jtcomstock
asked on
Group Policy Modeling and WMI service
I'm trying to run the Group Policy Results Wizard against machines in my network to see how the policy policies are being applied. I have picked several PCs and get the same error from all, which is:
"Failed to connect to domain name\machine name due to error listed below. Ensure that the Windows Management Instrumentation (WMI) service is enabled on the target computer, and consult the event log of the target computer for further details. The RPC server is unavailable."
I've looked at the of the notes in this forum related to the issue and they point to checking that RPC is running on the XP systems. I've confirmed this is service is running by "net start rpcss". Still no luck. I've tried this on a couple of XP machines in the office and get the same result.
I though the Norton Internet Security application was blocking access so I disabled it, same result.
I've looked at the event viewer of the PCs and have no entries pointing to issues with this service. I also tried to run MBSA and am denied access.
Please let me know what I'm missing.
Jason
"Failed to connect to domain name\machine name due to error listed below. Ensure that the Windows Management Instrumentation (WMI) service is enabled on the target computer, and consult the event log of the target computer for further details. The RPC server is unavailable."
I've looked at the of the notes in this forum related to the issue and they point to checking that RPC is running on the XP systems. I've confirmed this is service is running by "net start rpcss". Still no luck. I've tried this on a couple of XP machines in the office and get the same result.
I though the Norton Internet Security application was blocking access so I disabled it, same result.
I've looked at the event viewer of the PCs and have no entries pointing to issues with this service. I also tried to run MBSA and am denied access.
Please let me know what I'm missing.
Jason
ASKER
Jeff,
I did follow the connectcomputer process and it all appeared to have gone well. Users have not problems with Exchange.
Took a look at the article and it doesn't appear to apply for the XP machines.
Have you seen where computers have gone through the connect computer process with no errors, but then have this type of issue.
I'm at another customer's site and have the same problem. All the computers here were added through connect computer.
Jason
I did follow the connectcomputer process and it all appeared to have gone well. Users have not problems with Exchange.
Took a look at the article and it doesn't appear to apply for the XP machines.
Have you seen where computers have gone through the connect computer process with no errors, but then have this type of issue.
I'm at another customer's site and have the same problem. All the computers here were added through connect computer.
Jason
Yes, I have seen it when the computer accounts have been moved from the default OU in Active Directory. They should all be in \MyBusiness\Computers\SBSC
If you haven't moved them, then please log into one of the problem workstations and run a "gpresult" command and post the results here.
Jeff
TechSoEasy
If you haven't moved them, then please log into one of the problem workstations and run a "gpresult" command and post the results here.
Jeff
TechSoEasy
ASKER
Jeff,
I was able to RDP into the server and the users are in the default group you mentioned. The workstations are shutdown for the night. I'll be onsite tomorrow and will get the gpresults.
Jason
I was able to RDP into the server and the users are in the default group you mentioned. The workstations are shutdown for the night. I'll be onsite tomorrow and will get the gpresults.
Jason
I generally advise clients to not shut down workstations at night. This is when they have the opportunity to get important updates, and would also be a good time if you ever needed to perform remote maintenance. The power configuration should be set to turn off the monitor as well as the hard drives after a certain period of non-use. However, actually shutting down the system only reduces the power it consumes in a very minimal way since computers that are plugged in are always actually "on".
Jeff
TechSoEasy
Jeff
TechSoEasy
ASKER
Jeff,
I'm with you and I give that advice. Some habits are hard to break.
Jason
I'm with you and I give that advice. Some habits are hard to break.
Jason
Yeah, they are... but they're much easier to break with Group Policies... you can inhibit the ability to shut a machine down. :-) (or if they use the power switch, it can be set to power itself back on at a certain time as well!)
Jeff
TechSoEasy
Jeff
TechSoEasy
ASKER
Good suggestion.
Do you know if there is a GPO object that enables the num lock. I have a laptop that boots up with num lock on, which makes it challenging for the users. I've look in the setup via F2 and cannot find a setting in there. I looked through Group Policies and didn't find it.
Jason
Do you know if there is a GPO object that enables the num lock. I have a laptop that boots up with num lock on, which makes it challenging for the users. I've look in the setup via F2 and cannot find a setting in there. I looked through Group Policies and didn't find it.
Jason
Numlock is a BIOS setting so it needs to be set there. If it's an IBM ThinkPad, then you will find the NumLock setting in IBM ThinkPad management tools I believe.
Okay, that's your freebie question. :-)
Jeff
TechSoEasy
Okay, that's your freebie question. :-)
Jeff
TechSoEasy
ASKER
Thanks Jeff,
Its a Dell, so I'll search around for the answer.
Its a Dell, so I'll search around for the answer.
