Problems with WMI service checks

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
crystal.then
Posts: 57
Joined: Mon Oct 27, 2014 12:05 am

Problems with WMI service checks

Post by crystal.then »

Hi Support,

We're having some issues monitoring two Windows servers via WMI, both throwing different errors.

Server #1:

Code: Select all

Command Line (v1.6): /usr/local/nagios/libexec/check_wmi_plus.pl -d -H <host address> -A <authfile> -m checkdrivesize -a C: -t 30 -w 90 -c 99.9
Base Dir: /usr/local/nagios/libexec
Conf File Dir: /usr/local/nagios/libexec
Loaded Conf File /usr/local/nagios/libexec/check_wmi_plus.conf
Round #1 of 1
QUERY: /usr/bin/wmic '-A' '<authfile>' '--namespace' 'root/cimv2' '//<host address>' 'Select DeviceID,freespace,Size,VolumeName from Win32_LogicalDisk where DriveType=3'
UNKNOWN - Plugin Timed out (30 sec). There are multiple possible reasons for this, some of them include - The host <host address> might just be really busy, it might not even be running Windows.

# /usr/bin/wmic '-A' '<authfile>' '--namespace' 'root/cimv2' '//<host address>' 'Select DeviceID,freespace,Size,VolumeName from Win32_LogicalDisk where DriveType=3'
[wmi/wmic.c:212:main()] ERROR: Retrieve result data.
NTSTATUS: NT code 0xc002001b - NT code 0xc002001b

Server #2:

Code: Select all

# /usr/local/nagios/libexec/check_wmi_plus.pl -d -H <host address> -A <authfile> -m checkdrivesize -a 'C': -t 30 -w '90' -c '99.9'             Command Line (v1.6): /usr/local/nagios/libexec/check_wmi_plus.pl -d -H <host address> -A <authfile> -m checkdrivesize -a C: -t 30 -w 90 -c 99.9
Base Dir: /usr/local/nagios/libexec
Conf File Dir: /usr/local/nagios/libexec
Loaded Conf File /usr/local/nagios/libexec/check_wmi_plus.conf
Round #1 of 1
QUERY: /usr/bin/wmic '-A' '<authfile>' '--namespace' 'root/cimv2' '//<host address>' 'Select DeviceID,freespace,Size,VolumeName from Win32_LogicalDisk where DriveType=3'
OUTPUT: [wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT code 0x800706cc - NT code 0x800706cc

Could not find the CLASS: line - an error occurred
WMI DATA:$VAR1 = [
          [
            {
              '_ColSum_Size' => 0,
              '_QuerySum_Size' => 0,
              '_ColSum_FreeSpace' => 0,
              '_QuerySum_FreeSpace' => 0
            }
          ]
        ];
UNKNOWN - The WMI query had problems. The error text from wmic is: [wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT code 0x800706cc - NT code 0x800706cc

[root@a1c-nxi01 libexec]# /usr/bin/wmic '-A' '<authfile>' '--namespace' 'root/cimv2' '//<host address>' 'Select DeviceID,freespace,Size,VolumeName from Win32_LogicalDisk where DriveType=3'
[wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT code 0x800706cc - NT code 0x800706cc

We are monitoring 100+ other servers with the same setup as these two, so I'm at a loss as to why they're the only ones having issues. Thanks in advance :)
Top
User avatar
mbellerue
Posts: 1403
Joined: Fri Jul 12, 2019 11:10 am

Re: Problems with WMI service checks

Post by mbellerue »

Okay, let's start with the host that isn't responding at all, Server #1. Let's get a tcpdump of the action from Server #1, as well as a server that is functioning properly.

Here is the tcpdump command to run. It would be easiest if you ran it, ran the check against one of the servers, stopped the tcpdump, and then started the process again with a new output filename. But if you want to dump it all in to one file, and just let me know the IP addresses in question, that's fine too.

Code: Select all

tcpdump -Pn -i <NICName> -w /tmp/<IPAddress>-output.pcap
Also, make sure to run the same command that you are running here against both Server #1 and a server that is functioning properly.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
Top
crystal.then
Posts: 57
Joined: Mon Oct 27, 2014 12:05 am

Re: Problems with WMI service checks

Post by crystal.then »

Hello, thanks for the reply.

