How to debug failed WMI logins

0

0

I can connect to the target machine using wbemtest, but when I try connecting using an application based on J-Interop with the same credentials, the connection fails. I'm trying to figure out why. I tried using this guide to enable tracing on the target computer, but in the WMI-Activity directory in Event Log, I do not see anything when the connection is refused.

Is there any way to figure out why the connection fails? I have administrator access to the remote computer. It could be due to a variety of reasons, for example security policies, authentication method, ...

JohnEye

Posted 2016-11-22T19:57:28.783

Reputation: 1 208

Do you have an error code for the failure? – harrymc – 2016-11-28T19:11:28.470

Please answer . – harrymc – 2016-12-01T20:34:32.587

@harrymc: Sorry, didn't notice that. No, I don't. Actually the problem turned out to be that J-Interop does not support IPv6 properly. It works some of the time, but it's just because going through the wrong code path sometimes chooses a working binding to the host. There's a lot of proprietary magic involved. – JohnEye – 2017-03-24T15:04:04.037

Answers

1

You don't say which application you're using, but this is likely a permissions issue, not a WMI issue (and would explain the absence of WMI errors in the logs).

You say that wbemtest works fine on the target, so it looks like your account has permissions on the target machine. However, the application you're using might not be presenting your credentials to the target when it executes WMI commands. It could be using a service account or your own computer's NetworkService account. These wouldn't be trusted automatically. It could also be using a non-standard port and is therefore being blocked by the remote host's firewall (although this isn't likely unless the application requires an agent on the target). This could also be an issue with DCOM permissions as well.

Some things you could do to the target computer to verify:

NOTE These are for troubleshooting pusposes -- please do this in a controlled environment and don't leave the computer like this!

  • Add the 'Everyone' user to the local admins group. Note that the 'Everyone' user is a local security principal, not an actual user, so you have to fiddle with the scope in the Add Users dialog box to add it successfully.
  • Modify the local security policy of the machine (secpol.msc) to add Anonymous users to the Everyone group (it's under Local Policies -> Security Options -> Network Access: Let Everyone permissions apply to anonymous users).
  • Disable the firewall.
  • Configure DTC security and COM security (both accessed from the Component Services control panel) to enable network access and add the Everyone group full control here too.
  • Also check the security logs for access denied entries (although I have no idea what account context they'd be logged under).
  • If UAC is enabled on your own PC, make sure you're running the application as an administrator. This shouldn't matter to the target but you never know.

If any of this solves your problem, then it's simply a matter of figuring out what security credentials are being provided to the target, and making sure that account has the permissions it needs.

Wes Sayeed

Posted 2016-11-22T19:57:28.783

Reputation: 12 024

I didn't have time to put your suggestions to the test yet, but the bounty expires soon and you were the only one who bothered to answer, so here you go ;-) – JohnEye – 2016-12-04T16:07:07.920

Asked: 2016-11-22T19:57:28.783

Viewed: 152 times

Active: 2016-11-29T01:55:29.783