Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Problems with WMI service checks

https://support.nagios.com/forum/viewtopic.php?t=57952

Page 1 of 3

Problems with WMI service checks

Posted: Mon Mar 23, 2020 8:43 pm
by crystal.then
Hi Support,

We're having some issues monitoring two Windows servers via WMI, both throwing different errors.

Server #1:

Code: Select all

Command Line (v1.6): /usr/local/nagios/libexec/check_wmi_plus.pl -d -H <host address> -A <authfile> -m checkdrivesize -a C: -t 30 -w 90 -c 99.9
Base Dir: /usr/local/nagios/libexec
Conf File Dir: /usr/local/nagios/libexec
Loaded Conf File /usr/local/nagios/libexec/check_wmi_plus.conf
Round #1 of 1
QUERY: /usr/bin/wmic '-A' '<authfile>' '--namespace' 'root/cimv2' '//<host address>' 'Select DeviceID,freespace,Size,VolumeName from Win32_LogicalDisk where DriveType=3'
UNKNOWN - Plugin Timed out (30 sec). There are multiple possible reasons for this, some of them include - The host <host address> might just be really busy, it might not even be running Windows.

# /usr/bin/wmic '-A' '<authfile>' '--namespace' 'root/cimv2' '//<host address>' 'Select DeviceID,freespace,Size,VolumeName from Win32_LogicalDisk where DriveType=3'
[wmi/wmic.c:212:main()] ERROR: Retrieve result data.
NTSTATUS: NT code 0xc002001b - NT code 0xc002001b

Server #2:

Code: Select all

# /usr/local/nagios/libexec/check_wmi_plus.pl -d -H <host address> -A <authfile> -m checkdrivesize -a 'C': -t 30 -w '90' -c '99.9'             Command Line (v1.6): /usr/local/nagios/libexec/check_wmi_plus.pl -d -H <host address> -A <authfile> -m checkdrivesize -a C: -t 30 -w 90 -c 99.9
Base Dir: /usr/local/nagios/libexec
Conf File Dir: /usr/local/nagios/libexec
Loaded Conf File /usr/local/nagios/libexec/check_wmi_plus.conf
Round #1 of 1
QUERY: /usr/bin/wmic '-A' '<authfile>' '--namespace' 'root/cimv2' '//<host address>' 'Select DeviceID,freespace,Size,VolumeName from Win32_LogicalDisk where DriveType=3'
OUTPUT: [wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT code 0x800706cc - NT code 0x800706cc

Could not find the CLASS: line - an error occurred
WMI DATA:$VAR1 = [
          [
            {
              '_ColSum_Size' => 0,
              '_QuerySum_Size' => 0,
              '_ColSum_FreeSpace' => 0,
              '_QuerySum_FreeSpace' => 0
            }
          ]
        ];
UNKNOWN - The WMI query had problems. The error text from wmic is: [wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT code 0x800706cc - NT code 0x800706cc

[root@a1c-nxi01 libexec]# /usr/bin/wmic '-A' '<authfile>' '--namespace' 'root/cimv2' '//<host address>' 'Select DeviceID,freespace,Size,VolumeName from Win32_LogicalDisk where DriveType=3'
[wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT code 0x800706cc - NT code 0x800706cc

We are monitoring 100+ other servers with the same setup as these two, so I'm at a loss as to why they're the only ones having issues. Thanks in advance :)

Re: Problems with WMI service checks

Posted: Tue Mar 24, 2020 4:34 pm
by mbellerue
Okay, let's start with the host that isn't responding at all, Server #1. Let's get a tcpdump of the action from Server #1, as well as a server that is functioning properly.

Here is the tcpdump command to run. It would be easiest if you ran it, ran the check against one of the servers, stopped the tcpdump, and then started the process again with a new output filename. But if you want to dump it all in to one file, and just let me know the IP addresses in question, that's fine too.

Code: Select all

tcpdump -Pn -i <NICName> -w /tmp/<IPAddress>-output.pcap
Also, make sure to run the same command that you are running here against both Server #1 and a server that is functioning properly.