ASKER
Jeff,
Here is the GPresults. Looks like WMI is being denied, but not sure as to why.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Administrator.PIA
Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 6/9/2006 at 4:26:58 PM
RSOP results for PIA\administrator on STATIC-PC-0 : Logging Mode
--------------------------
OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: PIA
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
Roaming Profile:
Local Profile: C:\Documents and Settings\Administrator.PIA
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=STATIC-PC-0,OU=SBSCompu
ffice
Last time Group Policy was applied: 6/9/2006 at 3:36:34 PM
Group Policy was applied from: SERVER.pia.office
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
--------------------------
SMB signing Disabled
Default Domain Policy
Small Business Server Domain Password Policy
Small Business Server Remote Assistance Policy
Small Business Server Windows Firewall
Small Business Server Client Computer
Small Business Server Lockout Policy
The following GPOs were not applied because they were filtered out
--------------------------
Small Business Server Internet Connection Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PreSP2
Local Group Policy
Filtering: Not Applied (Empty)
Small Business Server Folder Redirection
Filtering: Not Applied (Empty)
The computer is a part of the following security groups:
--------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
STATIC-PC-0$
Domain Computers
USER SETTINGS
--------------
CN=Administrator,CN=Users,
Last time Group Policy was applied: 6/9/2006 at 4:25:45 PM
Group Policy was applied from: SERVER.pia.office
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
--------------------------
Default Domain Policy
Small Business Server Folder Redirection
The following GPOs were not applied because they were filtered out
--------------------------
Small Business Server Internet Connection Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PreSP2
Small Business Server Client Computer
Filtering: Not Applied (Empty)
Small Business Server Domain Password Policy
Filtering: Not Applied (Empty)
Small Business Server Lockout Policy
Filtering: Disabled (GPO)
SMB signing Disabled
Filtering: Not Applied (Empty)
Small Business Server Windows Firewall
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
Small Business Server Remote Assistance Policy
Filtering: Disabled (GPO)
The user is a part of the following security groups:
--------------------------
Domain Users
Everyone
Offer Remote Assistance Helpers
BUILTIN\Users
BUILTIN\Administrators
REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
Group Policy Creator Owners
Domain Admins
SBS Mobile Users
SBS Report Users
Schema Admins
Enterprise Admins
Offer Remote Assistance Helpers
Here is the GPresults. Looks like WMI is being denied, but not sure as to why.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Administrator.PIA
Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 6/9/2006 at 4:26:58 PM
RSOP results for PIA\administrator on STATIC-PC-0 : Logging Mode
--------------------------
OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: PIA
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
Roaming Profile:
Local Profile: C:\Documents and Settings\Administrator.PIA
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=STATIC-PC-0,OU=SBSCompu
ffice
Last time Group Policy was applied: 6/9/2006 at 3:36:34 PM
Group Policy was applied from: SERVER.pia.office
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
--------------------------
SMB signing Disabled
Default Domain Policy
Small Business Server Domain Password Policy
Small Business Server Remote Assistance Policy
Small Business Server Windows Firewall
Small Business Server Client Computer
Small Business Server Lockout Policy
The following GPOs were not applied because they were filtered out
--------------------------
Small Business Server Internet Connection Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PreSP2
Local Group Policy
Filtering: Not Applied (Empty)
Small Business Server Folder Redirection
Filtering: Not Applied (Empty)
The computer is a part of the following security groups:
--------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
STATIC-PC-0$
Domain Computers
USER SETTINGS
--------------
CN=Administrator,CN=Users,
Last time Group Policy was applied: 6/9/2006 at 4:25:45 PM
Group Policy was applied from: SERVER.pia.office
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
--------------------------
Default Domain Policy
Small Business Server Folder Redirection
The following GPOs were not applied because they were filtered out
--------------------------
Small Business Server Internet Connection Firewall
Filtering: Denied (WMI Filter)
WMI Filter: PreSP2
Small Business Server Client Computer
Filtering: Not Applied (Empty)
Small Business Server Domain Password Policy
Filtering: Not Applied (Empty)
Small Business Server Lockout Policy
Filtering: Disabled (GPO)
SMB signing Disabled
Filtering: Not Applied (Empty)
Small Business Server Windows Firewall
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
Small Business Server Remote Assistance Policy
Filtering: Disabled (GPO)
The user is a part of the following security groups:
--------------------------
Domain Users
Everyone
Offer Remote Assistance Helpers
BUILTIN\Users
BUILTIN\Administrators
REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
Group Policy Creator Owners
Domain Admins
SBS Mobile Users
SBS Report Users
Schema Admins
Enterprise Admins
Offer Remote Assistance Helpers
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Jeff,
I ran this from the command windows of the PC to see why MBSA and Group Policy Results were being blocked. Both tools came back with the WMI error when run from the server. I had targetted this machine and then went to the local machine to get the results.
For some reason, MBSA and GP modeling don't want to collect results.
Let me know what you think.
Jason
I ran this from the command windows of the PC to see why MBSA and Group Policy Results were being blocked. Both tools came back with the WMI error when run from the server. I had targetted this machine and then went to the local machine to get the results.
