- Enable debug logging on the MID Server.
- Check Windows Event Logs on the target server.
- Review ServiceNow discovery logs.
- Test WMI connectivity using the wbemtest utility.
Common Error Resolution
"Active, couldn't classify: No WMI connection"
- Verify network connectivity.
- Check firewall rules.
- Confirm service account permissions.
- Validate the WMI service is running.
"RPC server unavailable"
- Check port 135 accessibility.
- Verify the WMI service status.
- Review firewall rules.
Best Practices
- Use domain accounts when possible.
- Implement least privilege access.
- Document successful configurations.
- Regularly monitor discovery logs.
If you need further assistance, please provide:
- MID Server logs.
- Discovery job logs.
- Windows Event logs from the target server.
- A list of troubleshooting steps already attempted.
This should help resolve your WMI discovery issues. Please share the logs or screenshots to help you further.
If you believe the solution provided has adequately addressed your query, could you please **mark it as 'Helpful'** and **'Accept it as a Solution'**? This will help other community members who might have the same question find the answer more easily.
Thank you for your consideration
Selva Arun
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-12-2025 07:39 AM
Thanks for this information and troubleshooting steps. I have run through all and everything is tested; however, Discovery fails without any error at classification.
We have decided to use patterns instead of OOTB WMI and WinRM probes. It has given us the desired results.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-22-2025 07:02 AM
WMIC (WMI) is off on Windows 11 by default as it is Depreciated. That is probably what is causing your issue.