How can we help?

Troubleshooting WMI

Follow

After entering WMI credentials into Auvik, if you find they’re not being associated with your Windows servers or workstations as expected, there are a few things we can check.

* Please note that remote polling via WMI requires Administrator credentials. See the following article for more information:
https://docs.microsoft.com/en-us/windows/win32/wmisdk/user-account-control-and-wmi

 

Test WMI

Confirm that WMI is enabled on the device in question.

  1. Log into the server or workstation for which you want to test WMI.
  2. From the start menu, search for Command Prompt (cmd).
  3. Right-click and select Run as administrator.
  4. Type winrm identify -r:http://localhost:5985 -auth:none

If the test is successful, you’ll see something like this:

IdentifyResponse

   ProtocolVersion = http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd

   ProductVendor = Microsoft Corporation

   ProductVersion = OS: 10.0.14393 SP: 0.0 Stack: 3.0

   SecurityProfiles

       SecurityProfileName = http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/http/spnego-kerberos

You can now skip down to testing the credentials.

If the test fails, you’ll see something like this:

WSManFault

   Message = The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note  that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config.

Error number:  -2144108101 0x803381BB

The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config.

The fail message means WMI is not enabled on the workstation or server. So let’s get that set up. Here are a few articles that can help:

Test WMI credentials

Next, confirm the credentials are correct. We’re going to run two tests.

The first will be from the same device where we just tested that WMI is enabled. This will help prove the credentials are correct:

  1. From the start menu, search for Command Prompt (cmd).
  2. Right-click and select Run as administrator.
  3. Type winrm identify -r:http://localhost:5985 -u:DOMAIN\USERNAME -p:PASSWORD

Be sure to edit the following parameters within the command:

  • DOMAIN\USERNAME should be the username for a local user on the system WMI has access to.
  • PASSWORD should be the password associated to the user set.

If the test is successful, you’ll see something like this:

IdentifyResponse

   ProtocolVersion = http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd

   ProductVendor = Microsoft Corporation

   ProductVersion = OS: 10.0.14393 SP: 0.0 Stack: 3.0

   SecurityProfiles

       SecurityProfileName = http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/http/spnego-kerberos

If the test fails, you’ll see something like this:

WSManFault

   Message = Access is denied.

Error number:  -2147024891 0x80070005

Access is denied.

If you get the fail message, confirm the user set in the command has local access to the system. If they’re not a local user, or a networked administrator, you’ll need to run the test again with a user who has local access to the system.

The second credential test we want to run is from a remote system. This will prove WMI can be accessed from a remote system.

  1. Log into a different server or workstation on the network that’s running WMI.
  2. From the start menu, search for Command Prompt (cmd).
  3. Right-click and select Run as administrator.
  4. Type winrm identify -r:http://MACHINENAME:5985 -u:DOMAIN\USERNAME -p:PASSWORD

Be sure to edit the following parameters within the command:

  • MACHINENAME should be the name of the remote machine for which you want to test WMI credentials.
  • DOMAIN\USERNAME should be the username for a local user on the system WMI has access to.
  • PASSWORD should be the password associated to the user set.

If the test is successful, you’ll see something like this:

IdentifyResponse

   ProtocolVersion = http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd

   ProductVendor = Microsoft Corporation

   ProductVersion = OS: 10.0.14393 SP: 0.0 Stack: 3.0

   SecurityProfiles

       SecurityProfileName = http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/http/spnego-kerberos

If the test fails, you’ll see something like this:

WSManFault

   Message = The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note  that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config.

Error number:  -2144108101 0x803381BB

The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config.

The fail messages means something is blocking WMI through port 5985. Check that the port is open, and that a firewall isn’t interfering with the test.

If you’ve tried and passed all of the above tests and your credentials still aren’t being authorized on the Windows workstation or server running WMI, contact Auvik support for additional help.

Test configuration accuracy

If your WMI credentials are valid and accepted in Auvik, but you’re noticing there are no stats appearing, there are two tests you can run to confirm things are configured correctly for WinRM.

The first displays the machine’s basic hardware information:

  1. From the start menu, search for Command Prompt (cmd).
  2. Right-click and select Run as administrator.
  3. Run the following: 

winrm e wmicimv2/* -filter:"SELECT OEMLogoBitmap,InitialLoadInfo,OEMStringArray,PowerManagementCapabilities,Roles,SupportContactDescription,SystemStartupOptions from Win32_ComputerSystem"

If the test is successful, you’ll see something like this:

XmlFragment

    OEMStringArray = To Be Filled By O.E.M., To Be Filled By O.E.M., Ferrari, To

 Be Filled By O.E.M.

    Roles = LM_Workstation, LM_Server, NT, Server_NT

If the test fails, the fail message means WMI is not configured as expected on the workstation or server. As a result, we need to walk through the configuration and confirm everything is set correctly. Here are a few articles that can help:

The second test, although similar to the first, polls for specific data used by Auvik.

  1. From the start menu, search for Command Prompt (cmd).
  2. Right-click and select Run as administrator.
  3. Run the following: 

winrm e wmicimv2/* -filter:"SELECT AdapterType,AdapterTypeID,AutoSense,Availability,Caption,ConfigManagerErrorCode,ConfigManagerUserConfig,CreationClassName,Description,DeviceID,ErrorCleared,ErrorDescription,GUID,Index,InstallDate,Installed,InterfaceIndex,LastErrorCode,MACAddress,Manufacturer,MaxNumberControlled,MaxSpeed,Name,NetConnectionID,NetConnectionStatus,NetEnabled,NetworkAddresses,PNPDeviceID,PermanentAddress,PhysicalAdapter,PowerManagementCapabilities,PowerManagementSupported,ProductName,ServiceName,Speed,Status,StatusInfo,SystemCreationClassName,SystemName,TimeOfLastReset FROM Win32_NetworkAdapter"

If the test is successful, you'll see something like this for each network adapter:

XmlFragment

    AdapterType = null

    AdapterTypeId = null

    AutoSense = null

    Availability = 3

    Caption = [00000000] WAN Miniport (L2TP)

    ConfigManagerErrorCode = 0

    ConfigManagerUserConfig = false

    CreationClassName = Win32_NetworkAdapter

    Description = WAN Miniport (L2TP)

    DeviceID = 0

    ErrorCleared = null

    ErrorDescription = null

    GUID = null

    Index = 0

    InstallDate = null

    Installed = true

    InterfaceIndex = 2

    LastErrorCode = null

    MACAddress = null

    Manufacturer = Microsoft

    MaxNumberControlled = 0

    MaxSpeed = null

    Name = WAN Miniport (L2TP)

    NetConnectionID = null

    NetConnectionStatus = null

    NetEnabled = null

    PermanentAddress = null

    PhysicalAdapter = false

    PNPDeviceID = ROOT\MS_L2TPMINIPORT\0000

    PowerManagementSupported = false

    ProductName = WAN Miniport (L2TP)

    ServiceName = Rasl2tp

    Speed = null

    Status = null

    StatusInfo = null

    SystemCreationClassName = Win32_ComputerSystem

    SystemName = WIN-QMUAHQ4TBLF

    TimeOfLastReset

        Datetime = 2019-03-07T19:12:55.497179-05:00

If the test fails, the fail message means WMI is not configured as expected on the workstation or server. As a result, we need to walk through the configuration and confirm everything is set correctly. Here are a few articles that can help:

If you’ve walked through the configuration and confirmed everything is configured correctly, but the stats are still not rendering on the device dashboard in Auvik, contact Auvik support for more help.

Was this article helpful?
1 out of 2 found this helpful
Have more questions? Submit a request