We have been using WMI to connect and monitor windows servers. Recently a new Windows 2022 server was added and now we are getting the below.
WMI Error Output:
UNKNOWN - The WMI query had problems. The error text from wmic is: [wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT code 0x80010111 - NT code 0x80010111
/usr/bin/perl -w /usr/local/nagios/libexec/check_wmi_plus.pl -H IPADDRESS -u USER -p PASSWORD -m info -s os
UNKNOWN - The WMI query had problems. The error text from wmic is: [wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT code 0x80010111 - NT code 0x80010111
WMI with Windows 2022
Re: WMI with Windows 2022
Hello @mcockram
Thanks for reaching out,
Please verify by testing from another windows machine via powershell cmd.
Please follow this guide and validate all of the settings are the same:
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
Thanks,
Perry
Thanks for reaching out,
Please verify by testing from another windows machine via powershell cmd.
Please follow this guide and validate all of the settings are the same:
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
Thanks,
Perry
-
[email protected]
- Posts: 3
- Joined: Tue May 04, 2021 8:17 am
Re: WMI with Windows 2022
Hi,
here is the local output from the failing machine:
PS C:\Users\andaniello> Get-WmiObject -query "SELECT * FROM Win32_OperatingSystem"
SystemDirectory : C:\Windows\system32
Organization :
BuildNumber : 20348
RegisteredUser : Windows User
SerialNumber : 00454-10000-00001-AA844
Version : 10.0.20348
PS C:\Users\andaniello>
from a remote machine:
PS C:\Users\andaniello> Get-WmiObject -query "SELECT * FROM Win32_OperatingSystem" -ComputerName 10.8.101.24
SystemDirectory : C:\Windows\system32
Organization :
BuildNumber : 20348
RegisteredUser : Windows User
SerialNumber : 00454-10000-00001-AA844
Version : 10.0.20348
PS C:\Users\andaniello>
Additionally the nc confirms the port is open from nagios xi system to the windows client:
[njdaniello@pv02947 ~]$ nc -zvv 10.8.101.24 135
Ncat: Version 7.70 ( https://nmap.org/ncat )
NCAT DEBUG: Using system default trusted CA certificates and those in /usr/share/ncat/ca-bundle.crt.
NCAT DEBUG: Unable to load trusted CA certificates from /usr/share/ncat/ca-bundle.crt: error:02001002:system library:fopen:No such file or directory
libnsock nsock_iod_new2(): nsock_iod_new (IOD #1)
libnsock nsock_connect_tcp(): TCP connection requested to 10.8.101.24:135 (IOD #1) EID 8
libnsock nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [10.8.101.24:135]
Ncat: Connected to 10.8.101.24:135.
libnsock nsock_iod_new2(): nsock_iod_new (IOD #2)
Ncat: 0 bytes sent, 0 bytes received in 0.02 seconds.
libnsock nsock_iod_delete(): nsock_iod_delete (IOD #1)
libnsock nsock_iod_delete(): nsock_iod_delete (IOD #2)
[njdaniello@pv02947 ~]$
I reviewed the doc in your second link and all appears good to me.
here is the local output from the failing machine:
PS C:\Users\andaniello> Get-WmiObject -query "SELECT * FROM Win32_OperatingSystem"
SystemDirectory : C:\Windows\system32
Organization :
BuildNumber : 20348
RegisteredUser : Windows User
SerialNumber : 00454-10000-00001-AA844
Version : 10.0.20348
PS C:\Users\andaniello>
from a remote machine:
PS C:\Users\andaniello> Get-WmiObject -query "SELECT * FROM Win32_OperatingSystem" -ComputerName 10.8.101.24
SystemDirectory : C:\Windows\system32
Organization :
BuildNumber : 20348
RegisteredUser : Windows User
SerialNumber : 00454-10000-00001-AA844
Version : 10.0.20348
PS C:\Users\andaniello>
Additionally the nc confirms the port is open from nagios xi system to the windows client:
[njdaniello@pv02947 ~]$ nc -zvv 10.8.101.24 135
Ncat: Version 7.70 ( https://nmap.org/ncat )
NCAT DEBUG: Using system default trusted CA certificates and those in /usr/share/ncat/ca-bundle.crt.
