WMI login failures after February patches

[ksadvari]

We have a number of service checks using check_wmi_plus. Since installing the February Windows patches on our domain controllers, these checks have been generating login failures. Has anyone else experienced this issue?

The domain controllers are Server 2016, and the patches installed were KB4487026 and KB4485447.

[cdienger]

KB4487026

Addresses an issue that fails to set the LmCompatibilityLevel value correctly. LmCompatibilityLevel specifies the authentication mode and session security.

What do the NTLM options in highlighted in https://www.rootusers.com/implement-ntl ... rver-2016/ and the "LAN Manager authentication level" option look like now? Try setting the LAN Manager setting to the different options and testing them with the check_wmi_plus plugin.

[ksadvari]

That's probably what's going on here. I've asked our domain admins to verify that setting for me.

Setting check_wmi_plus to use NTLMv2 seems to clear up the issue - at the least, we're not seeing audit failures in the DC event logs any more. We're looking at setting this option in our check_wmi_plus.conf file:

our @opt_extra_wmic_args=("--option=client ntlmv2 auth=Yes");


Is there anything we should watch out for with this change?

[cdienger]

I'm not aware of anything else to really watch out for with it - let us know if you do run into any problems though.