Starting point of a troubleshooting problem is usually an error code and the journey from the error code to the actual failing component might not always be an easy one. In this series, we’ll be taking a look at various WMI error codes and how to investigate and get to the root cause with a particular WMI error code as a starting point.
Part 1: Remoting and Security
Out of the box, WMI is not able to remote to machine (due to firewall restrictions). After those restrictions are lifted, lower rights users will not be able to remote to the machine due to a lack of DCOM permissions. This means that the firewall restrictions must be removed and the DCOM permissions must be changed in order to allow remote access. Without making the appropriate exceptions in DCOM permissions and Windows Firewall, the operations will fail. The below table talks about some common errors encountered while connecting to WMI from a remote machine.
DCOM Access Denied
RPC Server Unavailable
WMI Access Denied
During Connecting to a WMI namespace
· The Username/Password does not exist
· The user does not have the remote launch or remote activation options set. Check dcomcnfg.exe
· The Machine does not exist
· The Machine cannot respond because the appropriate firewall exceptions have not been made. Check the firewall settings.
· The user does not have the appropriate WMI permission on a namespace.
· The specific user does not have the DCOM permissions.
· Minimum authentication level needed for the namespace is more than what is used.
· The client machine doesn’t have correct firewall settings for asynchronous callbacks.
· Connecting to a machine which doesn’t exist.
· Specific user doesn’t have WMI access permission.
One moment! How do find out if the error that I got occurred during connecting to a WMI namespace and during an operation (like executing a query etc…)?
WMI ETW tracing can help you get there.
Hope this will help!
Kapil Mathur [MSFT]