Solved

WMI Not Working

Posted on 2006-11-13
13
1,965 Views
Last Modified: 2012-06-27
I have some rather extensive WMI scripting in a VB6 application we use for inventorying our computers. Everything has worked great until last week when we started rolling some new machines out. They are Dell computers with Windows XP. The previous machines were also Dell computers with a mix and match of Windows 2000 and Windows XP. Now whenever I try to connect to one of these machines through WMI (remote) I get the error, "Access is Denied" with an error number of -2147024891.  

The connection string I am using is:
Set objWMIService = objLocator.ConnectServer(sIP, "root/cimv2", sUID, sPwd)

As I indicated, this has worked since this past February when I added WMI to the process (we can get complete inventory of resources, etc on a computer and even have a batch job that will pull all information from all computers on the network.

I have checked on a couple of the machines and the WMI service is started and running. Any suggestions/ideas????

Doug
0
Comment
Question by:dbbishop
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +3
13 Comments
 
LVL 12

Expert Comment

by:jkaios
ID: 17934056
If you're encountering the problem only on Windows XP machines with SP2, then that sounds like the Firewall.  If that's the case, try turning OFF the Firewall and try again and see if it works.
0
 
LVL 15

Author Comment

by:dbbishop
ID: 17934128
It is not the firewall. It is already turned off.
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 17934299
Knee-jerk reaction here - has the password changed?

Other than that, I'd say perhaps there was some policy setting that was changed on the other machines that is not the default.
Unfortunately, you can't be certain of what that is/was.
You could run the resultant policy applet:
click Start->Run->RSOP.MSC <Enter>
on both machines and compare the results.

And/or check the membership of the device in your domain (are these on a domain?)
Have the systems been added to the domain, if so?

Try this as well:
Start->Run->secpol.msc <enter>

Under Local Policies\User Rights Assignment
Check the Log on as a batch job / Log on as a service policies - compare them to a working machine...

Good luck!
~sirbounty
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 12

Expert Comment

by:jkaios
ID: 17934308
Are all the machines on the same domain?

Do all machines have the same username and password, ie, Administrator?

This could be a security issue.  You could easily check by following these simple steps:

1.  Go the the Command Prompt (Start->Run->cmd->OK)
2.  Type: "dir \\machine2\c$" without the quotes and press Enter where machine2 is the name of the other machine
3.  Now, examine the error message that is return by the DIR command and see If you get something like "Logon failure unknown username or bad password"
0
 
LVL 15

Author Comment

by:dbbishop
ID: 17934435
No policy changes at all that I am aware of. We set up a standard password for the administrator. We also use VNC quite extensively for user support (it still works).

No domains.

0
 
LVL 6

Expert Comment

by:tone28
ID: 17935300
Right click My Computer to go manage

Then choose WMI Control under Services and Applications go to properties

There you can see what security root and other services have. If you can't get this far (on anothers machine) then you have a permissions problem.
0
 
LVL 34

Expert Comment

by:sramesh2k
ID: 17936415
Hi Doug,

Could this be a Windows Firewall or DCOM issue? Check this.

Connecting Through Windows Firewall:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/connecting_through_windows_firewall.asp
0
 
LVL 34

Expert Comment

by:sramesh2k
ID: 17936421
Also:

How to troubleshoot WMI-related issues in Windows XP SP2:
http://support.microsoft.com/kb/875605
0
 
LVL 1

Accepted Solution

by:
Mythal earned 500 total points
ID: 17936703
I belive that per default in windows xp machines outside a domain , remote logons are forced to use the guest account. Try writing secpol.msc in the runbox under local policies select security options find "Network access: Sharing and security model for local accounts" if it is set to guest only change it to classic and make a restart.

Also make sure these services are running (or set to automatic)

COM+ Event System
Remote Access Auto Connection Manager
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Procedure Call (RPC) Locator
Remote Registry
Server
Windows Management Instrumentation
Windows Management Instrumentation Driver Extensions
WMI Performance Adapter
Workstation
0
 
LVL 15

Author Comment

by:dbbishop
ID: 17938691
Mytyhal:

Your first suggestion regarding changing the policy under Network access: Sharing and security model for local accounts fixed the problem. Now, does anyone know of a script we can force out to all users to make the change globally (we have Altiris). I am NOT a Windows programmer so would not have the foggiest idea of how to do it.

Thanks,
Doug
0
 
LVL 15

Author Comment

by:dbbishop
ID: 17938881
Better yet, does anyone know (I assume) what registry setting(s) are involved when this change is made? If it is something we could set remotely through Altrris, that would make it easy enough.

Doug
0
 
LVL 1

Expert Comment

by:Mythal
ID: 17939115
Glad it works

I belive the registry that is changing is in

HKLM\System\CurrentControlSet\Control\LSA

it is called forceguest

to turn it off change the value to 0
0
 
LVL 15

Author Comment

by:dbbishop
ID: 17940662
Thanks. Actualy, I did an export of my registry, changed the setting and did another export then compared the two files. That is the same key/value I had found.

Doug
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question