Page 3 of 4
Re: Check_WMI_Plus error when no results from eventlog
Posted: Thu Jan 19, 2017 6:01 pm
by kgugerty
Does ping run successfully?
Yes
Can you show us the result of a nmap <IP> and nmap <FQDN>?
Code: Select all
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
Searching results of the strace I found this string.
Re: This plugin requires the linux implementation of wmic eg
but I cannot access the resolution.
https://support.nagios.com/forum/viewto ... &p=132909.
Re: Check_WMI_Plus error when no results from eventlog
Posted: Fri Jan 20, 2017 12:23 pm
by mcapra
Can you share the output of the following commands executed from the CLI of your Nagios XI machine:
Code: Select all
ls -al /usr/bin | grep wmi
find / -name wmic
It's possible that check_wmi_plus has the wrong settinc for the location of wmic. It'd be strange for a Nagios XI installation to be missing it completely.
Re: Check_WMI_Plus error when no results from eventlog
Posted: Fri Jan 20, 2017 1:54 pm
by kgugerty
Code: Select all
# ls -al /usr/bin | grep wmi
lrwxrwxrwx 1 root root 19 Jan 11 14:16 wmic -> /usr/local/bin/wmic
-rw-r--r-- 1 root root 52480000 Dec 1 2011 wmic_1.3.13_static_64bit.tar.gz
lrwxrwxrwx 1 root root 19 Jan 9 12:00 wmic.old -> /usr/local/bin/wmic
# find / -name wmic
/usr/bin/wmic
/usr/local/bin/wmic
Re: Check_WMI_Plus error when no results from eventlog
Posted: Fri Jan 20, 2017 3:02 pm
by mcapra
Can you provide copies of the following files from your Nagios XI machine:
Code: Select all
/usr/local/nagios/libexec/check_wmi_plus.ini
/usr/local/nagios/libexec/check_wmi_plus.conf
/usr/local/nagios/libexec/check_wmi_plus.pl
Re: Check_WMI_Plus error when no results from eventlog
Posted: Fri Jan 20, 2017 3:05 pm
by tgriep
In addition to what mcapra is asking, can you run the following command on the XI server and post the output?
Replace xxx.xxx.xxx.xxx with the IP address. Do not use the hostname.
Code: Select all
wmic -U <domain/username>%<password> //xxx.xxx.xxx.xxx "Select * from Win32_ComputerSystem"
Also, run the check_wmi_plus.pl test using the IP address and see if that works.
Re: Check_WMI_Plus error when no results from eventlog
Posted: Fri Jan 20, 2017 3:50 pm
by kgugerty
PM sent to mcapra and tgriep with info requested.
Re: Check_WMI_Plus error when no results from eventlog
Posted: Fri Jan 20, 2017 4:06 pm
by tgriep
Can you install this Microsoft Hotfix and see if that helps out?
https://support.microsoft.com/en-us/hel ... -windows-7
Thanks for the PM, one more question, is there a firewall between the Nagios System and the Windows host that is NATing the IP address?
Re: Check_WMI_Plus error when no results from eventlog
Posted: Tue Jan 24, 2017 4:05 pm
by kgugerty
The hotfix / subsequent update has already been applied to our systems. Additionally, we are not experiencing the memory leak described in that article. One more point about that is the error is present on Windows 2012 servers as well.
Thanks for the PM, one more question, is there a firewall between the Nagios System and the Windows host that is NATing the IP address?
No Firewall between Nagios and the Windows Host.
I was looking into the krb5.conf file. Would this apply? We do not have samba set up, nor is the Nagios server joined to any domain. The logging files below do not actually exist.
Code: Select all
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DOMAIN1.COM
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
GOTOSTRATA.COM = {
kdc = DC1.domain1.com
kdc = DC2.domain1.com
admin_server = DC1.domain1.com
}
[domain_realm]
.domain1.com = DOMAIN1.COM
domain1.com = DOMAIN1.COM
"/etc/krb5.conf" 23L, 488C
Re: Check_WMI_Plus error when no results from eventlog
Posted: Wed Jan 25, 2017 9:50 am
by tgriep
I don't think the wmic application actually uses the krb5.conf file so editing it probably will not change anything.
Verify that your DNS servers are setup in the /etc/resolve.conf file and that should be all it needs to work.
Re: Check_WMI_Plus error when no results from eventlog
Posted: Wed Feb 15, 2017 11:36 am
by kgugerty
This has been an issue for over a month now.
Code: Select all
wmic -U Domain/User%Password --namespace="root\cimv2" --debuglevel 1 //<Serverfqdn> "select * from Win32_OperatingSystem"
[auth/kerberos/kerberos_util.c:236:kinit_to_ccache()] kinit for User@Domain failed (Cannot contact any KDC for requested realm: unable to reach any KDC in realm Domain)
[auth/credentials/credentials_krb5.c:300:cli_credentials_get_client_gss_creds()] Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for requested realm
[lib/com/dcom/main.c:1172:bind_new_pipe()] lib/com/dcom/main.c:1172: dcom_get_pipe: host=<Serverfqdn>, similar=SERVER[49154]
[librpc/rpc/dcerpc_connect.c:329:dcerpc_pipe_connect_ncacn_ip_tcp_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_ncacn_ip_tcp_recv
[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_b_recv
Does anyone know where to find the documentation for the WMIC command used on the Nagios XI VMWare image? Why does it call kinit? is it really necessary? can we bypass it / how?