Agentless Data Collector WMI Error Troubleshooting

When adding Windows remote hosts to an Agentless Data Collector, occasionally the error output will include a WMI error, usually along with an error code that identifies the issue.

Your first point of call for any issues relating to WMI should be Microsoft, and you can find a guide to the error codes on this page: https://learn.microsoft.com/en-gb/windows/win32/wmisdk/wmi-troubleshooting?redirectedfrom=MSDN

We’ll cover the most commonly seen errors in this article, along with the troubleshooting steps for resolving them.

WMI is a Windows framework produced and managed by Microsoft. Cloudamize Agentless Data Collector utilises this framework when remotely querying Windows hosts, but does not publish or support the WMI framework itself. Please consult with your IT and/or security teams before making any changes to your Windows settings.

RPC Server is Unavailable

This error will appear in the following format in Cloudamize ADC output:

COMException = The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)

The Cloudamize ADC sends WMI commands to remote Windows hosts via the Remote Procedure Call RPC service. When the ADC is unable to use this service, this error message may be output. There are two troubleshooting steps to check in this case:

Changing firewall settings is a security-sensitive action. Cloudamize includes these troubleshooting steps as a how-to guide but cannot actively recommend making any changes to access permissions without following the correct change procedure for your organisation. Please consult with your IT and/or security teams before making any changes listed here.

1. Ensure that the Remote Procedure Call service is running on the Windows remote host that is being added to the ADC (it should appear in Services as RpcSs). If it is stopped it will need to be started.

2. Ensure that the full range of RPC firewall ports are open between the ADC server and the remote host:

   1. TCP port 135 for RPC

   2. The full dynamic RPC port ranges appropriate for the remote host’s OS version:

      1. Windows Server 2008 and later: TCP ports 49152 to 65535

      2. Windows Server 2003 and earlier: TCP ports 1025 to 5000

   3. TCP port 445 for SMB (Server Message Block, required for RPC connections)

The RPC dynamic port ranges are customisable, so if they have been changed in your environment to a different range, use this custom range in place of the previously listed dynamic port ranges.

With the service running and the firewall ports open, you can re-add the remote host and it should clear this error message. If these steps do not clear this error, capture the error output and a copy of the log_backup.txt file in the Cloudamize Agentless DC directory immediately after the error is shown and get in touch with helpdesk@cloudamize.com with these for further assistance.

Access is Denied

This error will usually appear in the following format in the Cloudamize ADC output:

Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

When running commands via remote WMI, additional permissions are checked on the remote host by the Distributed Component Object Model (DCOM). If DCOM is not configured to allow remote WMI commands, it will return this error message and this specific error code, which the ADC will report in its output.

General WMI troubleshooting using the WBEMTEST tool provided by Microsoft may miss this error if the tool is run locally on the server that is producing this error. Local WMI commands and remote WMI commands require different levels of permission, and a particular WMI command that succeeds locally may fail remotely due to insufficient DCOM permissions. It’s important to keep this distinction between local and remote in mind when troubleshooting WMI errors using this, or any other, tool.

Changing DCOM permissions is a security-sensitive action. Cloudamize includes these troubleshooting steps as a how-to guide but cannot actively recommend making any changes to access permissions without following the correct change procedure for your organisation. Please consult with your IT and/or security teams before making any changes listed here.

Microsoft provides advice for configuring DCOM permissions for remote access at this link: https://learn.microsoft.com/en-us/windows/win32/wmisdk/troubleshooting-a-remote-wmi-connection#dcom-access-denied

Full step-by-step instructions are linked here: https://learn.microsoft.com/en-us/windows/win32/wmisdk/securing-a-remote-wmi-connection#setting-dcom-security-to-allow-a-user-to-access-a-computer-remotely

The solution involves allowing the user account (the one connecting from the ADC) Remote Launch and Remote Activation permissions in dcomcnfg (the DCOM configuration file). Please follow the guides as laid out by Microsoft if you are implementing this fix.

If you have updated the DCOM remote launch and remote activation permissions for the user account that the ADC is connecting with and are still experiencing the same error code output when trying to add the remote host, please capture the error output and take a copy of the log_backup.txt file located in the Cloudamize Agentless DC directory and get in touch with helpdesk@cloudamize.com with these.

Management Exception = Access Denied

This error will usually appear in the following format in the Cloudamize ADC output:

management exception=access denied

This error appears when the remote host is not configured to allow local WMI commands for the user account the ADC is connecting with.

Changing WMI permissions is a security-sensitive action. Cloudamize includes these troubleshooting steps as a how-to guide but cannot actively recommend making any changes to access permissions without following the correct change procedure for your organisation. Please consult with your IT and/or security teams before making any changes listed here.

In order to resolve this error, you will need to allow the user account to run WMI commands via the WMI Control Windows snap-in which can be accessed via the Control Panel or by opening a Run window, typing wmimgmt.msc and clicking run.

In the WMI Control settings, locate the user account in question and make sure it has Remote_Access set to true.

If WMI Control shows the user account the ADC is connecting with present and shows Remote_Access is true, please get in touch with helpdesk@cloudamize.com with the ADC error output, a copy of the log_backup.txt file located in the Cloudamize Agentless DC directory, and a screenshot of the WMI Control window from the remote host that is returning the error.