Re: Problems with WMI service checks

Posted: Tue Mar 24, 2020 5:52 pm
by crystal.then
Hello, thanks for the reply.

The flags -Pn weren't working for me, so I used -Qin instead - hope that's right.

I've sent you the two files via PM.

Re: Problems with WMI service checks

Posted: Wed Mar 25, 2020 8:40 pm
by Box293
Thanks for the packet capture info.

I notice you used the -d argument for debug information. Can you please replace that with --extrawmicarg "--debuglevel=4" to help further diagnose the issue. This is demonstrated in the following KB article under the WMI Debugging heading:

https://support.nagios.com/kb/article/n ... g-579.html

Re: Problems with WMI service checks

Posted: Wed Mar 25, 2020 9:32 pm
by crystal.then
Hello,

See below for the output with debug level 4 -

Server #1:

Code: Select all

# ./check_wmi_plus.pl -d -H <host address> -A <authfile> -m checkdrivesize -a 'C': -t 30 -w '90' -c '99.9' --extrawmicarg '--debuglevel=4'
Command Line (v1.6): ./check_wmi_plus.pl -d -H <host address> -A <authfile> -m checkdrivesize -a C: -t 30 -w 90 -c 99.9 --extrawmicarg --debuglevel=4
Base Dir: /usr/local/nagios/libexec
Conf File Dir: /usr/local/nagios/libexec
Loaded Conf File /usr/local/nagios/libexec/check_wmi_plus.conf
Extra Wmic Arguments specified:--debuglevel=4
Round #1 of 1
QUERY: /usr/bin/wmic '--debuglevel=4' '-A' '<authfile>' '--namespace' 'root/cimv2' '//<host address>' 'Select DeviceID,freespace,Size,VolumeName from Win32_LogicalDisk where DriveType=3'
UNKNOWN - Plugin Timed out (30 sec). There are multiple possible reasons for this, some of them include - The host <host address> might just be really busy, it might not even be running Windows.



