PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
Searching results of the strace I found this string.
Re: This plugin requires the linux implementation of wmic eg
It's possible that check_wmi_plus has the wrong settinc for the location of wmic. It'd be strange for a Nagios XI installation to be missing it completely.
In addition to what mcapra is asking, can you run the following command on the XI server and post the output?
Replace xxx.xxx.xxx.xxx with the IP address. Do not use the hostname.
Can you install this Microsoft Hotfix and see if that helps out? https://support.microsoft.com/en-us/hel ... -windows-7
Thanks for the PM, one more question, is there a firewall between the Nagios System and the Windows host that is NATing the IP address?
Be sure to check out our Knowledgebase for helpful articles and solutions!
The hotfix / subsequent update has already been applied to our systems. Additionally, we are not experiencing the memory leak described in that article. One more point about that is the error is present on Windows 2012 servers as well.
Thanks for the PM, one more question, is there a firewall between the Nagios System and the Windows host that is NATing the IP address?
No Firewall between Nagios and the Windows Host.
I was looking into the krb5.conf file. Would this apply? We do not have samba set up, nor is the Nagios server joined to any domain. The logging files below do not actually exist.
I don't think the wmic application actually uses the krb5.conf file so editing it probably will not change anything.
Verify that your DNS servers are setup in the /etc/resolve.conf file and that should be all it needs to work.
Be sure to check out our Knowledgebase for helpful articles and solutions!
wmic -U Domain/User%Password --namespace="root\cimv2" --debuglevel 1 //<Serverfqdn> "select * from Win32_OperatingSystem"
[auth/kerberos/kerberos_util.c:236:kinit_to_ccache()] kinit for User@Domain failed (Cannot contact any KDC for requested realm: unable to reach any KDC in realm Domain)
[auth/credentials/credentials_krb5.c:300:cli_credentials_get_client_gss_creds()] Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for requested realm
[lib/com/dcom/main.c:1172:bind_new_pipe()] lib/com/dcom/main.c:1172: dcom_get_pipe: host=<Serverfqdn>, similar=SERVER[49154]
[librpc/rpc/dcerpc_connect.c:329:dcerpc_pipe_connect_ncacn_ip_tcp_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_ncacn_ip_tcp_recv
[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_b_recv
Does anyone know where to find the documentation for the WMIC command used on the Nagios XI VMWare image? Why does it call kinit? is it really necessary? can we bypass it / how?