The flags -Pn weren't working for me, so I used -Qin instead - hope that's right.

I've sent you the two files via PM.
Top
User avatar
Box293
Too Basu
Posts: 5126
Joined: Sun Feb 07, 2010 10:55 pm
Location: Deniliquin, Australia
Contact:
Contact Box293

Re: Problems with WMI service checks

Post by Box293 »

Thanks for the packet capture info.

I notice you used the -d argument for debug information. Can you please replace that with --extrawmicarg "--debuglevel=4" to help further diagnose the issue. This is demonstrated in the following KB article under the WMI Debugging heading:

https://support.nagios.com/kb/article/n ... g-579.html
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Top
crystal.then
Posts: 57
Joined: Mon Oct 27, 2014 12:05 am

Re: Problems with WMI service checks

Post by crystal.then »

Hello,

See below for the output with debug level 4 -

Server #1:

Code: Select all

# ./check_wmi_plus.pl -d -H <host address> -A <authfile> -m checkdrivesize -a 'C': -t 30 -w '90' -c '99.9' --extrawmicarg '--debuglevel=4'
Command Line (v1.6): ./check_wmi_plus.pl -d -H <host address> -A <authfile> -m checkdrivesize -a C: -t 30 -w 90 -c 99.9 --extrawmicarg --debuglevel=4
Base Dir: /usr/local/nagios/libexec
Conf File Dir: /usr/local/nagios/libexec
Loaded Conf File /usr/local/nagios/libexec/check_wmi_plus.conf
Extra Wmic Arguments specified:--debuglevel=4
Round #1 of 1
QUERY: /usr/bin/wmic '--debuglevel=4' '-A' '<authfile>' '--namespace' 'root/cimv2' '//<host address>' 'Select DeviceID,freespace,Size,VolumeName from Win32_LogicalDisk where DriveType=3'
UNKNOWN - Plugin Timed out (30 sec). There are multiple possible reasons for this, some of them include - The host <host address> might just be really busy, it might not even be running Windows.



