- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-20-2019 05:41 AM
Last weekend the various windows teams were pressed to apply the most recent set of Microsoft "Security Patches" . Looks like we applied KB4512489 and KB4511872. When we run a discovery shazzam finds port 135 (wmi) and 5985 (winrm) open but then spawns WMI: CLassify probe and we get a
Connection failed to WMI service. Error: Permission denied
This is happening on all of our Windows Servers.
Solved! Go to Solution.
- Labels:
-
Discovery
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-21-2019 06:16 AM
I found that all of the failed Discoveries were associated with MID Servers that got rebooted during the patch cycle, and had the following Message in the MID Server Issues table (ecc_agent_issue)
Error encountered when invoking PowerShell, the result from running '"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noninteractive -nologo -noprofile -command "$ver = if (Test-Path Variable:\PSVersionTable) { $PSVersionTable.PSVersion } else { (get-host).Version }; 'full_version:' + $ver.ToString() + ', major_version:' + $ver.Major"' is
Restarted the MID Server service on the offending MID Server; the issue went away and discovery works. I am going to have a couple of my test Windows servers rebooted and see if the problem re-emerges after the reboot.
The Occams's razor principle of MID server troubleshooting. "Suppose there exist two explanations for an occurrence. In this case the one that requires the least speculation is usually correct"
Or in this case step 1 should be restart the MID Server Service.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-20-2019 05:50 AM
Hi,
please refer to the following thread:
in Madrid Patch 5, they created a MID Server property (not documented) called mid.use_legacy_wmi that allows you to revert Windows Discovery back to the way it previously was before the drastic change in Patch 3.
So, you have to upgrade your instance to Madrid (at least Patch 5).
Hope this can help you!
If I have answered your question, please mark my response as correct and/or helpful so that others with the same question in the future can find it quickly and that it gets removed from the Unanswered list.
Thank you
Cheers
Alberto
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-20-2019 07:33 AM
Duane,
If you haven't upgraded to Madrid and it's not the issue that Alberto outlined I know one of my clients had an issue (I wasn't involved with it) and it was a patch that was deployed that turned DCOM negotiation off. You may want to look into that route and whether these updates did that as it could be the root cause of your issue (they had a similar issue where after one weekend all windows discovery stopped working and it was due to a patch the Windows team rolled out).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-20-2019 07:36 AM
Hi,
Can anyone please give a technical explanation of what the drastic change in Patch 3 actually introduced? Is there an explanation somewhere as to how one is now supposed to perform Windows discovery without reverting to this undocumented parameter?
Thanks
Andrew
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-20-2019 12:46 PM
Looks like it's PowerShell vs WMI, Andrew.