# /usr/bin/wmic '--debuglevel=4' '-A' '<authfile>' '--namespace' 'root/cimv2' '//<host address>' 'Select DeviceID,freespace,Size,VolumeName from Win32_LogicalDisk where DriveType=3'
[param/loadparm.c:587:init_globals()] Initialising global parameters
[param/loadparm.c:2462:lp_load()] lp_load: refreshing parameters from /dev/null
[param/params.c:556:pm_process()] params.c:pm_process() - Processing configuration file "/dev/null"
[param/loadparm.c:2471:lp_load()] pm_process() returned Yes
[param/loadparm.c:1343:lp_add_hidden()] adding hidden service IPC$
[param/loadparm.c:1343:lp_add_hidden()] adding hidden service ADMIN$
[auth/kerberos/krb5_init_context.c:388:smb_krb5_init_context()] krb5_init_context failed (Invalid argument)
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'sasl-DIGEST-MD5' registered
[auth/auth.c:447:auth_register()] AUTH backend 'winbind_samba3' registered
[auth/auth.c:447:auth_register()] AUTH backend 'winbind' registered
[auth/auth.c:447:auth_register()] AUTH backend 'name_to_ntstatus' registered
[auth/auth.c:447:auth_register()] AUTH backend 'fixed_challenge' registered
[auth/auth.c:447:auth_register()] AUTH backend 'unix' registered
[auth/auth.c:447:auth_register()] AUTH backend 'anonymous' registered
[auth/auth.c:447:auth_register()] AUTH backend 'sam' registered
[auth/auth.c:447:auth_register()] AUTH backend 'sam_ignoredomain' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'krb5' registered
[auth/gensec/gensec.c:1205:gensec_register()] gensec subsystem fake_gssapi_krb5 is disabled
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'schannel' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'spnego' registered
[auth/gensec/gensec.c:1205:gensec_register()] gensec subsystem gssapi_spnego is disabled
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'gssapi_krb5' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'gssapi_krb5_sasl' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'ntlmssp' registered
[lib/com/dcom/main.c:528:dcom_determine_rpc_binding()] Using binding ncacn_ip_tcp:<host address>
[librpc/rpc/dcerpc_connect.c:513:continue_map_binding()] Mapped to DCERPC endpoint 135
[lib/com/dcom/main.c:413:determine_rpc_binding_continue2()] dcerpc_ndr_request_recv returned NT_STATUS_OK
[lib/com/dcom/main.c:417:determine_rpc_binding_continue2()] IObjectExporter::ServerAlive returned NT_STATUS_OK
[auth/kerberos/krb5_init_context.c:388:smb_krb5_init_context()] krb5_init_context failed (Invalid argument)
[auth/gensec/gensec_gssapi.c:232:gensec_gssapi_start()] gensec_krb5_start: krb5_init_context failed (Invalid argument)
[auth/gensec/gensec.c:606:gensec_start_mech()] Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INTERNAL_ERROR
[auth/ntlmssp/ntlmssp_client.c:128:ntlmssp_client_challenge()] Got challenge flags:
[auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x62898205
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_CHAL_TARGET_INFO
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
[auth/ntlmssp/ntlmssp_client.c:242:ntlmssp_client_challenge()] NTLMSSP: Set final flags:
[auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x60088205
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
[lib/com/dcom/main.c:570:complete_activation()] Negotiated COM version: 5.1 using binding ncacn_ip_tcp:<host address>[135]
[lib/com/dcom/main.c:1172:bind_new_pipe()] lib/com/dcom/main.c:1172: dcom_get_pipe: host=<host address>, similar=<hostname>[49154]
[auth/ntlmssp/ntlmssp_client.c:128:ntlmssp_client_challenge()] Got challenge flags:
[auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x62898215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_CHAL_TARGET_INFO
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
[auth/ntlmssp/ntlmssp_client.c:242:ntlmssp_client_challenge()] NTLMSSP: Set final flags:
[auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x60088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
[auth/ntlmssp/ntlmssp_sign.c:318:ntlmssp_sign_init()] NTLMSSP Sign/Seal - Initialising with flags:
[auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x60088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
[wmi/wmic.c:196:main()] OK   : Login to remote object.
[wmi/wmic.c:200:main()] OK   : WMI query execute.
[wmi/wmic.c:203:main()] OK   : Reset result of WMI query.
[wmi/wmic.c:212:main()] ERROR: Retrieve result data.
NTSTATUS: NT code 0xc002001b - NT code 0xc002001b

Server #2:

