Windows Credential issue

Chintu1 · ‎05-16-2020

Hi All,

we are doing windows server discovery through out the enterprise network and it's working fine. But for one windows server we are getting credential Time out error, And we can able to login to the server using RDC. And we know there is no Firewall block and port 135 is also open for the server.

And when we run the simple WMI command from the MIDserver Host we are getting error like "No such Interface supported". So after reviewing the error from below KB article, it seems like Firewall issue, But the port is open.

https://hi.service-now.com/kb_view.do?sysparm_article=KB0787202

So please me out to get this issue resolved.

Thanks in Advance.

Best regards

CG.

chuckm · ‎06-02-2020

One other thing to check on the high ports. Are all the Windows servers using the same version of windows? I didn't provide the high ports for older versions of Windows, because most organizations have since upgraded. The high port requirements are different for different versions of windows for WMI:

High Ports 1025 - 5000

Windows 2000
Windows XP
Windows Server 2003

High Ports 49152 - 65535

Windows Server 2008 and later versions
Windows Vista and later versions

View solution in original post

Ashutosh Munot1 · ‎05-16-2020

Hi,

Please white list the mid server on this machine. you can add one more firewall rule on the target machine and port 135 to allow communication on this port only for this mid server.

Thanks,
Ashutosh

Chintu1 · ‎05-17-2020

Thanks for your response Ashutosh. i can ask the server team to create a separte rule on this server, But it's happening just for one server. I hope it doesn't take more time in this process.

Ashutosh Munot1 · ‎06-01-2020

Any Update on this.

For one server also it can cause issue, you can have firewall rule per server as well.

Thanks,
Ashutosh

Chintu1 · ‎06-02-2020

Thanks for the follow up Ashutosh, When i reached out to the server team they informed me everything is fine. so i decided to open the High Dcom ports on this server as chuck suggested and see what the outcome looks like.

chuckm · ‎05-17-2020

Did you also check that the high ports 49152 - 65535 are open to this server as well? When discovering using WMI, port 135 from the MID Server to the Remote Windows host must be open for initial communication AND high ports 49152 - 65535 must be open for the remainder of the communication. It is possible the high ports are being blocked.

If the Windows server has the Windows Firewall with Advanced Security turned on, you can check the firewall logs (C:\Windows\System32\LogFiles\Firewall) to determine if any of the WMI ports are being blocked. When the Inbound rule Windows Management Instrumentation (WMI-In) for WMI is enabled, you can see in the logs that the high ports (src-port and dst-port) are allowed (action=ALLOW).