Check_WMI_Plus error when no results from eventlog

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
kgugerty
Posts: 42
Joined: Wed May 04, 2016 8:28 am

Re: Check_WMI_Plus error when no results from eventlog

Post by kgugerty »

Does ping run successfully?
Yes
Can you show us the result of a nmap <IP> and nmap <FQDN>?

Code: Select all

PORT      STATE SERVICE
80/tcp    open  http
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
3389/tcp  open  ms-wbt-server
49152/tcp open  unknown
49153/tcp open  unknown
49154/tcp open  unknown
Searching results of the strace I found this string.
Re: This plugin requires the linux implementation of wmic eg
but I cannot access the resolution.
https://support.nagios.com/forum/viewto ... &p=132909.
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: Check_WMI_Plus error when no results from eventlog

Post by mcapra »

Can you share the output of the following commands executed from the CLI of your Nagios XI machine:

Code: Select all

ls -al /usr/bin | grep wmi
find / -name wmic
It's possible that check_wmi_plus has the wrong settinc for the location of wmic. It'd be strange for a Nagios XI installation to be missing it completely.
Former Nagios employee
https://www.mcapra.com/
kgugerty
Posts: 42
Joined: Wed May 04, 2016 8:28 am

Re: Check_WMI_Plus error when no results from eventlog

Post by kgugerty »

Code: Select all

# ls -al /usr/bin | grep wmi
lrwxrwxrwx   1 root root         19 Jan 11 14:16 wmic -> /usr/local/bin/wmic
-rw-r--r--   1 root root   52480000 Dec  1  2011 wmic_1.3.13_static_64bit.tar.gz
lrwxrwxrwx   1 root root         19 Jan  9 12:00 wmic.old -> /usr/local/bin/wmic
# find / -name wmic
/usr/bin/wmic
/usr/local/bin/wmic
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: Check_WMI_Plus error when no results from eventlog

Post by mcapra »

Can you provide copies of the following files from your Nagios XI machine:

Code: Select all

/usr/local/nagios/libexec/check_wmi_plus.ini
/usr/local/nagios/libexec/check_wmi_plus.conf
/usr/local/nagios/libexec/check_wmi_plus.pl
Former Nagios employee
https://www.mcapra.com/
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: Check_WMI_Plus error when no results from eventlog

Post by tgriep »

In addition to what mcapra is asking, can you run the following command on the XI server and post the output?
Replace xxx.xxx.xxx.xxx with the IP address. Do not use the hostname.

Code: Select all

wmic -U <domain/username>%<password> //xxx.xxx.xxx.xxx "Select * from Win32_ComputerSystem"
Also, run the check_wmi_plus.pl test using the IP address and see if that works.
Be sure to check out our Knowledgebase for helpful articles and solutions!
kgugerty
Posts: 42
Joined: Wed May 04, 2016 8:28 am

Re: Check_WMI_Plus error when no results from eventlog

Post by kgugerty »

PM sent to mcapra and tgriep with info requested.
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: Check_WMI_Plus error when no results from eventlog

Post by tgriep »

Can you install this Microsoft Hotfix and see if that helps out?
https://support.microsoft.com/en-us/hel ... -windows-7
Thanks for the PM, one more question, is there a firewall between the Nagios System and the Windows host that is NATing the IP address?
Be sure to check out our Knowledgebase for helpful articles and solutions!
kgugerty
Posts: 42
Joined: Wed May 04, 2016 8:28 am

Re: Check_WMI_Plus error when no results from eventlog

Post by kgugerty »

Can you install this Microsoft Hotfix and see if that helps out?
https://support.microsoft.com/en-us/hel ... -windows-7
The hotfix / subsequent update has already been applied to our systems. Additionally, we are not experiencing the memory leak described in that article. One more point about that is the error is present on Windows 2012 servers as well.
Thanks for the PM, one more question, is there a firewall between the Nagios System and the Windows host that is NATing the IP address?
No Firewall between Nagios and the Windows Host.

I was looking into the krb5.conf file. Would this apply? We do not have samba set up, nor is the Nagios server joined to any domain. The logging files below do not actually exist.

Code: Select all

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = DOMAIN1.COM
 dns_lookup_realm = true
 dns_lookup_kdc = true
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

[realms]
 GOTOSTRATA.COM = {
  kdc = DC1.domain1.com
  kdc = DC2.domain1.com
  admin_server = DC1.domain1.com
 }

[domain_realm]
 .domain1.com = DOMAIN1.COM
 domain1.com = DOMAIN1.COM
"/etc/krb5.conf" 23L, 488C
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: Check_WMI_Plus error when no results from eventlog

Post by tgriep »

I don't think the wmic application actually uses the krb5.conf file so editing it probably will not change anything.
Verify that your DNS servers are setup in the /etc/resolve.conf file and that should be all it needs to work.
Be sure to check out our Knowledgebase for helpful articles and solutions!
kgugerty
Posts: 42
Joined: Wed May 04, 2016 8:28 am

Re: Check_WMI_Plus error when no results from eventlog

Post by kgugerty »

This has been an issue for over a month now.

Code: Select all

 wmic -U Domain/User%Password --namespace="root\cimv2" --debuglevel 1 //<Serverfqdn> "select * from Win32_OperatingSystem"
[auth/kerberos/kerberos_util.c:236:kinit_to_ccache()] kinit for User@Domain failed (Cannot contact any KDC for requested realm: unable to reach any KDC in realm Domain)
[auth/credentials/credentials_krb5.c:300:cli_credentials_get_client_gss_creds()] Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for requested realm
[lib/com/dcom/main.c:1172:bind_new_pipe()] lib/com/dcom/main.c:1172: dcom_get_pipe: host=<Serverfqdn>, similar=SERVER[49154]
[librpc/rpc/dcerpc_connect.c:329:dcerpc_pipe_connect_ncacn_ip_tcp_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_ncacn_ip_tcp_recv
[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_b_recv
Does anyone know where to find the documentation for the WMIC command used on the Nagios XI VMWare image? Why does it call kinit? is it really necessary? can we bypass it / how?
Locked