Code: Select all

# ./check_wmi_plus.pl -d -H <host address> -A <authfile> -m checkdrivesize -a 'C': -t 30 -w '90' -c '99.9' --extrawmicarg '--debuglevel=4'     
Command Line (v1.6): ./check_wmi_plus.pl -d -H <host address> -A <authfile> -m checkdrivesize -a C: -t 30 -w 90 -c 99.9 --extrawmicarg --debuglevel=4
Base Dir: /usr/local/nagios/libexec
Conf File Dir: /usr/local/nagios/libexec
Loaded Conf File /usr/local/nagios/libexec/check_wmi_plus.conf
Extra Wmic Arguments specified:--debuglevel=4
Round #1 of 1
QUERY: /usr/bin/wmic '--debuglevel=4' '-A' '<authfile>' '--namespace' 'root/cimv2' '//<host address>' 'Select DeviceID,freespace,Size,VolumeName from Win32_LogicalDisk where DriveType=3'
OUTPUT: [param/loadparm.c:587:init_globals()] Initialising global parameters
[param/loadparm.c:2462:lp_load()] lp_load: refreshing parameters from /dev/null
[param/params.c:556:pm_process()] params.c:pm_process() - Processing configuration file "/dev/null"
[param/loadparm.c:2471:lp_load()] pm_process() returned Yes
[param/loadparm.c:1343:lp_add_hidden()] adding hidden service IPC$
[param/loadparm.c:1343:lp_add_hidden()] adding hidden service ADMIN$
[auth/kerberos/krb5_init_context.c:388:smb_krb5_init_context()] krb5_init_context failed (Invalid argument)
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'sasl-DIGEST-MD5' registered
[auth/auth.c:447:auth_register()] AUTH backend 'winbind_samba3' registered
[auth/auth.c:447:auth_register()] AUTH backend 'winbind' registered
[auth/auth.c:447:auth_register()] AUTH backend 'name_to_ntstatus' registered
[auth/auth.c:447:auth_register()] AUTH backend 'fixed_challenge' registered
[auth/auth.c:447:auth_register()] AUTH backend 'unix' registered
[auth/auth.c:447:auth_register()] AUTH backend 'anonymous' registered
[auth/auth.c:447:auth_register()] AUTH backend 'sam' registered
[auth/auth.c:447:auth_register()] AUTH backend 'sam_ignoredomain' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'krb5' registered
[auth/gensec/gensec.c:1205:gensec_register()] gensec subsystem fake_gssapi_krb5 is disabled
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'schannel' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'spnego' registered
[auth/gensec/gensec.c:1205:gensec_register()] gensec subsystem gssapi_spnego is disabled
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'gssapi_krb5' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'gssapi_krb5_sasl' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'ntlmssp' registered
[lib/com/dcom/main.c:528:dcom_determine_rpc_binding()] Using binding ncacn_ip_tcp:<host address>
[librpc/rpc/dcerpc_connect.c:513:continue_map_binding()] Mapped to DCERPC endpoint 135
[lib/com/dcom/main.c:413:determine_rpc_binding_continue2()] dcerpc_ndr_request_recv returned NT_STATUS_OK
[lib/com/dcom/main.c:417:determine_rpc_binding_continue2()] IObjectExporter::ServerAlive returned NT_STATUS_OK
[auth/kerberos/krb5_init_context.c:388:smb_krb5_init_context()] krb5_init_context failed (Invalid argument)
[auth/gensec/gensec_gssapi.c:232:gensec_gssapi_start()] gensec_krb5_start: krb5_init_context failed (Invalid argument)
[auth/gensec/gensec.c:606:gensec_start_mech()] Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INTERNAL_ERROR
[auth/ntlmssp/ntlmssp_client.c:128:ntlmssp_client_challenge()] Got challenge flags:
[auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x62898205
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_CHAL_TARGET_INFO
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
[auth/ntlmssp/ntlmssp_client.c:242:ntlmssp_client_challenge()] NTLMSSP: Set final flags:
[auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x60088205
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
[wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT code 0x800706cc - NT code 0x800706cc

