Page 2 of 3
Re: Problems with WMI service checks
Posted: Mon Mar 30, 2020 5:45 pm
by crystal.then
The account is allowed to log on to "All Computers"
The query that works is:
Code: Select all
wmic /NAMESPACE:"root/cimv2" /USER:"domain\user" /PASSWORD:"password" /NODE:"hostname" OS get Caption
I'm running this from a Windows server in the same domain as the target machine.
The wmic query to get the same information from nagios fails:
Code: Select all
wmic -A authfile --namespace root/cimv2 //hostname "select Caption from Win32_ComputerSystem"
I know these commands aren't exactly like for like, however I don't have access to a linux machine in the customer's environment with wmic installed.
The second command I've found always works when the check_wmi_plus plugin works.
Re: Problems with WMI service checks
Posted: Tue Mar 31, 2020 4:22 pm
by cdienger
Looking at the last packet trace that you PM'd me there appears to be some packet loss. You can see it if you apply the filter "tcp.stream eq 34" to the dump in wireshark. Authentication looks to be good and there is clearly back and forth, but you can see all the retransmissions at the end. This is a retransmission of a request/packet from the XI system. It is retransmitting because it doesn't get an acknowledgement to one of it's requests/packets sent to the Windows machine. Eventually the plugin will timeout when it doesn't get a response.
Would it be possible to get a wireshark trace taken on the Windows machine at the same time another tcpdump was taken on XI and you run the plugin? This will at least confirm if we should be looking outside of the two machines at a possible firewall/network issue causing packets to drop.
Re: Problems with WMI service checks
Posted: Wed Apr 01, 2020 5:02 pm
by crystal.then
Hi, thanks for the reply, that sounds promising. I will organise the trace with the customer.
Re: Problems with WMI service checks
Posted: Thu Apr 02, 2020 2:14 pm
by cdienger
Sounds good. Please update us with your findings.
Re: Problems with WMI service checks
Posted: Thu Apr 16, 2020 7:36 pm
by crystal.then
Thanks for your guidance on this one. The customer's network resource managed to idenfity that packets are being dropped at a certain hop, so they will continue investigating for that one.
Could we please take a look at server #2 next?
For this one I suspect an issue with WMI on the host.
From my original post:
Code: Select all
# /usr/local/nagios/libexec/check_wmi_plus.pl -d -H <host address> -A <authfile> -m checkdrivesize -a 'C': -t 30 -w '90' -c '99.9' Command Line (v1.6): /usr/local/nagios/libexec/check_wmi_plus.pl -d -H <host address> -A <authfile> -m checkdrivesize -a C: -t 30 -w 90 -c 99.9
Base Dir: /usr/local/nagios/libexec
Conf File Dir: /usr/local/nagios/libexec
Loaded Conf File /usr/local/nagios/libexec/check_wmi_plus.conf
Round #1 of 1
QUERY: /usr/bin/wmic '-A' '<authfile>' '--namespace' 'root/cimv2' '//<host address>' 'Select DeviceID,freespace,Size,VolumeName from Win32_LogicalDisk where DriveType=3'
OUTPUT: [wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT code 0x800706cc - NT code 0x800706cc
Could not find the CLASS: line - an error occurred
WMI DATA:$VAR1 = [
[
{
'_ColSum_Size' => 0,
'_QuerySum_Size' => 0,
'_ColSum_FreeSpace' => 0,
'_QuerySum_FreeSpace' => 0
}
]
];
UNKNOWN - The WMI query had problems. The error text from wmic is: [wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT code 0x800706cc - NT code 0x800706cc
[root@a1c-nxi01 libexec]# /usr/bin/wmic '-A' '<authfile>' '--namespace' 'root/cimv2' '//<host address>' 'Select DeviceID,freespace,Size,VolumeName from Win32_LogicalDisk where DriveType=3'
[wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT code 0x800706cc - NT code 0x800706cc
Testing the connection to that server from another Windows machine in the same environment, we get the following:
Code: Select all
C:\Users\Administrator>wmic /NAMESPACE:"root/cimv2" /USER:"<username>" /PASSWORD:"<password>" /NODE:"<hostname>" OS get Caption
Node - <hostname>
ERROR:
Description = The endpoint is a duplicate.
Re: Problems with WMI service checks
Posted: Fri Apr 17, 2020 11:15 am
by ssax
Is the user a local admin on that system? If not, did you set permissions on the windows system like the guide below shows starting on page
4?
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
Re: Problems with WMI service checks
Posted: Sun Apr 19, 2020 7:16 pm
by crystal.then
Hi ssax,
Yes the account is local admin of the target server. This is the same account that we use to monitor other servers in the environment, and the setup is the same.
Re: Problems with WMI service checks
Posted: Mon Apr 20, 2020 4:47 pm
by ssax
Is this server connected to a domain?
Can you test from another windows machine with the same credentials following this guide:
Code: Select all
https://community.broadcom.com/enterprisesoftware/communities/community-home/librarydocuments/viewdocument?DocumentKey=025d5291-a260-4a4a-8cf5-b5dc7c20aa3b&CommunityKey=cb959643-2b9f-4caa-a7a3-42f40f1aef91&tab=librarydocuments
What error is displayed (if any)?
Re: Problems with WMI service checks
Posted: Tue Apr 21, 2020 12:31 am
by crystal.then
Yes, the server belongs to the same domain as the account.
Here are the results from wbemtest:
wmi-troubleshooting.png
Re: Problems with WMI service checks
Posted: Tue Apr 21, 2020 2:14 pm
by ssax
Do you see any entries in the windows event log?
If you run this in a powershell admin prompt, does it work?
Code: Select all
Get-WmiObject -class Win32_OperatingSystem | select Caption
If you run a powershell prompt as the user in question (SHIFT+Right Click the powershell link > Run as different user, enter user/pass) and then run the same command, does it work?
Please post all output.