Q7250015: How to verify WMI access through DCOM?
To test whether you can connect to the remote computer using DCOM, run the following command in Powershell:
New-CimSession -ComputerName REMOTEMACHINE -SessionOption (New-CimSessionOption -Protocol Dcom)
or (with alternate credentials):
New-CimSession -ComputerName REMOTEMACHINE -SessionOption (New-CimSessionOption -Protocol Dcom) -Credential "DOMAIN\USER"
If you have access to the remote computer through DCOM, run the following Powershell command to verify access to WMI from DCO...
Network Monitor > Monitoring Windows / WMI (DCOM)Q7250010: For one of my Windows servers, I get the error: "Unable to connect to [myserver]; WMI Error 0x800706BA: The RPC server is unavailable". We're using WMI through DCOM.
Most common reason are:
DCOM is disabled on that server
Firewall settings on the monitored server block all RPC data
The account used is not a member of the built-in local Administrator
For enabling/disabling DCOM, see FAQ #Q7250017
The solutions are described below.
Firewall Settings
If you use a third-party firewall on the monitored server, check the appropriate settings. If you do not use a third-party firewall, type 'Windows Defender Firewall' in the Search bar of the moni...
Network Monitor > Monitoring Windows / WMI (DCOM) Q7250020: For one of my Windows servers, I get the error: "Unable to connect to [myserver]; WMI Error 0x80070005: Access is denied". We're using WMI through DCOM.
In most situation, the credentials do not suffice. Make sure that the credentials, used for the ActiveXperts Network Monitor Engine service to login, have full permissions on the monitored server.
Or use alternate credentials for the particular check, so that ActiveXperts doesn't use the service credentials but the alternate credentials instead to login and monitor the remote server.
To verify, check WMI without ActiveXperts by running the Windows built-in WMIC utility from the command-line (replace...
Network Monitor > Monitoring Windows / WMI (DCOM) Q7250017: How to enable/disable WMI through DCOM on a standalone Windows server?
Enabling/disabling WMI through DCOM on a standalone Windows server can be done using the following steps:
Open the "Component Services" console by typing "dcomcnfg" in the "Run" dialog box or from the "Start" menu search bar.
In the console, expand the "Component Services" node and then navigate to "Computers -> My Computer -> DCOM Config".
Scroll down and locate the "Windows Management and Instrumentation" entry, right-click on it and select "Properties".
In the "Properties" dialog box, go to...
Network Monitor > Monitoring Windows / WMI (DCOM) Q7250018: How to enable/disable WMI through DCOM on a Windows member server using a Group Policy?
To enable/disable WMI through DCOM on a Windows member server through a group policy, you can follow the steps below:
Open the Group Policy Management Console (GPMC) on a domain controller or a server with the Group Policy Management feature installed.
Create a new Group Policy Object (GPO) or edit an existing one.
In the Group Policy Management Editor, navigate to Computer Configuration -> Policies -> Administrative Templates -> System -> Remote Procedure Call.
Double-click "Restrict Remote RPC C...
Network Monitor > Monitoring Windows / WMI (DCOM) Q7250005: What ports do I need to open in the firewall to enable communication between the ActiveXperts Network Monitor server and the monitored Windows servers? We're using WMI through DCOM.
WMI through DCOM uses TCP ports 135 and 445, as well as dynamically-assigned ports above 1024.
If you monitor Windows machines through a firewall, it is recommended to use WMI over WinRM, because that uses only one port (default: 5986 for secure HTTPs access, or 5985 for non-secure HTTP access).
Network Monitor > Monitoring Windows / WMI (DCOM) Q7250060: We've raised the authentication level to require RPC_C_AUTHN_LEVEL_PKT_INTEGRITY on all of our Windows servers. Is ActiveXperts able to handle it? We're using WMI through DCOM.
By default, ActiveXperts uses the RPC_C_AUTHN_LEVEL_DEFAULT level to connect to remote Windows Servers. This will not suffice for servers that require RPC_C_AUTHN_LEVEL_PKT_INTEGRITY authentication.
You need to change the following registry entry:
HKLM\Software\ActiveXperts\Network Monitor\Server\DCOM\AuthenticationLevel
and set the value to 5, which means: RPC_C_AUTHN_LEVEL_PKT_INTEGRITY
This requires a restart of the 'ActiveXperts Network Monitor Engine' service!
Please note that this ...
Network Monitor > Monitoring Windows / WMI (DCOM) Q7250065: We receive the following error when executing a Windows check: "Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application". We're using WMI through DCOM.
Microsoft has strengthened the authentication used between DCOM clients and servers, ensuring that none of the data transferred between the client and server has been modified.
More more information, see FAQ #Q7250060
Network Monitor > Monitoring Windows / WMI (DCOM) Q7250070: Is there a way to bypass the DCOM hardening changes that forces RPC_C_AUTHN_LEVEL_PKT_INTEGRITY authentication? We're using WMI through DCOM.
Yes you can. First of all, you need to make sure you have the September 2021 patches or later installed.
Registry setting to enable or disable the hardening changes for CVE-2021-26414, you can use the following registry key:
Path : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat
Value Name: "RequireIntegrityActivationAuthenticationLevel"
Type: dword
Value Data: default = 0x00000000 means disabled. 0x00000001 means enabled. If this value is not defined, it will default to enabled.
T...
Network Monitor > Monitoring Windows / WMI (DCOM) Q7250050: When I try to monitor my TMG server, ActiveXperts tells me that the RPC Server is unavailable (error 0x800706BA). We're using WMI through DCOM.
Incoming WMI requests are denied by the TMG policy by default. To enable RPC, open the 'Configure RPC protocol policy' configuration window, and disable the 'Enforce strict RPC compliance' option. This way, the policy will allow RPC type protocol such as DCOM.
Network Monitor > Monitoring Windows / WMI (DCOM)
|