Cannot connect to WMI on remote machines

I've written a VB utility that allows me to check registry entries on remote machines.  My code uses WMI to access the remote registry.  On 95% of the machines (Windows XP Pro) this works.

However, on a few machines, remote WMI access seems to be disabled.  Here are the symptoms:

- My WMI call {Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & txtMachine.Text & "\root\default:StdRegProv")} returns error 462 = The remote server machine does not exist or is unavailable.

- the machine can be ping-ed by name

- I can run up Computer Management console, and remotely connect to the machine.  Within Computer Management, I can:
    - view the event log
    - view shared folders and everything under it
    - manage users and groups
    - start and stop services
I cannot right-click on WMI Controls and Properties.  It comes back with "failed to connect to \\name because 'Win32: The RPC server is unavailable'"

- the Remote Procedure Call (RPC) service is automatic and started, as is the Remote Registry service

- All attempts to connect to WMI on the remote fail, whether it's the registry provider, or \root\cimv2 or default.  Anything.  I've checked the permissions on the WMI hierarchy and Administrators have all rights.  Domain Admins are a member of local Administrators, and I am a member of Domain Admins.

- I am able to explore to \\name\c$

- Internet Connection Firewall is not enabled on the Lan Connection

- IP filtering is not enabled

So I give up.  What do I have to enable on these machines to be able to connect to WMI!?

Thank you,
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


2 things to try

1) on the 5% that do not work
right click my computer >> manage >> expand services and applications >>  services >> verify
that the Windows Management Instrumentation is running

2) do these 5% have longer names than the rest?
different naming convention?

Dim strComp as string
strComp =  txtMachine.Text

{Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComp & "\root\default:StdRegProv")}
Sorry didn't read your post close enough

You should check for the blaster worm on those 5%

removal tool:


There is plenty of other documentation regarding this vulnerability if you would like more let me know
Here is a link to another post where EE member CrazyOne
gives all the information needed:
Get a highly available system for cyber protection

The Acronis SDI Appliance is a new plug-n-play solution with pre-configured Acronis Software-Defined Infrastructure software that gives service providers and enterprises ready access to a fault-tolerant system, which combines universal storage and high-performance virtualization.

sstoyanovichAuthor Commented:
Ok.  Thank you for all your suggestions.

Windows Management Instrumentation service is running.  Its partner Windows Management Instrumentation Driver Extensions is Manual and not started, but that's the case on every computer I've looked at, so that seems to be normal.

The names of the machines are quite short, actually.  ESI-586 and ESI-630 are two of them.

These are domain machines.  They all run Norton Anti-Virus Corporate Edition.  Virusdefs are up to date.  I'm doing a full scan for this virus now, and will report back if something is found.

I have also scanned the machine with the removal tool you mentioned, and it did not show as vulnerable.

We deploy patches to all machines regularly.  MS03-026 has been applied to this machine.  I don't see msblast.exe in the Run key in the registry, and I don't see a process called msblast.exe.

So, I don't think it's the virus.  Plus, this problem has been plaquing me for months now.  I just haven't had an opportunity to have one of the offending machines on my desk to play with until now.  :)  I've tried everything I can think of on it, and still can't make WMI work.  

This machine is a laptop.  So is ESI-630.  Actually, it's possible that the ones in New York are laptops too.  Does this help?  The one here is an IBM Thinkpad.  Not ghosted - straight as it came plus we installed our apps on it.  They're all Windows XP Professional with SP1.

Please help.  Thanks!

Some other things to check (or to guess):
1) on xp machines run the resultant set of policy mmc snap-in,
perhaps "access this computer from network" is set under user rights assignments

2) one sure way to test if it is somehow a group policy issue would be to
put a computer that doesn't error out into the OU of one that does
then run gpupdate /force from the command line.

3) on the machines that don't work, run the program on the machine itself using
the "." instead of txtMachine.text.

4) audit logon events and check the logs to see if anything is getting denied access.
This might also give us a better idea of how it is suppose to connect

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial

Have a look at this article in the MSKB, I think it will sort it out for you.

sstoyanovichAuthor Commented:
Reply to mdiglio:

1) access this computer from the network is not defined as per RSoP

2) I am able to access WMI on other machines in the same OU as the offending machines.  I have also tried moving the offending machine into a different OU - where other good machines reside - but still the same problem.

3) When I run my app locally on the machine, it all works fine.

4) No additional eventlog messages appeared

I've also tried it by ip address, but still same problem.

I also just ran windows update and applied everything.

Hey!  I solved it!  It was CheckPoint SecuRemote VPN client.  Grrrrr.  I was disabling it, but that wasn't enough.  It had to be *uninstalled*!!  For Pete's sake.  A lot of laptop users use it to VPN into the office from home.

sstoyanovichAuthor Commented:
I gave the points to mdiglio although in the end I solved the problem myself.  Along the way, you gave me a lot of good things to check, and these will likely help me troubleshoot similar problems in the future.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.