# /usr/bin/wmic '--debuglevel=4' '-A' '<authfile>' '--namespace' 'root/cimv2' '//<host address>' 'Select DeviceID,freespace,Size,VolumeName from Win32_LogicalDisk where DriveType=3'
[param/loadparm.c:587:init_globals()] Initialising global parameters
[param/loadparm.c:2462:lp_load()] lp_load: refreshing parameters from /dev/null
[param/params.c:556:pm_process()] params.c:pm_process() - Processing configuration file "/dev/null"
[param/loadparm.c:2471:lp_load()] pm_process() returned Yes
[param/loadparm.c:1343:lp_add_hidden()] adding hidden service IPC$
[param/loadparm.c:1343:lp_add_hidden()] adding hidden service ADMIN$
[auth/kerberos/krb5_init_context.c:388:smb_krb5_init_context()] krb5_init_context failed (Invalid argument)
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'sasl-DIGEST-MD5' registered
[auth/auth.c:447:auth_register()] AUTH backend 'winbind_samba3' registered
[auth/auth.c:447:auth_register()] AUTH backend 'winbind' registered
[auth/auth.c:447:auth_register()] AUTH backend 'name_to_ntstatus' registered
[auth/auth.c:447:auth_register()] AUTH backend 'fixed_challenge' registered
[auth/auth.c:447:auth_register()] AUTH backend 'unix' registered
[auth/auth.c:447:auth_register()] AUTH backend 'anonymous' registered
[auth/auth.c:447:auth_register()] AUTH backend 'sam' registered
[auth/auth.c:447:auth_register()] AUTH backend 'sam_ignoredomain' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'krb5' registered
[auth/gensec/gensec.c:1205:gensec_register()] gensec subsystem fake_gssapi_krb5 is disabled
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'schannel' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'spnego' registered
[auth/gensec/gensec.c:1205:gensec_register()] gensec subsystem gssapi_spnego is disabled
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'gssapi_krb5' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'gssapi_krb5_sasl' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'ntlmssp' registered
[lib/com/dcom/main.c:528:dcom_determine_rpc_binding()] Using binding ncacn_ip_tcp:<host address>
[librpc/rpc/dcerpc_connect.c:513:continue_map_binding()] Mapped to DCERPC endpoint 135
[lib/com/dcom/main.c:413:determine_rpc_binding_continue2()] dcerpc_ndr_request_recv returned NT_STATUS_OK
[lib/com/dcom/main.c:417:determine_rpc_binding_continue2()] IObjectExporter::ServerAlive returned NT_STATUS_OK
[auth/kerberos/krb5_init_context.c:388:smb_krb5_init_context()] krb5_init_context failed (Invalid argument)
[auth/gensec/gensec_gssapi.c:232:gensec_gssapi_start()] gensec_krb5_start: krb5_init_context failed (Invalid argument)
[auth/gensec/gensec.c:606:gensec_start_mech()] Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INTERNAL_ERROR
[auth/ntlmssp/ntlmssp_client.c:128:ntlmssp_client_challenge()] Got challenge flags:
[auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x62898205
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_CHAL_TARGET_INFO
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
[auth/ntlmssp/ntlmssp_client.c:242:ntlmssp_client_challenge()] NTLMSSP: Set final flags:
[auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x60088205
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
[lib/com/dcom/main.c:570:complete_activation()] Negotiated COM version: 5.1 using binding ncacn_ip_tcp:<host address>[135]
[lib/com/dcom/main.c:1172:bind_new_pipe()] lib/com/dcom/main.c:1172: dcom_get_pipe: host=<host address>, similar=<hostname>[49154]
[auth/ntlmssp/ntlmssp_client.c:128:ntlmssp_client_challenge()] Got challenge flags:
[auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x62898215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_CHAL_TARGET_INFO
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
[auth/ntlmssp/ntlmssp_client.c:242:ntlmssp_client_challenge()] NTLMSSP: Set final flags:
[auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x60088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
[auth/ntlmssp/ntlmssp_sign.c:318:ntlmssp_sign_init()] NTLMSSP Sign/Seal - Initialising with flags:
[auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x60088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
[wmi/wmic.c:196:main()] OK   : Login to remote object.
[wmi/wmic.c:200:main()] OK   : WMI query execute.
[wmi/wmic.c:203:main()] OK   : Reset result of WMI query.
[wmi/wmic.c:212:main()] ERROR: Retrieve result data.
NTSTATUS: NT code 0xc002001b - NT code 0xc002001b

Server #2:

