Solved

WMI Not Working

Posted on 2006-11-13
13
1,946 Views
Last Modified: 2012-06-27
I have some rather extensive WMI scripting in a VB6 application we use for inventorying our computers. Everything has worked great until last week when we started rolling some new machines out. They are Dell computers with Windows XP. The previous machines were also Dell computers with a mix and match of Windows 2000 and Windows XP. Now whenever I try to connect to one of these machines through WMI (remote) I get the error, "Access is Denied" with an error number of -2147024891.  

The connection string I am using is:
Set objWMIService = objLocator.ConnectServer(sIP, "root/cimv2", sUID, sPwd)

As I indicated, this has worked since this past February when I added WMI to the process (we can get complete inventory of resources, etc on a computer and even have a batch job that will pull all information from all computers on the network.

I have checked on a couple of the machines and the WMI service is started and running. Any suggestions/ideas????

Doug
0
Comment
Question by:dbbishop
  • 5
  • 2
  • 2
  • +3
13 Comments
 
LVL 12

Expert Comment

by:jkaios
ID: 17934056
If you're encountering the problem only on Windows XP machines with SP2, then that sounds like the Firewall.  If that's the case, try turning OFF the Firewall and try again and see if it works.
0
 
LVL 15

Author Comment

by:dbbishop
ID: 17934128
It is not the firewall. It is already turned off.
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 17934299
Knee-jerk reaction here - has the password changed?

Other than that, I'd say perhaps there was some policy setting that was changed on the other machines that is not the default.
Unfortunately, you can't be certain of what that is/was.
You could run the resultant policy applet:
click Start->Run->RSOP.MSC <Enter>
on both machines and compare the results.

And/or check the membership of the device in your domain (are these on a domain?)
Have the systems been added to the domain, if so?

Try this as well:
Start->Run->secpol.msc <enter>

Under Local Policies\User Rights Assignment
Check the Log on as a batch job / Log on as a service policies - compare them to a working machine...

Good luck!
~sirbounty
0
 
LVL 12

Expert Comment

by:jkaios
ID: 17934308
Are all the machines on the same domain?

Do all machines have the same username and password, ie, Administrator?

This could be a security issue.  You could easily check by following these simple steps:

1.  Go the the Command Prompt (Start->Run->cmd->OK)
2.  Type: "dir \\machine2\c$" without the quotes and press Enter where machine2 is the name of the other machine
3.  Now, examine the error message that is return by the DIR command and see If you get something like "Logon failure unknown username or bad password"
0
 
LVL 15

Author Comment

by:dbbishop
ID: 17934435
No policy changes at all that I am aware of. We set up a standard password for the administrator. We also use VNC quite extensively for user support (it still works).

No domains.

0
 
LVL 6

Expert Comment

by:tone28
ID: 17935300
Right click My Computer to go manage

Then choose WMI Control under Services and Applications go to properties

There you can see what security root and other services have. If you can't get this far (on anothers machine) then you have a permissions problem.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 34

Expert Comment

by:sramesh2k
ID: 17936415
Hi Doug,

Could this be a Windows Firewall or DCOM issue? Check this.

Connecting Through Windows Firewall:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/connecting_through_windows_firewall.asp
0
 
LVL 34

Expert Comment

by:sramesh2k
ID: 17936421
Also:

How to troubleshoot WMI-related issues in Windows XP SP2:
http://support.microsoft.com/kb/875605
0
 
LVL 1

Accepted Solution

by:
Mythal earned 500 total points
ID: 17936703
I belive that per default in windows xp machines outside a domain , remote logons are forced to use the guest account. Try writing secpol.msc in the runbox under local policies select security options find "Network access: Sharing and security model for local accounts" if it is set to guest only change it to classic and make a restart.

Also make sure these services are running (or set to automatic)

COM+ Event System
Remote Access Auto Connection Manager
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Procedure Call (RPC) Locator
Remote Registry
Server
Windows Management Instrumentation
Windows Management Instrumentation Driver Extensions
WMI Performance Adapter
Workstation
0
 
LVL 15

Author Comment

by:dbbishop
ID: 17938691
Mytyhal:

Your first suggestion regarding changing the policy under Network access: Sharing and security model for local accounts fixed the problem. Now, does anyone know of a script we can force out to all users to make the change globally (we have Altiris). I am NOT a Windows programmer so would not have the foggiest idea of how to do it.

Thanks,
Doug
0
 
LVL 15

Author Comment

by:dbbishop
ID: 17938881
Better yet, does anyone know (I assume) what registry setting(s) are involved when this change is made? If it is something we could set remotely through Altrris, that would make it easy enough.

Doug
0
 
LVL 1

Expert Comment

by:Mythal
ID: 17939115
Glad it works

I belive the registry that is changing is in

HKLM\System\CurrentControlSet\Control\LSA

it is called forceguest

to turn it off change the value to 0
0
 
LVL 15

Author Comment

by:dbbishop
ID: 17940662
Thanks. Actualy, I did an export of my registry, changed the setting and did another export then compared the two files. That is the same key/value I had found.

Doug
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Xpmode vms all have same IP address. Not using Nat. 6 109
Repair old Windows 2000 boot 15 208
Hyper V vm 4 126
Rebuilding Hive in Windows XP Pro. 17 92
Can you find a fax from a vendor you saved a decade ago in seconds? Have you ever cursed your PC under your breath during an audit because you couldn’t find the requested statement or driver history?  If you answered no to the first question or yes …
Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now