NCAT DEBUG: Unable to load trusted CA certificates from /usr/share/ncat/ca-bundle.crt: error:02001002:system library:fopen:No such file or directory
libnsock nsock_iod_new2(): nsock_iod_new (IOD #1)
libnsock nsock_connect_tcp(): TCP connection requested to 10.8.101.24:135 (IOD #1) EID 8
libnsock nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [10.8.101.24:135]
Ncat: Connected to 10.8.101.24:135.
libnsock nsock_iod_new2(): nsock_iod_new (IOD #2)
Ncat: 0 bytes sent, 0 bytes received in 0.02 seconds.
libnsock nsock_iod_delete(): nsock_iod_delete (IOD #1)
libnsock nsock_iod_delete(): nsock_iod_delete (IOD #2)
[njdaniello@pv02947 ~]$
I reviewed the doc in your second link and all appears good to me.
Re: WMI with Windows 2022
Hello [user][email protected][/user]
Thanks for following up with the details, we see from the message in the previous it does state; 'ERROR: Login to remote object. That could mean permissions or issues with credentials. Let us know if you are logging in with the local Administrator and specifying the hostname as well?
Ran the 'check_wmi_plus.pl' on my test VM with the following results:
[quote]
perl -d:Trace >> /tmp/results.txt /usr/local/nagios/libexec/check_wmi_plus.pl -H 192.168.xxx.xxx -u myhostname/Administrator -p XxXxXxXx -m info -s os
OK - OS is Microsoft Windows Server 2016 Standard Evaluation, (null), Installation Timestamp=20210615095131.000000-300 (160.1 days old)|'OS Installation Age'=160.1days;[/color]
Thanks,
Perry
Thanks for following up with the details, we see from the message in the previous it does state; 'ERROR: Login to remote object. That could mean permissions or issues with credentials. Let us know if you are logging in with the local Administrator and specifying the hostname as well?
Ran the 'check_wmi_plus.pl' on my test VM with the following results:
[quote]
perl -d:Trace >> /tmp/results.txt /usr/local/nagios/libexec/check_wmi_plus.pl -H 192.168.xxx.xxx -u myhostname/Administrator -p XxXxXxXx -m info -s os
OK - OS is Microsoft Windows Server 2016 Standard Evaluation, (null), Installation Timestamp=20210615095131.000000-300 (160.1 days old)|'OS Installation Age'=160.1days;[/color]
Thanks,
Perry
Re: WMI with Windows 2022
We tried both via ip and hostname. It is using the same user/password that is pushed out from active directory as all the other versions of windows, so it should have the same level of access.
pbroste wrote:Hello [user][email protected][/user]
Thanks for following up with the details, we see from the message in the previous it does state; 'ERROR: Login to remote object. That could mean permissions or issues with credentials. Let us know if you are logging in with the local Administrator and specifying the hostname as well?
Ran the 'check_wmi_plus.pl' on my test VM with the following results:perl -d:Trace >> /tmp/results.txt /usr/local/nagios/libexec/check_wmi_plus.pl -H 192.168.xxx.xxx -u myhostname/Administrator -p XxXxXxXx -m info -s os
OK - OS is Microsoft Windows Server 2016 Standard Evaluation, (null), Installation Timestamp=20210615095131.000000-300 (160.1 days old)|'OS Installation Age'=160.1days;[/color]
Thanks,
Perry
Re: WMI with Windows 2022
Below is the debug output
Code: Select all
Command Line (v1.65): /usr/local/nagios/libexec/check_wmi_plus.pl -H 10.8.101.24 -u USER -p PASS -m info -s os -d
Base Dir: /usr/local/nagios/libexec
Conf File Dir: /usr/local/nagios/libexec
Loaded Conf File /usr/local/nagios/libexec/check_wmi_plus.conf
WMI Ini Dir: /usr/local/nagios/libexec
Opening Ini Files ...
