Nagios Support Forum

Hi

I am running Nagios XI 5.6.2, using the check_wmi_plus plugin (v1.6) to interrogate a Windows 10 PC
We have set up a minimal permission account on the Windows PC for the remote monitoring.

I have had problems in the past (see my other posts) but with the exception of checksmart all checks have been working with no problems until now.
The checks have been running with no problems on a test rig since 12 July, then on Friday 9 August at approx 11:32am they all stopped working
I would stress that nothing was changed on the Windows 10 PC at this time, its not even running any applications,we are just using it as a test bed for monitoring.

I have tried running the WMI query from the VM command line and also the monitoring PC Windows CMD prompt and they both now fail (VM command line with Access denied, RPC server unavailable on Win 10). However if i run the same commands with an admin account they both work successfully
Does anyone know of Win10 issues with remote WMI monitoring, and loss of remote WMI capabilities for non admin accounts?

I have restarted the PC being monitored and so far it is still failing to respond to the remote WMI queries for the minimal permission account, admin accounts work OK
(check_wmi_plus checks used are for CPU, Disk usage, memory usage, event log, OS info, uptime, network interfaces)

Thanks

Chris

That's very strange that it would work for a time and then just suddenly stop. I've been looking up the process for getting a non-admin account to be able to run WMI queries, and it looks pretty involved. Can you give us a rundown of the process you went through for your non-admin account? I'll try to replicate it on my side and see if I can get it to report back in a similar way.

Hi Chris,

I've used your script to create a user for running WMI queries. I've run a cmd.exe instance as that user and am running a couple of queries.

Could you also use the script to create a second account, and see if that account is able to run queries? If it is able to run the queries, maybe we can track down a variance between the two accounts.

Hi

I have used the script to create a new user, and that user works ok. So, its just the user that was set up about 30 days ago that has lost its ability to support remote WMI calls

Thanks

Chris

Excellent, so I guess the next step is finding any differences between the two logins. Are you good to take that from here, or do you want to leave this thread open in case you run into any additional questions related to this?

I will leave it open if thats ok.

Thanks

Sounds good. I'll check back in with you on Monday if I haven't heard anything by then.

Hi

The issue was due to the minimal user account password expiring - the monitored PC had incorrectly been built with passwords expiring.
Hopefully all ok now, so thread can be closed.

Thanks

Chris

Chris Hardick wrote:Hi

The issue was due to the minimal user account password expiring - the monitored PC had incorrectly been built with passwords expiring.
Hopefully all ok now, so thread can be closed.

Thanks

Chris

Great!

Locking