Share via

MAP Toolkit: Troubleshoot WMI Failures

  • Article

IMPORTANT: Keep checking the MAP Blog and MAP Toolkit Content Index (en-US) for updates and changes , especially after new versions of MAP are released.

You need to determine if the problem is on the MAP side or the network side. Use the WBEMTEST tool as shown in this video and query one of the failing target machines from the MAP machine. Make sure you use the same credentials you used in MAP (Remember: If it is a domain account, it must be domain\user or user@domain).

http://www.youtube.com/watch?v=pqyhu2HtSmw View

If WBEMTEST is successful, then MAP may be saturating the network and causing packets to drop. If that is the case, you can throttle MAP by using the technique in this blog post. Adjust the maximum values up or down as needed to get MAP to inventory the environment as fast as it can without flooding it.

If WBEMTEST also fails with the error, then you have something in the environment that is blocking things. The Wiki article MAP: Prepare the Environment - WMI (en-US) has instructions for enabling the Remote Administration/WMI service through the Windows Firewall using Group Policy. Remember that it can take a couple of hours for the changed Group Policies to take effect.

Many host-based and software-based firewall products will block DCOM traffic across the network adapters on the computer. For example, remote WMI connections will likely fail when attempting to connect to a computer running the Microsoft Internet Security and Acceleration (ISA) Server firewall service. To enable remote WMI access, make sure that the appropriate TCP/UDP ports are open on the computer running the software firewall.

If your firewall doesn't accept listing a service like WMI or Remote Administration like Windows Firewall does, but instead requires specific ports, you will need to open ports 135 and 1024-65535. The reason for this has to do with the way RPC works. WMI uses DCOM to communicate with remote machines, and DCOM uses RPC extensively.

When a computer boots, WMI is assigned a dynamic port by the RPC service. When the MAP computer makes a WMI request, it first talks to the target computer’s RPC Endpoint Mapper which is listening on port 135 and asks it what port has WMI been assigned. The RPC Endpoint Mapper replies with the port for that machine and then MAP sends the WMI query to that port. The port can be different for each machine that MAP tries to connect to, which is why we can’t be more specific than 1024-65535; since many applications and services use RPC for remote communications, this is how they work as well.

See this MSDN topic to force WMI to use a static port. If the machine has already assigned a service to the port you specify, the static port assignment will not work.