Starting point of a troubleshooting problem is usually an error code and the journey from the error code to the actual failing component might not always be an easy one. In this series, we’ll be taking a look at various WMI error codes and how to investigate and get to the root cause with a particular WMI error code as a starting point.

 

Part 1: Remoting and Security

 

Out of the box, WMI is not able to remote to machine (due to firewall restrictions).  After those restrictions are lifted, lower rights users will not be able to remote to the machine due to a lack of DCOM permissions.  This means that the firewall restrictions must be removed and the DCOM permissions must be changed in order to allow remote access.  Without making the appropriate exceptions in DCOM permissions and Windows Firewall, the operations will fail.  The below table talks about some common errors encountered while connecting to WMI from a remote machine.

 

 

Return Code:

0x80070005

0x800706ba

0x080041003

Meaning:

DCOM Access Denied

RPC Server Unavailable

WMI Access Denied

During Connecting to a WMI namespace

·          The Username/Password does not exist

·          The user does not have the remote launch or remote activation options set. Check dcomcnfg.exe

 

·      The Machine does not exist

·      The Machine cannot respond because the appropriate firewall exceptions have not been made. Check the firewall settings.

·          The user does not have the appropriate WMI permission on a namespace.

 

During Operation

·          The specific user does not have the DCOM permissions.

·          Minimum authentication level needed for the namespace is more than what is used.

 

·          The client machine doesn’t have correct firewall settings for asynchronous callbacks.

·          Connecting to a machine which doesn’t exist.

·          Specific user doesn’t have WMI access permission.

 

 

One moment! How do find out if the error that I got occurred during connecting to a WMI namespace and during an operation (like executing a query etc…)?

WMI ETW tracing can help you get there.

For more on WMI Remoting.

Hope this will help!

Kapil Mathur [MSFT]