Why WMI monitor doesn’t use proper credentials?

WMI Query monitor doesn’t use proper credentials, why?

Q: When I use the default credentials on a server that runs Remote Network Agent, it works fine. When I try to access a Windows service on another host in the agent’s subnet, it tries to authenticate using the credentials of primary IPHost Network Monitor, not the remote agent’s ones. Why?

A: The monitor in question most probably uses default credentials instead of custom ones. By default, IPHost Network Monitor uses credentials listed in
“Tools -> Settings -> User Credentials” and the¬† ‘Default Windows Credentials’ are used by default for the All Agents node and inherited by all its children, e.g. a WMI monitor.

To make sure proper credentials are used, select WMI Query monitor in question, uncheck the ‘Inherit from’ checkbox in the Credentials section¬† on the monitor Main parameters tab:

WMI credentials section

Now either select appropriate credentials from the drop-down list or add a new credentials set by clicking on ‘+’ sign.

Note: it is possible to check whether remote WMI Query can be executed using Power Shell. Open it on the computer running IPHost Network Monitor and issue command

Get-WmiObject -Namespace "root\cimv2" -Class Win32_LogicalDisk -ComputerName <REMOTE_IP> -Credential <DOMAIN\User>

Please use real-life IP of remote computer and proper user name instead of templates given in angle brackets. The query above lists local disk drives of the remote computer.

If run successfully, the query outputs something like:

DeviceID     : C:
DriveType    : 3
ProviderName :
FreeSpace    : 94929707008
Size         : 107372769280
VolumeName   : DISKC

If any error message is printed instead, make sure all the prerequisites are met to run a successful WMI Query:

  • Remote Procedure Call service is running on remote host
  • Firewall doesn’t block RPC calls from source computer
  • Proper WMI credentials are used

Note: since Windows Server 2008 R2 and later Windows versions, more actions should be performed to allow WMI access from remote computer. Here’s the sample list of what should initially be done on remote host (where WMI should be run):

  1. Enable access to WMI in firewall. Command-line version looks like this:
netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes

 

  • Start “Remote registry” service
  • Enable remote WMI for given user:
    • Proceed to “Administrative Tools -> Computer Management -> Services and Applications” -> Right click for Properties on ‘WMI Control’ -> Select the Security tab -> Select ‘Root’ -> Press the Security button
    • Select predefined group or username, or add a specific user (must be a Local Administrator). Set ‘Remote Enable’ permission for selected user(s).
  • Add the host that sends remote WMI requests to the list of trusted hosts: run Power Shell as Administrator and issue these commands:
    cd wsman:\localhost\client
    set-item trustedhosts <hostname>
    

    where <hostname> is the host that sends remote WMI requests. Note: add all known host’s DNS names via these commands, if there are more than 1 hostname.

 

Related topics