Calling wmic with local user from linux box to windows (NT_STATUS_ACCESS_DENIED)

Question

This question has been asked in various forms but none of the solutions worked for me.

I am trying to run icinga from a linux box and one the plugins uses WMI queries. It's failing, so I decided to run simple wmic queries to find the issue. I use the following query:

wmic -U locallogin%'localpass' //myserver.domain.net "select * from Win32_Bios"

where locallogin is a local administrator and localpass is the password. Unfortunately I get the following error:

[wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied

However I get a successful response when I use a domain login. So my theory is that this has nothing to do with network settings but is a user credentials/permissions problem but I have no idea where to look. I should note that I have successfully used a local admin account on another machine on my domain but I can't find any discrepancy between the local user on it and the local user on this other machine.

• I have confirmed firewall settings and the like which I don't think are an issue since I can use a domain login.
• I have tried explicitly adding the locallogin to WMI security via wmimgmt.msc (even though local admins can do it already).
• I have gone into DCOMCNFG -> Component Services -> Computers -> My Computer -> Properties -> Under COM Security and added the user to both sections.
• I have tried this but it didn't work plus since I can run my queries with a domain login I don't think that is the issue.
• I have run both these (just in case) from cmd in elevated permissions: netsh advfirewall firewall set rule group="remote desktop" new enable=Yes and winrm quickconfig.

Is there something I am forgetting? I've removed and re-added the local user, triple checked for typos, etc. but I've been stuck for 2 days now. Any help is appreciated.

Further Info

I've also tried running the following from Powershell on another Windows box from within the same domain:

Get-WmiObject -ComputerName myserver.domain.net -Class Win32_Process -Credential locallogin

Where locallogin is the user that exists on the remote server. This fails with

Get-WmiObject : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

and in the event log on the remote server I see this:

Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xC000006D Sub Status: 0xC0000064

However I am 110% sure the password is good and the user exists.

Answer 1

Of course immediately after I post a bounty it starts working. I didn't reboot or change anything. I have no idea why it is working now.