After entering WMI credentials into Auvik, if you find they’re not being associated with your Windows servers or workstations as expected, there are a few things we can check.
* Please note that remote polling via WMI requires Administrator credentials. See the following article for more information:
https://docs.microsoft.com/en-us/windows/win32/wmisdk/user-account-control-and-wmi
Test WMI
Confirm that WMI is enabled on the device in question.
- Log into the server or workstation for which you want to test WMI.
- From the start menu, search for Command Prompt (cmd).
- Right-click and select Run as administrator.
- Type winrm identify -r:http://localhost:5985 -auth:none
If the test is successful, you’ll see something like this:
IdentifyResponse
ProtocolVersion = http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor = Microsoft Corporation
ProductVersion = OS: 10.0.14393 SP: 0.0 Stack: 3.0
SecurityProfiles
SecurityProfileName = http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/http/spnego-kerberos
You can now skip down to testing the credentials.
If the test fails, you’ll see something like this:
WSManFault
Message = The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config.
Error number: -2144108101 0x803381BB
The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config.
The fail message means WMI is not enabled on the workstation or server. So let’s get that set up. Here are a few articles that can help:
- How to enable WMI monitoring on a single Window device
- How to enable WinRM with domain controller Group Policy for WMI monitoring
Test WMI credentials
Next, confirm the credentials are correct. We’re going to run two tests.
The first will be from the same device where we just tested that WMI is enabled. This will help prove the credentials are correct:
- From the start menu, search for Command Prompt (cmd).
- Right-click and select Run as administrator.
- Type winrm identify -r:http://localhost:5985 -u:DOMAIN\USERNAME -p:PASSWORD
Be sure to edit the following parameters within the command:
DOMAIN\USERNAME
should be the username for a local user on the system WMI has access to.PASSWORD
should be the password associated to the user set.
If the test is successful, you’ll see something like this:
IdentifyResponse
ProtocolVersion = http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor = Microsoft Corporation
ProductVersion = OS: 10.0.14393 SP: 0.0 Stack: 3.0
SecurityProfiles
SecurityProfileName = http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/http/spnego-kerberos
If the test fails, you’ll see something like this:
WSManFault
Message = Access is denied.
Error number: -2147024891 0x80070005
Access is denied.
If you get the fail message, confirm the user set in the command has local access to the system. If they’re not a local user, or a networked administrator, you’ll need to run the test again with a user who has local access to the system.
The second credential test we want to run is from a remote system. This will prove WMI can be accessed from a remote system.
- Log into a different server or workstation on the network that’s running WMI.
- From the start menu, search for Command Prompt (cmd).
- Right-click and select Run as administrator.
- Type winrm identify -r:http://MACHINENAME:5985 -u:DOMAIN\USERNAME -p:PASSWORD
Be sure to edit the following parameters within the command:
MACHINENAME
should be the name of the remote machine for which you want to test WMI credentials.DOMAIN\USERNAME
should be the username for a local user on the system WMI has access to.PASSWORD
should be the password associated to the user set.
If the test is successful, you’ll see something like this:
IdentifyResponse
ProtocolVersion = http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor = Microsoft Corporation
ProductVersion = OS: 10.0.14393 SP: 0.0 Stack: 3.0
SecurityProfiles
SecurityProfileName = http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/http/spnego-kerberos
If the test fails, you’ll see something like this:
WSManFault
Message = The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config.
Error number: -2144108101 0x803381BB
The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated. For more information on how to set TrustedHosts run the following command: winrm help config.
The fail messages means something is blocking WMI through port 5985. Check that the port is open, and that a firewall isn’t interfering with the test.
If you’ve tried and passed all of the above tests and your credentials still aren’t being authorized on the Windows workstation or server running WMI, contact Auvik support for additional help.
Test configuration accuracy
If your WMI credentials are valid and accepted in Auvik, but you’re noticing there are no stats appearing, there are two tests you can run to confirm things are configured correctly for WinRM.
The first displays the machine’s basic hardware information:
- From the start menu, search for Command Prompt (cmd).
- Right-click and select Run as administrator.
- Run the following:
winrm e wmicimv2/* -filter:"SELECT OEMLogoBitmap,InitialLoadInfo,OEMStringArray,PowerManagementCapabilities,Roles,SupportContactDescription,SystemStartupOptions from Win32_ComputerSystem"
If the test is successful, you’ll see something like this:
XmlFragment
OEMStringArray = To Be Filled By O.E.M., To Be Filled By O.E.M., Ferrari, To
Be Filled By O.E.M.
Roles = LM_Workstation, LM_Server, NT, Server_NT
If the test fails, the fail message means WMI is not configured as expected on the workstation or server. As a result, we need to walk through the configuration and confirm everything is set correctly. Here are a few articles that can help:
- How to enable WMI monitoring on a single Window device
- How to enable WinRM with domain controller Group Policy for WMI monitoring
The second test, although similar to the first, polls for specific data used by Auvik.
- From the start menu, search for Command Prompt (cmd).
- Right-click and select Run as administrator.
- Run the following:
winrm e wmicimv2/* -filter:"SELECT AdapterType,AdapterTypeID,AutoSense,Availability,Caption,ConfigManagerErrorCode,ConfigManagerUserConfig,CreationClassName,Description,DeviceID,ErrorCleared,ErrorDescription,GUID,Index,InstallDate,Installed,InterfaceIndex,LastErrorCode,MACAddress,Manufacturer,MaxNumberControlled,MaxSpeed,Name,NetConnectionID,NetConnectionStatus,NetEnabled,NetworkAddresses,PNPDeviceID,PermanentAddress,PhysicalAdapter,PowerManagementCapabilities,PowerManagementSupported,ProductName,ServiceName,Speed,Status,StatusInfo,SystemCreationClassName,SystemName,TimeOfLastReset FROM Win32_NetworkAdapter"
If the test is successful, you'll see something like this for each network adapter:
XmlFragment
AdapterType = null
AdapterTypeId = null
AutoSense = null
Availability = 3
Caption = [00000000] WAN Miniport (L2TP)
ConfigManagerErrorCode = 0
ConfigManagerUserConfig = false
CreationClassName = Win32_NetworkAdapter
Description = WAN Miniport (L2TP)
DeviceID = 0
ErrorCleared = null
ErrorDescription = null
GUID = null
Index = 0
InstallDate = null
Installed = true
InterfaceIndex = 2
LastErrorCode = null
MACAddress = null
Manufacturer = Microsoft
MaxNumberControlled = 0
MaxSpeed = null
Name = WAN Miniport (L2TP)
NetConnectionID = null
NetConnectionStatus = null
NetEnabled = null
PermanentAddress = null
PhysicalAdapter = false
PNPDeviceID = ROOT\MS_L2TPMINIPORT\0000
PowerManagementSupported = false
ProductName = WAN Miniport (L2TP)
ServiceName = Rasl2tp
Speed = null
Status = null
StatusInfo = null
SystemCreationClassName = Win32_ComputerSystem
SystemName = WIN-QMUAHQ4TBLF
TimeOfLastReset
Datetime = 2019-03-07T19:12:55.497179-05:00
If the test fails, the fail message means WMI is not configured as expected on the workstation or server. As a result, we need to walk through the configuration and confirm everything is set correctly. Here are a few articles that can help:
- How to enable WMI monitoring on a single Window device
- How to enable WinRM with domain controller Group Policy for WMI monitoring
If you’ve walked through the configuration and confirmed everything is configured correctly, but the stats are still not rendering on the device dashboard in Auvik, contact Auvik support for more help.