How can we help?

Troubleshooting WMI

Follow

After entering WMI credentials into Auvik, if you find they’re not being associated with your Windows servers or workstations as expected, there are a few things we can check.

Test WMI

Confirm that WMI is enabled on the device in question.

  1. Log into the server or workstation for which you want to test WMI.
  2. From the start menu, search for Command Prompt (cmd).
  3. Right-click and select Run as administrator.
  4. Type winrm identify -r:http://localhost:5985 -auth:none

If the test is successful, you’ll see something like this:

IdentifyResponse

   ProtocolVersion = http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd

   ProductVendor = Microsoft Corporation

   ProductVersion = OS: 10.0.14393 SP: 0.0 Stack: 3.0

   SecurityProfiles

       SecurityProfileName = http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/http/spnego-kerberos

You can now skip down to testing the credentials.

If the test fails, you’ll see something like this:

WSManFault

   Message = The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note  that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config.

Error number:  -2144108101 0x803381BB

The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config.

The fail message means WMI is not enabled on the workstation or server. So let’s get that set up. Here are a few articles that can help:

Test WMI credentials

Next, confirm the credentials are correct. We’re going to run two tests.

The first will be from the same device where we just tested that WMI is enabled. This will help prove the credentials are correct:

  1. From the start menu, search for Command Prompt (cmd).
  2. Right-click and select Run as administrator.
  3. Type winrm identify -r:http://localhost:5985 -u:DOMAIN/USERNAME -p:PASSWORD

Be sure to edit the following parameters within the command:

  • DOMAIN/USERNAME should be the username for a local user on the system WMI has access to.
  • PASSWORD should be the password associated to the user set.

If the test is successful, you’ll see something like this:

IdentifyResponse

   ProtocolVersion = http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd

   ProductVendor = Microsoft Corporation

   ProductVersion = OS: 10.0.14393 SP: 0.0 Stack: 3.0

   SecurityProfiles

       SecurityProfileName = http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/http/spnego-kerberos

If the test fails, you’ll see something like this:

WSManFault

   Message = Access is denied.

Error number:  -2147024891 0x80070005

Access is denied.

If you get the fail message, confirm the user set in the command has local access to the system. If they’re not a local user, or a networked administrator, you’ll need to run the test again with a user who has local access to the system.

The second credential test we want to run is from a remote system. This will prove WMI can be accessed from a remote system.

  1. Log into a different server or workstation on the network that’s running WMI.
  2. From the start menu, search for Command Prompt (cmd).
  3. Right-click and select Run as administrator.
  4. Type winrm identify -r:http://MACHINENAME:5985 -u:DOMAIN/USERNAME -p:PASSWORD

Be sure to edit the following parameters within the command:

  • MACHINENAME should be the name of the remote machine for which you want to test WMI credentials.
  • DOMAIN/USERNAME should be the username for a local user on the system WMI has access to.
  • PASSWORD should be the password associated to the user set.

If the test is successful, you’ll see something like this:

IdentifyResponse

   ProtocolVersion = http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd

   ProductVendor = Microsoft Corporation

   ProductVersion = OS: 10.0.14393 SP: 0.0 Stack: 3.0

   SecurityProfiles

       SecurityProfileName = http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/http/spnego-kerberos

If the test fails, you’ll see something like this:

WSManFault

   Message = The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note  that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config.

Error number:  -2144108101 0x803381BB

The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config.

The fail messages means something is blocking WMI through port 5985. Check that the port is open, and that a firewall isn’t interfering with the test.

If you’ve tried and passed all of the above tests and your credentials still aren’t being authorized on the Windows workstation or server running WMI, contact Auvik support for additional help.

Have more questions? Submit a request

Comments

Powered by Zendesk