Code: Select all

# ./check_wmi_plus.pl -d -H <host address> -A <authfile> -m checkdrivesize -a 'C': -t 30 -w '90' -c '99.9' --extrawmicarg '--debuglevel=4'     
Command Line (v1.6): ./check_wmi_plus.pl -d -H <host address> -A <authfile> -m checkdrivesize -a C: -t 30 -w 90 -c 99.9 --extrawmicarg --debuglevel=4
Base Dir: /usr/local/nagios/libexec
Conf File Dir: /usr/local/nagios/libexec
Loaded Conf File /usr/local/nagios/libexec/check_wmi_plus.conf
Extra Wmic Arguments specified:--debuglevel=4
Round #1 of 1
QUERY: /usr/bin/wmic '--debuglevel=4' '-A' '<authfile>' '--namespace' 'root/cimv2' '//<host address>' 'Select DeviceID,freespace,Size,VolumeName from Win32_LogicalDisk where DriveType=3'
OUTPUT: [param/loadparm.c:587:init_globals()] Initialising global parameters
[param/loadparm.c:2462:lp_load()] lp_load: refreshing parameters from /dev/null
[param/params.c:556:pm_process()] params.c:pm_process() - Processing configuration file "/dev/null"
[param/loadparm.c:2471:lp_load()] pm_process() returned Yes
[param/loadparm.c:1343:lp_add_hidden()] adding hidden service IPC$
[param/loadparm.c:1343:lp_add_hidden()] adding hidden service ADMIN$
[auth/kerberos/krb5_init_context.c:388:smb_krb5_init_context()] krb5_init_context failed (Invalid argument)
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'sasl-DIGEST-MD5' registered
[auth/auth.c:447:auth_register()] AUTH backend 'winbind_samba3' registered
[auth/auth.c:447:auth_register()] AUTH backend 'winbind' registered
[auth/auth.c:447:auth_register()] AUTH backend 'name_to_ntstatus' registered
[auth/auth.c:447:auth_register()] AUTH backend 'fixed_challenge' registered
[auth/auth.c:447:auth_register()] AUTH backend 'unix' registered
[auth/auth.c:447:auth_register()] AUTH backend 'anonymous' registered
[auth/auth.c:447:auth_register()] AUTH backend 'sam' registered
[auth/auth.c:447:auth_register()] AUTH backend 'sam_ignoredomain' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'krb5' registered
[auth/gensec/gensec.c:1205:gensec_register()] gensec subsystem fake_gssapi_krb5 is disabled
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'schannel' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'spnego' registered
[auth/gensec/gensec.c:1205:gensec_register()] gensec subsystem gssapi_spnego is disabled
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'gssapi_krb5' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'gssapi_krb5_sasl' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'ntlmssp' registered
[lib/com/dcom/main.c:528:dcom_determine_rpc_binding()] Using binding ncacn_ip_tcp:<host address>
[librpc/rpc/dcerpc_connect.c:513:continue_map_binding()] Mapped to DCERPC endpoint 135
[lib/com/dcom/main.c:413:determine_rpc_binding_continue2()] dcerpc_ndr_request_recv returned NT_STATUS_OK
[lib/com/dcom/main.c:417:determine_rpc_binding_continue2()] IObjectExporter::ServerAlive returned NT_STATUS_OK
[auth/kerberos/krb5_init_context.c:388:smb_krb5_init_context()] krb5_init_context failed (Invalid argument)
[auth/gensec/gensec_gssapi.c:232:gensec_gssapi_start()] gensec_krb5_start: krb5_init_context failed (Invalid argument)
[auth/gensec/gensec.c:606:gensec_start_mech()] Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INTERNAL_ERROR
[auth/ntlmssp/ntlmssp_client.c:128:ntlmssp_client_challenge()] Got challenge flags:
[auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x62898205
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_CHAL_TARGET_INFO
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
[auth/ntlmssp/ntlmssp_client.c:242:ntlmssp_client_challenge()] NTLMSSP: Set final flags:
[auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x60088205
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
[wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT code 0x800706cc - NT code 0x800706cc