opening first ini file: /usr/local/nagios/libexec/check_wmi_plus.ini
checking ini dir /usr/local/nagios/libexec, found 1 file(s)
opening ini file: check_wmi_plus.ini
Global Static Ini Variables: $VAR1 = {};
Found Group info
GROUP MEMBERS $VAR1 = [
'info listsoftware2008',
'info listsoftwarefeatures2008',
'info listsoftware2003',
'info os',
'info net',
'info cpu'
];
Found Member os
Processing INI Section: info os
Settings for this section are:
-------------------------------------------------------------------
customfield => _InstallSec,WMITimestampToAgeSec,InstallDate
_InstallDays,SectoDay,_InstallSec,%.1f
dataregex => 1,2,3
display => _DisplayMsg||~|~| - ||
Caption||OS is |~|||
CSDVersion||~|~|||
InstallDate||Installation Timestamp|| ||
_InstallDays||~|~|~|(| days old)
inihelp => This check shows the Operating System Name and Service Pack version.
It also shows the Installation Date timestamp and age in days.
You can check warn/critical against the age of the Installation Date. The warn/critical specification should be in seconds.
Use the time multipliers to make this simpler. See the section "WARNING and CRITICAL Specification".
eg -w 2yr to test if the installation is older than 2 years.
perf => _InstallDays|days|OS Installation Age
query => Select Caption,CSDVersion,InstallDate From Win32_OperatingSystem
requires => 1.451
static => XP,Microsoft Windows XP Professional,Caption
with SP3,Service Pack 3
HighEndVersion,Professional,_DISABLED
test => _InstallSec
-------------------------------------------------------------------
All Static Ini Variables: $VAR1 = {};
Query Extensions: $VAR1 = [];
Original Query:Select Caption,CSDVersion,InstallDate From Win32_OperatingSystem
New Query:Select Caption,CSDVersion,InstallDate From Win32_OperatingSystem
Round #1 of 1
QUERY: /usr/bin/wmic '-U' 'USER%PASS' '--namespace' 'root/cimv2' '//10.8.101.24' 'Select Caption,CSDVersion,InstallDate From Win32_OperatingSystem'
OUTPUT: [wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT code 0x80010111 - NT code 0x80010111
Could not find the CLASS: line - an error occurred
WMI DATA:$VAR1 = [];
UNKNOWN - The WMI query had problems. The error text from wmic is: [wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT code 0x80010111 - NT code 0x80010111
Re: WMI with Windows 2022
Hello @mcockram
Thanks for following up with the results, as we see the error message is stating that it is unable to login to the remote device. However, when we look back we see that the command Get-WmiObject -query "SELECT * FROM Win32_OperatingSystem" -ComputerName 10.8.101.24 passed (minus the credentials).
I want to go ahead and have you run that command again to include the prompt for credentials. Want to find out if supplying the -Credential switch will pass as well.
Perry
Thanks for following up with the results, as we see the error message is stating that it is unable to login to the remote device. However, when we look back we see that the command Get-WmiObject -query "SELECT * FROM Win32_OperatingSystem" -ComputerName 10.8.101.24 passed (minus the credentials).
I want to go ahead and have you run that command again to include the prompt for credentials. Want to find out if supplying the -Credential switch will pass as well.
Code: Select all
Get-WmiObject -ComputerName 192.168.xxx.xxx -Class Win32_Process -Credential youruseradminPlease let us know the results,mcockram wrote:Below is the debug output
Code: Select all
Command Line (v1.65): /usr/local/nagios/libexec/check_wmi_plus.pl -H 10.8.101.24 -u USER -p PASS -m info -s os -d Base Dir: /usr/local/nagios/libexec Conf File Dir: /usr/local/nagios/libexec Loaded Conf File /usr/local/nagios/libexec/check_wmi_plus.conf WMI Ini Dir: /usr/local/nagios/libexec Opening Ini Files ... opening first ini file: /usr/local/nagios/libexec/check_wmi_plus.ini checking ini dir /usr/local/nagios/libexec, found 1 file(s) opening ini file: check_wmi_plus.ini Global Static Ini Variables: $VAR1 = {}; Found Group info.......................................................................... UNKNOWN - The WMI query had problems. The error text from wmic is: [wmi/wmic.c:196:main()] ERROR: Login to remote object. NTSTATUS: NT code 0x80010111 - NT code 0x80010111
Perry