Windows WMI monitoring - auth issue
Posted: Tue Apr 02, 2019 6:01 am
I am trying to connect to Windows host from nagios GUI using WMI wizard and it throws an authentication error as shown below, I am using a domain user who is part of administrator user group
However I am able to connect to that same host from the CLI when running
wmic -U ap/domain-user -p password --namespace root/cimv2 //hostname"Select * From Win32_NTLogEvent" -
When I do a basic check using plugin from libexec I get access denied as well as shown below
===========================
Base Dir: /usr/local/nagios/libexec
Conf File Dir: /usr/local/nagios/libexec
Loaded Conf File /usr/local/nagios/libexec/check_wmi_plus.conf
Starting Keep State Mode
STATE FILE: /tmp/cwpss_checkcpu__101920121___.state
Round #1 of 1
QUERY: /usr/bin/wmic '-U' 'USER%PASS' '--namespace' 'root/cimv2' '//xx.x.xx.xx' 'select PercentProcessorTime,Timestamp_Sys100NS from Win32_PerfRawData_PerfOS_Processor where Name="_Total"'
OUTPUT: [librpc/rpc/dcerpc_util.c
dcerpc_pipe_auth_recv()] Failed to bind to uuid xxxxx
- NT_STATUS_NET_WRITE_FAULT
[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c0000022) in dcerpc_pipe_connect_b_recv
[wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied
Could not find the CLASS: line - an error occurred
WMI DATA:$VAR1 = undef;
UNKNOWN - The WMI query had problems. You might have your username/password wrong or the user's access level is too low. Wmic error text on the next line.
[librpc/rpc/dcerpc_util.cdcerpc_pipe_auth_recv()] Failed to bind to uuid xxxxx
- NT_STATUS_NET_WRITE_FAULT
[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c0000022) in dcerpc_pipe_connect_b_recv
[wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied
=====
Below is the error when trying to connect to the remote windows 2012 host from GUI using WMI wizard.
WMI Error Output:
UNKNOWN - The WMI query had problems. You might have your username/password wrong or the user's access level is too low. Wmic error text on the next line.
[librpc/rpc/dcerpc_util.cdcerpc_pipe_auth_recv()] Failed to bind to uuid xxxx
- NT_STATUS_NET_WRITE_FAULT
[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c0000022) in dcerpc_pipe_connect_b_recv
[wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied
However I am able to connect to that same host from the CLI when running
wmic -U ap/domain-user -p password --namespace root/cimv2 //hostname"Select * From Win32_NTLogEvent" -
When I do a basic check using plugin from libexec I get access denied as well as shown below
===========================
Base Dir: /usr/local/nagios/libexec
Conf File Dir: /usr/local/nagios/libexec
Loaded Conf File /usr/local/nagios/libexec/check_wmi_plus.conf
Starting Keep State Mode
STATE FILE: /tmp/cwpss_checkcpu__101920121___.state
Round #1 of 1
QUERY: /usr/bin/wmic '-U' 'USER%PASS' '--namespace' 'root/cimv2' '//xx.x.xx.xx' 'select PercentProcessorTime,Timestamp_Sys100NS from Win32_PerfRawData_PerfOS_Processor where Name="_Total"'
OUTPUT: [librpc/rpc/dcerpc_util.c
dcerpc_pipe_auth_recv()] Failed to bind to uuid xxxxx- NT_STATUS_NET_WRITE_FAULT
[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c0000022) in dcerpc_pipe_connect_b_recv
[wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied
Could not find the CLASS: line - an error occurred
WMI DATA:$VAR1 = undef;
UNKNOWN - The WMI query had problems. You might have your username/password wrong or the user's access level is too low. Wmic error text on the next line.
[librpc/rpc/dcerpc_util.c
dcerpc_pipe_auth_recv()] Failed to bind to uuid xxxxx- NT_STATUS_NET_WRITE_FAULT
[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c0000022) in dcerpc_pipe_connect_b_recv
[wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied
=====
Below is the error when trying to connect to the remote windows 2012 host from GUI using WMI wizard.
WMI Error Output:
UNKNOWN - The WMI query had problems. You might have your username/password wrong or the user's access level is too low. Wmic error text on the next line.
[librpc/rpc/dcerpc_util.c
dcerpc_pipe_auth_recv()] Failed to bind to uuid xxxx- NT_STATUS_NET_WRITE_FAULT
[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c0000022) in dcerpc_pipe_connect_b_recv
[wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied