Bobcares
Client Area
Emergency Support
Latest | Server Management

WMI errors in Nagios – Troubleshoot and fix the errors

by | May 16, 2021

Nagios Core and Nagios XI are capable of monitoring Windows machines via WMI. So it is best to troubleshoot WMI errors in Nagios as soon as possible.

As part of our Server Management Services, we assist our customers with several Nagios queries.

Today, let us see the troubleshooting steps for WMI problems.

 

WMI errors in Nagios

Moving ahead, let us discuss various errors and how to troubleshoot them.

Debug

Enabling debug can help diagnose the source of the issue.

There are two different types of debugging options available:

  • check_wmi_plus.pl Plugin Debugging

This method is for the plugin itself.

Suppose we are to execute a command. Here, using -d will produce extra debug information.

For example,

/usr/local/nagios/libexec/check_wmi_plus.pl -H 10.25.14.3 -u wmiagent -p wmiagent -m checkcpu -w ’80’ -c ’90’ -d

In the output, the first and last few lines are our information:

Base Dir: /usr/local/nagios/libexec
Conf File Dir: /usr/local/nagios/libexec
Loaded Conf File /usr/local/nagios/libexec/check_wmi_plus.conf
Starting Keep State Mode
STATE FILE: /tmp/cwpss_checkcpu__1025143___.state
…
UNKNOWN – The WMI query had problems. You might have your username/password wrong or the user’s access level is too low. Wmic error text on the next line.
[librpc/rpc/dcerpc_util.c:1290:dcerpc_pipe_auth_recv()] Failed to bind to uuid 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57 – NT_STATUS_NET_WRITE_FAULT
[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c0000022) in dcerpc_pipe_connect_b_recv
[wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT_STATUS_ACCESS_DENIED – Access denied

  • WMI Debugging

This method will produce WMI API debugging output. The –extrawmicarg argument passes native WMI arguments which can help identify issues.

In a command, using –extrawmicarg “–debuglevel=4” will produce extra debug information.

For example,

/usr/local/nagios/libexec/check_wmi_plus.pl -H 10.25.14.3 -u wmiagent -p wmiagent -m checkcpu -w ’80’ -c ’90’ –extrawmicarg “–debuglevel=4”

Like the prior, the first and last few lines in the output is our information:

UNKNOWN – The WMI query had problems. You might have your username/password wrong or the user’s access level is too low. Wmic error text on the next line.
[param/loadparm.c:587:init_globals()] Initialising global parameters
[param/loadparm.c:2462:lp_load()] lp_load: refreshing parameters from /dev/null
[param/params.c:556:pm_process()] params.c:pm_process() – Processing configuration file “/dev/null”
[param/loadparm.c:2471:lp_load()] pm_process() returned Yes
…
[auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x60088205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
[librpc/rpc/dcerpc_util.c:1290:dcerpc_pipe_auth_recv()] Failed to bind to uuid 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57 – NT_STATUS_NET_WRITE_FAULT
[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c0000022) in dcerpc_pipe_connect_b_recv
[wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT_STATUS_ACCESS_DENIED – Access denied

FQDN vs IP Address

It is possible for us to see an error like this:

[librpc/rpc/dcerpc_connect.c:329:dcerpc_pipe_connect_ncacn_ip_tcp_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_ncacn_ip_tcp_recv
[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_b_recv
CLASS: Win32_ComputerSystem

This never occurs when querying a Windows machine via an IP address. However, it occurs when we use an FQDN DNS record (intermittently).

The solution here is to change the check_wmi_plus.pl plugin to resolve the DNS record to an IP address before performing the query.

Perform A Raw Query

Performing a query directly on the Windows machine is helpful. This helps to confirm that WMI is working and the data actually exists.

The first step is to identify the query WMI performs. We can obtain it by executing the plugin with debugging enabled.

For example,

/usr/local/nagios/libexec/check_wmi_plus.pl -H 10.25.14.3 -u wmiagent -p wmiagent -m checkcpu -d

Our output will be like this:

Round #2 of 2
QUERY: /usr/bin/wmic ‘-U’ ‘USER%PASS’ ‘–namespace’ ‘root/cimv2’ ‘//10.25.14.3’ ‘select PercentProcessorTime,Timestamp_Sys100NS from Win32_PerfRawData_PerfOS_Processor where Name=”_Total”‘

Since we have the information, we open PowerShell on the Windows machine and run:

Get-WmiObject -Query ‘select PercentProcessorTime,Timestamp_Sys100NS from Win32_PerfRawData_PerfOS_Processor where Name=”_Total”‘

Successful output will be like this:

__GENUS : 2
__CLASS : Win32_PerfRawData_PerfOS_Processor
__SUPERCLASS :
__DYNASTY :
__RELPATH :
__PROPERTY_COUNT : 2
__DERIVATION : {}
__SERVER :
__NAMESPACE :
__PATH :
PercentProcessorTime : 51966897119
Timestamp_Sys100NS : 131374922305304314

The last two lines indicate the objects being queried and that they actually have values.

Instead, if there were problems, we will not get this output.

Administrative Permissions

Sometimes the standard permission levels do not expose all the monitoring capabilities of the WMI plugin.

Then, we can elevate permissions by adding the WMI user to one of the two local groups:

  • Performance Monitor Users
  • Administrators

Access Denied When Using Domain Account

While authenticating with a Windows domain account, we may come across:

UNKNOWN – The WMI query had problems. You might have your username/password wrong or the user’s access level is too low. Wmic error text on the next line.
[librpc/rpc/dcerpc_util.c:1290:dcerpc_pipe_auth_recv()] Failed to bind to uuid 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57 – NT_STATUS_NET_WRITE_FAULT
[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c0000022) in dcerpc_pipe_connect_b_recv
[wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT_STATUS_ACCESS_DENIED – Access denied

The solution to this problem is to use a forward slash /to separate the domain name and user account.

For instance,

/usr/local/nagios/libexec/check_wmi_plus.pl -H 10.25.14.3 -u your_domain/wmiagent -p wmiagent -m checkcpu

Force NTLMv2

At times, we may have to force the plugin to use NTLMv2. This can be done globally.

To do so, we open the check_wmi_plus.conf file in a text editor.

vi /usr/local/nagios/libexec/check_wmi_plus.conf

Then we locate the following line:

our @opt_extra_wmic_args=(); # extra arguments to pass to wmic

Add “–option=client ntlmv2 auth=Yes” in between the brackets as follows:

our @opt_extra_wmic_args=(“–option=client ntlmv2 auth=Yes”); # extra arguments to pass to wmic

Once done, we save the changes and close the file.

[Find it hard to troubleshoot? We are here to assist you]

 

Conclusion

In short, we saw different possible WMI errors in Nagios. In addition, we saw how our Support Techs troubleshoot them.

Related posts:

  1. Import Config Files From Nagios Core into Nagios XI
  2. Monitor Unconfigured Objects With Nagios
  3. NCPA For Passive Checks – Using Nagios Remote Data Processor
  4. Monitor Website Defacement With Nagios XI

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. Import Config Files From Nagios Core into Nagios XI
  2. Monitor Unconfigured Objects With Nagios
  3. NCPA For Passive Checks – Using Nagios Remote Data Processor
  4. Monitor Website Defacement With Nagios XI

Never again lose customers to poor
server speed! Let us help you.

GET STARTED

Privacy Preference Center

Consent Management

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience.

Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Privacy Policy

Required
By using this site, you agree to our Privacy Policy.

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

Cookies Used

Required
PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]

livechat.bobcares.com

Opt Out
PHPSESSID

my.bobcares.com

Opt Out
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

Cookies Used

_ga, _gat, _gid

google.com

Opt Out
_ga, _gat, _gid

manager.smartlook.com

Opt Out
smartlookCookie

clarity.microsoft.com

Opt Out
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

Cookies Used

IDE, test_cookie, 1P_JAR, NID, DV, NID

doubleclick.net

Opt Out
IDE, test_cookie

google.co.in

Opt Out
1P_JAR, NID, DV

google.com

Opt Out
NID

olark.com

Opt Out
hblid

rb2b.com

Opt Out
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

Cookies Used

SID, APISID, HSID, NID, PREF

google.com

Opt Out
SID, APISID, HSID, NID, PREF