Could not find the CLASS: line - an error occurred
WMI DATA:$VAR1 = [
          [
            {
              '_ColSum_Size' => 0,
              '_QuerySum_Size' => 0,
              '_ColSum_FreeSpace' => 0,
              '_QuerySum_FreeSpace' => 0
            }
          ]
        ];
UNKNOWN - The WMI query had problems. The error text from wmic is: [param/loadparm.c:587:init_globals()] Initialising global parameters
[param/loadparm.c:2462:lp_load()] lp_load: refreshing parameters from /dev/null
[param/params.c:556:pm_process()] params.c:pm_process() - Processing configuration file "/dev/null"
[param/loadparm.c:2471:lp_load()] pm_process() returned Yes
[param/loadparm.c:1343:lp_add_hidden()] adding hidden service IPC$
[param/loadparm.c:1343:lp_add_hidden()] adding hidden service ADMIN$
[auth/kerberos/krb5_init_context.c:388:smb_krb5_init_context()] krb5_init_context failed (Invalid argument)
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'sasl-DIGEST-MD5' registered
[auth/auth.c:447:auth_register()] AUTH backend 'winbind_samba3' registered
[auth/auth.c:447:auth_register()] AUTH backend 'winbind' registered
[auth/auth.c:447:auth_register()] AUTH backend 'name_to_ntstatus' registered
[auth/auth.c:447:auth_register()] AUTH backend 'fixed_challenge' registered
[auth/auth.c:447:auth_register()] AUTH backend 'unix' registered
[auth/auth.c:447:auth_register()] AUTH backend 'anonymous' registered
[auth/auth.c:447:auth_register()] AUTH backend 'sam' registered
[auth/auth.c:447:auth_register()] AUTH backend 'sam_ignoredomain' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'krb5' registered
[auth/gensec/gensec.c:1205:gensec_register()] gensec subsystem fake_gssapi_krb5 is disabled
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'schannel' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'spnego' registered
[auth/gensec/gensec.c:1205:gensec_register()] gensec subsystem gssapi_spnego is disabled
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'gssapi_krb5' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'gssapi_krb5_sasl' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'ntlmssp' registered
[lib/com/dcom/main.c:528:dcom_determine_rpc_binding()] Using binding ncacn_ip_tcp:<host address>
[librpc/rpc/dcerpc_connect.c:513:continue_map_binding()] Mapped to DCERPC endpoint 135
[lib/com/dcom/main.c:413:determine_rpc_binding_continue2()] dcerpc_ndr_request_recv returned NT_STATUS_OK
[lib/com/dcom/main.c:417:determine_rpc_binding_continue2()] IObjectExporter::ServerAlive returned NT_STATUS_OK
[auth/kerberos/krb5_init_context.c:388:smb_krb5_init_context()] krb5_init_context failed (Invalid argument)
[auth/gensec/gensec_gssapi.c:232:gensec_gssapi_start()] gensec_krb5_start: krb5_init_context failed (Invalid argument)
[auth/gensec/gensec.c:606:gensec_start_mech()] Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INTERNAL_ERROR
[auth/ntlmssp/ntlmssp_client.c:128:ntlmssp_client_challenge()] Got challenge flags:
[auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x62898205
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_CHAL_TARGET_INFO
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
[auth/ntlmssp/ntlmssp_client.c:242:ntlmssp_client_challenge()] NTLMSSP: Set final flags:
[auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x60088205
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
[wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT code 0x800706cc - NT code 0x800706cc

Re: Problems with WMI service checks

Posted: Thu Mar 26, 2020 6:12 pm
by Box293
Lets focus on server 1 first.

Looking at this forum thread:
https://support.nagios.com/forum/viewto ... =7&t=44958

The end solution was to restart the winmgmt service several times. Does this help at all?

Re: Problems with WMI service checks

Posted: Thu Mar 26, 2020 6:15 pm
by crystal.then
We have restarted the winmgmt service and the server itself several times, unfortunately it's still not working.

Re: Problems with WMI service checks

Posted: Fri Mar 27, 2020 3:53 pm
by cdienger
Is the plugin attempting to use a domain account to connect to these machines?

I think it would be worth going through https://assets.nagios.com/downloads/nag ... ios-XI.pdf and maybe set up a new account just to test to see if something changed with this account.

Furthermore, check out https://support.nagios.com/kb/article/n ... g-579.html and implement the "Force NTLMv2" suggestion as well as the "Additional Permissions" suggestion in it.

If you still run into issues after this please run the tcpdump again with these parameers to get bothsides of the converation:

Code: Select all

tcpdump -s 0 -i <NICName> -w /tmp/<IPAddress>-output.pcap

Re: Problems with WMI service checks

Posted: Mon Mar 30, 2020 1:02 am
by crystal.then
Hello,

Yes, the plugin is using a domain account. I have asked the customer to follow the steps for "Additional Permissions", will let you know whether this resolves anything. However at this point I don't suspect permission issues, as we're using the same account to monitor other machines successfully.

The Force NTLMv2 setting does not make a different to the output.

I've found that I can perform a WMIC query from another machine in the customer's network, but the same query (or any other query) fails from Nagios. Given this is the case, I've run the tcpdump again and sent it through to you.

Re: Problems with WMI service checks

Posted: Mon Mar 30, 2020 1:32 pm
by cdienger
Check the account and make sure it isn't restricted from connecting to certain machines.

The query you're running from another machine - what are you running exactly?
All times are UTC-05:00
Page 1 of 3

Powered by phpBB® Forum Software © phpBB Limited