WMI Troubleshooting Guide
- When trying creating a WMI monitor, timeout error occurred.
- The error "The RPC server is unavailable" occurred when I tried to create WMI monitors.
- Is there a way of using a NON administrator account for WMI remote monitoring?
Q. When trying creating a WMI monitor, timeout error occurred.
A.
It may be because one of the following:
- The remote computer is not online.
- The service "Windows Management Instrumentation Driver Extensions" (or other WMI-related service, like RPC) has been disabled on the remote computer.
Windows NT, Windows 95, and Windows 98 does not support WMI. Please download (about 3 Mb) and install WMI Core on such computers:
Download WMI Core for Windows 95, 98
Download WMI Core for Windows NT
- You do not have local Administrator rights on the remote computer.
By default Windows will only allow members of the Administrators or Domain Admins group to read information from the WMI class. - A firewall is blocking access to the remote computer.
The remote computer's firewall should allow DCOM protocol (RPC - Remote Procedure Call) and remote computer management.
- Sharing and security model is set to "Guest only" (Windows XP, 2003).
On a Windows XP Pro or Windows 2003 Server computer, make sure that remote logons are not being coerced to the GUEST account (aka "ForceGuest", which is enabled by default on computers that are not attached to a domain). To do this, open the Local Security Policy editor (e.g. by typing 'secpol.msc' into the Run box, without quotes). Expand the "Local Policies" node and select "Security Options". Now scroll down to the setting titled "Network access: Sharing and security model for local accounts". If this is set to "Guest only", change it to "Classic" and restart the computer.
- You are using blank password (Windows XP).
On XP Professional, accounts with blank passwords can no longer be used to log on to the computer remotely over the network. - Some connections between operating system versions are not supported:
- You cannot connect to a computer that is running Windows XP Home Edition.
- A computer running Windows NT cannot connect to an operating system later than Windows 2000, such as Windows XP or Windows Server 2003.
- Accessing a Windows Server 2003 computer from Windows 98 or Windows 95 is not supported.
- Windows 2000 computers must have Service Pack 2 installed to be able to connect to Windows XP and later operation systems.
Q. The error "The RPC server is unavailable" occurred when I tried to create WMI monitors.
A.
first ensure that the File and Printer Sharing is enabled on the Windows Firewall Exceptions list for the following ports:
- 135 (RPC)
- 445 (TCP)
- 103x (mostly 1037)
- 441 (RPC)
1. Click Start, click Run, type gpedit.msc, and then click OK
2. Under Console Root, expand Computer Configuration, expand Administrative Templates, expand Network, expand Network Connections, expand Windows Firewall, and then click Domain Profile.
3. Right-click Windows Firewall: Allow remote administration exception, and then click Properties.
4. Click Enabled, and then click OK.
Q. Is there a way of using a NON administrator
account for WMI remote monitoring?
A.
By default Windows will only allow members of the Administrators or Domain Admins group to read information from the WMI class.
- For Windows 2000
1. Click Start, click Run, type wmimgmt.msc in the Open box, and then click OK.
2. Right-click WMI Control, and then click Properties.
3. Click the Security tab.
4. Expand the Root folder, select the CIMV2 folder, and then click Security.
5. Click Add. Type the user name you wish to use, click Check Names to verify your entry or entries, and then click OK.
6. In the Permissions for User list, click the Allow check box next to the following permissions:
Execute Methods
Enable Account
Remote Enable
Read Security
7. Click Advanced. In the Permission entries list, select the user you added in step 5, and then click Edit.
8. In the Apply onto box, click This namespace and subnamespaces.
9. Click OK three times.
10. Quit the WMI Control snap-in.
- For Windows XP / Windows 2003
1. Click Start, click Run, type wmimgmt.msc in the Open box, and then click OK.
2. Right-click WMI Control, and then click Properties.
3. Click the Security tab.
4. Expand the Root folder, select the CIMV2 folder, and then click Security.
5. Click Add. Type the user name you wish to use in the Enter the object names to select box, click Check Names to verify your entry or entries, and then click OK.
6. In the Permissions for User list, click the Allow check box next to the following permissions:
Execute Methods
Enable Account
Remote Enable
Read Security
7. Click Advanced. In the Permission entries list, select the user you added in step 5, and then click Edit.
8. In the Apply onto box, click This namespace and subnamespaces.
9. Click OK three times.
10. Quit the WMI Control snap-in.
11. Click Start, click Run, type dcomcnfg.exe in the Open box, and then click OK.
12. Select Component Services and then expand it. Then expand Computers. Right-click My Computer and select Properties.
13. Select the COM Security tab.
14. In the Access Permissions section, click Edit Limits....
15. Click Add. Type the user name you wish to use in the Enter the object names to select box, click Check Names to verify your entry or entries, and then click OK.
16. In the Permissions for User list, click the Allow check box next to the following permissions:
Local Access
Remote Access
Click OK.
17. In the Launch and Activation Permissions section, click Edit Limits....
18. Click Add. Type the user name you wish to use in the Enter the object names to select box, click Check Names to verify your entry or entries, and then click OK.
19. In the Permissions for User list, click the Allow check box next to the following permissions:
Local Launch
Remote Launch
Local Activation
Remote Activation
Click OK twice.
20. Expand My Computer and expand DCOM Config.
21. Right-click Windows Management and Instrumentation and click Properties.
22. Click the Security tab.
23. In the Access Permissions section, click Edit....
24. Click Add. Type the user name you wish to use in the Enter the object names to select box, click Check Names to verify your entry or entries, and then click OK.
25. In the Permissions for User list, click the Allow check box next to the following permissions:
Local Access
Remote Access
Click OK twice.
26. Quit the Component Services snap-in.
27. Restart the target computer.
Note: Windows 2003 SP1 systems will not allow a user who is not a member of the Administrators or Domain Admins group to view the Win32_Service class. Consequently, you must use an account in one of these groups to perform polling of NT Service monitors. The above information will not work.