For some reason, MBSA and GP modeling don't want to collect results.
Let me know what you think.
Jason
Would you mind posting an IPCONFIG /ALL from both the server and the workstation? I think I have an idea, but need to review your network settings for each.
(this is one of those troubleshooting issues that I would just sit at and poke at a few things until something made sense... but I think it'll only take a couple of pokes... thanks for your patience).
Jeff
TechSoEasy
(this is one of those troubleshooting issues that I would just sit at and poke at a few things until something made sense... but I think it'll only take a couple of pokes... thanks for your patience).
Jeff
TechSoEasy
ASKER
Jeff,
Here is what I get when I run GPResults from the command line on the server.
C:\Documents and Settings\Administrator>GPR
ERROR: The RPC server is unavailable.
IPCONFIG from Server
C:\Documents and Settings\Administrator>ipc
Windows IP Configuration
Host Name . . . . . . . . . . . . : SERVER
Primary Dns Suffix . . . . . . . : pia.office
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : pia.office
Ethernet adapter Network Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #2
Physical Address. . . . . . . . . : 00-10-18-18-CF-4F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.168.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.168.1
DNS Servers . . . . . . . . . . . : 192.168.168.10
Primary WINS Server . . . . . . . : 192.168.168.10
C:\Documents and Settings\Administrator>
IPCONFIG from static-pc-0
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Program Files\Windows Resource Kits\Tools>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : static-pc-0
Primary Dns Suffix . . . . . . . : pia.office
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : pia.office
pia.office
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : pia.office
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connecti
on
Physical Address. . . . . . . . . : 00-13-20-4F-85-47
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.168.19
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.168.1
DHCP Server . . . . . . . . . . . : 192.168.168.10
DNS Servers . . . . . . . . . . . : 192.168.168.10
Primary WINS Server . . . . . . . : 192.168.168.10
Lease Obtained. . . . . . . . . . : Friday, June 09, 2006 12:08:13 PM
Lease Expires . . . . . . . . . . : Saturday, June 17, 2006 12:08:13 PM
C:\Program Files\Windows Resource Kits\Tools>
Thanks for taking the time to explore this issue.
Here is what I get when I run GPResults from the command line on the server.
C:\Documents and Settings\Administrator>GPR
ERROR: The RPC server is unavailable.
IPCONFIG from Server
C:\Documents and Settings\Administrator>ipc
Windows IP Configuration
Host Name . . . . . . . . . . . . : SERVER
Primary Dns Suffix . . . . . . . : pia.office
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : pia.office
Ethernet adapter Network Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #2
Physical Address. . . . . . . . . : 00-10-18-18-CF-4F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.168.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.168.1
DNS Servers . . . . . . . . . . . : 192.168.168.10
Primary WINS Server . . . . . . . : 192.168.168.10
C:\Documents and Settings\Administrator>
IPCONFIG from static-pc-0
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Program Files\Windows Resource Kits\Tools>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : static-pc-0
Primary Dns Suffix . . . . . . . : pia.office
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : pia.office
pia.office
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : pia.office
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connecti
on
Physical Address. . . . . . . . . : 00-13-20-4F-85-47
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.168.19
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.168.1
DHCP Server . . . . . . . . . . . : 192.168.168.10
DNS Servers . . . . . . . . . . . : 192.168.168.10
Primary WINS Server . . . . . . . : 192.168.168.10
Lease Obtained. . . . . . . . . . : Friday, June 09, 2006 12:08:13 PM
Lease Expires . . . . . . . . . . : Saturday, June 17, 2006 12:08:13 PM
C:\Program Files\Windows Resource Kits\Tools>
Thanks for taking the time to explore this issue.
ASKER
Jeff,
I haven't seen a reply and just want to check in on this one.
Jason
I haven't seen a reply and just want to check in on this one.
Jason
Sorry about that, I thought I had posted back... anyhow, it's the XP firewall:
http://support.microsoft.com/kb/883611
Jeff
TechSoEasy
http://support.microsoft.com/kb/883611
Jeff
TechSoEasy
The usual reason for this is due to workstations not being added to the SBS domain correctly with the http://<servername>/connectcomput
If you did not add the workstations to the domain in this manner you need to correct this by following these steps:
The following needs to be done with the client machine:
1. Log in with THAT machine's LOCAL administrator account.
2. Unjoin the domain into a WORKGROUP
3. Change the name of the computer
4. Delete or rename the following directory C:\Program Files\Microsoft Windows Small Business Server\Clients if it exists
5. Ensure that DHCP is enabled and there are no manually configured network settings
6. Reboot
Then on the server, from the Server Management Console:
1. Remove the client computers if it still shows in the Client Computer screen on the Server Management Console
2. Add the client with it's NEW name using the Add Computer wizard
Then, go back to the client machine and join the domain by opening Internet Explorer and navigating to http://servername/connectcomputer
Jeff
TechSoEasy