Could not find the CLASS: line - an error occurred
WMI DATA:$VAR1 = [
          [
            {
              '_ColSum_Size' => 0,
              '_QuerySum_Size' => 0,
              '_ColSum_FreeSpace' => 0,
              '_QuerySum_FreeSpace' => 0
            }
          ]
        ];
UNKNOWN - The WMI query had problems. The error text from wmic is: [param/loadparm.c:587:init_globals()] Initialising global parameters
[param/loadparm.c:2462:lp_load()] lp_load: refreshing parameters from /dev/null
[param/params.c:556:pm_process()] params.c:pm_process() - Processing configuration file "/dev/null"
[param/loadparm.c:2471:lp_load()] pm_process() returned Yes
[param/loadparm.c:1343:lp_add_hidden()] adding hidden service IPC$
[param/loadparm.c:1343:lp_add_hidden()] adding hidden service ADMIN$
[auth/kerberos/krb5_init_context.c:388:smb_krb5_init_context()] krb5_init_context failed (Invalid argument)
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'sasl-DIGEST-MD5' registered
[auth/auth.c:447:auth_register()] AUTH backend 'winbind_samba3' registered
[auth/auth.c:447:auth_register()] AUTH backend 'winbind' registered
[auth/auth.c:447:auth_register()] AUTH backend 'name_to_ntstatus' registered
[auth/auth.c:447:auth_register()] AUTH backend 'fixed_challenge' registered
[auth/auth.c:447:auth_register()] AUTH backend 'unix' registered
[auth/auth.c:447:auth_register()] AUTH backend 'anonymous' registered
[auth/auth.c:447:auth_register()] AUTH backend 'sam' registered
[auth/auth.c:447:auth_register()] AUTH backend 'sam_ignoredomain' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'krb5' registered
[auth/gensec/gensec.c:1205:gensec_register()] gensec subsystem fake_gssapi_krb5 is disabled
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'schannel' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'spnego' registered
[auth/gensec/gensec.c:1205:gensec_register()] gensec subsystem gssapi_spnego is disabled
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'gssapi_krb5' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'gssapi_krb5_sasl' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'ntlmssp' registered
[lib/com/dcom/main.c:528:dcom_determine_rpc_binding()] Using binding ncacn_ip_tcp:<host address>
[librpc/rpc/dcerpc_connect.c:513:continue_map_binding()] Mapped to DCERPC endpoint 135
[lib/com/dcom/main.c:413:determine_rpc_binding_continue2()] dcerpc_ndr_request_recv returned NT_STATUS_OK
[lib/com/dcom/main.c:417:determine_rpc_binding_continue2()] IObjectExporter::ServerAlive returned NT_STATUS_OK
[auth/kerberos/krb5_init_context.c:388:smb_krb5_init_context()] krb5_init_context failed (Invalid argument)
[auth/gensec/gensec_gssapi.c:232:gensec_gssapi_start()] gensec_krb5_start: krb5_init_context failed (Invalid argument)
[auth/gensec/gensec.c:606:gensec_start_mech()] Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INTERNAL_ERROR
[auth/ntlmssp/ntlmssp_client.c:128:ntlmssp_client_challenge()] Got challenge flags:
[auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x62898205
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_CHAL_TARGET_INFO
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
[auth/ntlmssp/ntlmssp_client.c:242:ntlmssp_client_challenge()] NTLMSSP: Set final flags:
[auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x60088205
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
[wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT code 0x800706cc - NT code 0x800706cc
Last edited by crystal.then on Thu Apr 16, 2020 7:36 pm, edited 1 time in total.
Top
User avatar
Box293
Too Basu
Posts: 5126
Joined: Sun Feb 07, 2010 10:55 pm
Location: Deniliquin, Australia
Contact:
Contact Box293

Re: Problems with WMI service checks

Post by Box293 »

Lets focus on server 1 first.

Looking at this forum thread:
https://support.nagios.com/forum/viewto ... =7&t=44958

The end solution was to restart the winmgmt service several times. Does this help at all?
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Top
crystal.then
Posts: 57
Joined: Mon Oct 27, 2014 12:05 am

Re: Problems with WMI service checks

Post by crystal.then »

We have restarted the winmgmt service and the server itself several times, unfortunately it's still not working.
Top
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: Problems with WMI service checks

Post by cdienger »

Is the plugin attempting to use a domain account to connect to these machines?

I think it would be worth going through https://assets.nagios.com/downloads/nag ... ios-XI.pdf and maybe set up a new account just to test to see if something changed with this account.

Furthermore, check out https://support.nagios.com/kb/article/n ... g-579.html and implement the "Force NTLMv2" suggestion as well as the "Additional Permissions" suggestion in it.

If you still run into issues after this please run the tcpdump again with these parameers to get bothsides of the converation:

Code: Select all

tcpdump -s 0 -i <NICName> -w /tmp/<IPAddress>-output.pcap
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Top
crystal.then
Posts: 57
Joined: Mon Oct 27, 2014 12:05 am

Re: Problems with WMI service checks

Post by crystal.then »

Hello,

Yes, the plugin is using a domain account. I have asked the customer to follow the steps for "Additional Permissions", will let you know whether this resolves anything. However at this point I don't suspect permission issues, as we're using the same account to monitor other machines successfully.

The Force NTLMv2 setting does not make a different to the output.

I've found that I can perform a WMIC query from another machine in the customer's network, but the same query (or any other query) fails from Nagios. Given this is the case, I've run the tcpdump again and sent it through to you.
Top
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: Problems with WMI service checks

Post by cdienger »

Check the account and make sure it isn't restricted from connecting to certain machines.

The query you're running from another machine - what are you running exactly?
You do not have the required permissions to view the files attached to this post.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Top
Locked

Return to “Nagios XI”