WMI: wmic linux agent query error: NTSTATUS: NT_STATUS_ACCESS_DENIED
Myself new to wmic and keep trying for a long time with default agent query approach.
wmic is linux based WMI tool to talk to windows WMI agent. While trying to fetch data with wmic from nt(win7 with WMI service running), it's showing access denied in all the cases.
The question is what could be the possible reason, is it Firewall ports, WMI group, file or user permission or something else ? Any kind of hints will be very much helpful.
[root@rhel6 wmic]# wmic -U nt-login-name% //nt-primary-ip "select caption, name, parentprocessid, processid from win32_process"
[librpc/rpc/dcerpc_util.c:1290:dcerpc_pipe_auth_recv()] Failed to bind to uuid 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57 - NT_STATUS_NET_WRITE_FAULT
[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c0000022) in dcerpc_pipe_connect_b_recv
[wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied
Did you use your full credentials with the -U
switch and appending the password with a %?
wmic -U [domain/]adminuser%
password//host "select caption, name, parentprocessid, processid from win32_process""
A query that works for me is this one:
wmic -U NTDOMAIN/administrator%password //192.168.0.73 "select username from Win32_Computersystem"
I just spent hours debugging the same problem and found the security setting Network security: LAN Manager authentication level
to be the crux of the problem, which, on the problematic server was set to Send NTLMv2 response only\refuse LM & NTLM
. Changing this to Send LM & NTLM - use NTLMv2 session security if negotiated
fixes the problem and allows wmic
to connect.