Solved

WMI Not Working

Posted on 2006-11-13
13
1,959 Views
Last Modified: 2012-06-27
I have some rather extensive WMI scripting in a VB6 application we use for inventorying our computers. Everything has worked great until last week when we started rolling some new machines out. They are Dell computers with Windows XP. The previous machines were also Dell computers with a mix and match of Windows 2000 and Windows XP. Now whenever I try to connect to one of these machines through WMI (remote) I get the error, "Access is Denied" with an error number of -2147024891.  

The connection string I am using is:
Set objWMIService = objLocator.ConnectServer(sIP, "root/cimv2", sUID, sPwd)

As I indicated, this has worked since this past February when I added WMI to the process (we can get complete inventory of resources, etc on a computer and even have a batch job that will pull all information from all computers on the network.

I have checked on a couple of the machines and the WMI service is started and running. Any suggestions/ideas????

Doug
0
Comment
Question by:dbbishop
  • 5
  • 2
  • 2
  • +3
13 Comments
 
LVL 12

Expert Comment

by:jkaios
ID: 17934056
If you're encountering the problem only on Windows XP machines with SP2, then that sounds like the Firewall.  If that's the case, try turning OFF the Firewall and try again and see if it works.
0
 
LVL 15

Author Comment

by:dbbishop
ID: 17934128
It is not the firewall. It is already turned off.
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 17934299
Knee-jerk reaction here - has the password changed?

Other than that, I'd say perhaps there was some policy setting that was changed on the other machines that is not the default.
Unfortunately, you can't be certain of what that is/was.
You could run the resultant policy applet:
click Start->Run->RSOP.MSC <Enter>
on both machines and compare the results.

And/or check the membership of the device in your domain (are these on a domain?)
Have the systems been added to the domain, if so?

Try this as well:
Start->Run->secpol.msc <enter>

Under Local Policies\User Rights Assignment
Check the Log on as a batch job / Log on as a service policies - compare them to a working machine...

Good luck!
~sirbounty
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 12

Expert Comment

by:jkaios
ID: 17934308
Are all the machines on the same domain?

Do all machines have the same username and password, ie, Administrator?

This could be a security issue.  You could easily check by following these simple steps:

1.  Go the the Command Prompt (Start->Run->cmd->OK)
2.  Type: "dir \\machine2\c$" without the quotes and press Enter where machine2 is the name of the other machine
3.  Now, examine the error message that is return by the DIR command and see If you get something like "Logon failure unknown username or bad password"
0
 
LVL 15

Author Comment

by:dbbishop
ID: 17934435
No policy changes at all that I am aware of. We set up a standard password for the administrator. We also use VNC quite extensively for user support (it still works).

No domains.

0
 
LVL 6

Expert Comment

by:tone28
ID: 17935300
Right click My Computer to go manage

Then choose WMI Control under Services and Applications go to properties

There you can see what security root and other services have. If you can't get this far (on anothers machine) then you have a permissions problem.
0
 
LVL 34

Expert Comment

by:sramesh2k
ID: 17936415
Hi Doug,

Could this be a Windows Firewall or DCOM issue? Check this.

Connecting Through Windows Firewall:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/connecting_through_windows_firewall.asp
0
 
LVL 34

Expert Comment

by:sramesh2k
ID: 17936421
Also:

How to troubleshoot WMI-related issues in Windows XP SP2:
http://support.microsoft.com/kb/875605
0
 
LVL 1

Accepted Solution

by:
Mythal earned 500 total points
ID: 17936703
I belive that per default in windows xp machines outside a domain , remote logons are forced to use the guest account. Try writing secpol.msc in the runbox under local policies select security options find "Network access: Sharing and security model for local accounts" if it is set to guest only change it to classic and make a restart.

Also make sure these services are running (or set to automatic)

COM+ Event System
Remote Access Auto Connection Manager
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Procedure Call (RPC) Locator
Remote Registry
Server
Windows Management Instrumentation
Windows Management Instrumentation Driver Extensions
WMI Performance Adapter
Workstation
0
 
LVL 15

Author Comment

by:dbbishop
ID: 17938691
Mytyhal:

Your first suggestion regarding changing the policy under Network access: Sharing and security model for local accounts fixed the problem. Now, does anyone know of a script we can force out to all users to make the change globally (we have Altiris). I am NOT a Windows programmer so would not have the foggiest idea of how to do it.

Thanks,
Doug
0
 
LVL 15

Author Comment

by:dbbishop
ID: 17938881
Better yet, does anyone know (I assume) what registry setting(s) are involved when this change is made? If it is something we could set remotely through Altrris, that would make it easy enough.

Doug
0
 
LVL 1

Expert Comment

by:Mythal
ID: 17939115
Glad it works

I belive the registry that is changing is in

HKLM\System\CurrentControlSet\Control\LSA

it is called forceguest

to turn it off change the value to 0
0
 
LVL 15

Author Comment

by:dbbishop
ID: 17940662
Thanks. Actualy, I did an export of my registry, changed the setting and did another export then compared the two files. That is the same key/value I had found.

Doug
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Most of the time we are in fix when all of sudden our systems behave weirdly.  Such problems cost time and effort... so it's best to take some preventive actions so that we can avoid such issues or overcome such problems more easily. Preventive M…
Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question