WMI Error: Login to remote object
Generally, we receive this error when we run the WMI Configuration Wizard.
As part of our Server Management Services, we assist our customers with several Nagios queries.
Today, let us see how we can resolve the WMI error, Login to remote object.
WMI Error: Login to remote object
WMI can provide management data and operational information about Windows systems.
Nagios Core and Nagios XI are capable of monitoring Windows machines via WMI.
When we run the WMI Configuration Wizard, we receive the error:
UNKNOWN – The WMI query had problems. The error text from wmic is: [wmi/wmic.c:196:main()] ERROR: Login to remote object. NTSTATUS: NT code 0x800706ba – NT code 0x800706ba
It is possible that the Windows Firewall is not allowing the traffic through. This can be the cause of the error.
How to solve the error?
In Windows Firewall, under Allowed Programs, we ensure WMI is enabled.
Windows Server 2008/2012/2016 Firewall Rules
To check firewall settings, we select Start and search firewall and open Windows Firewall with Advanced Security.
In Server 2012/2016, we can find it at Server Manager > Tools > Windows Firewall with Advanced Security.
Here, in the left-hand pane, we click Inbound Rules. In the right-hand pane, we click Filter by Group and then select WMI.
Then we will see the available firewall rules. We ensure to enable the DCOM-In and WMI-In rules.
If the WMI rule group does not exist, Microsoft suggests the below method.
In the command prompt we enter:
netsh advfirewall firewall add rule dir=in name=”DCOM” program=%systemroot %\system32\svchost.exe service=rpcss action=allow protocol=TCP localport=135 netsh advfirewall firewall add rule dir=in name =”WMI” program=%systemroot %\system32\svchost.exe service=winmgmt action = allow protocol=TCP localport=any netsh advfirewall firewall add rule dir=in name =”UnsecApp” program=%systemroot %\system32\wbem\unsecapp.exe action=allow netsh advfirewall firewall add rule dir=out name =”WMI_OUT” program=%systemroot %\system32\svchost.exe service=winmgmt action=allow protocol=TCP localport=anyWindows Server 2003 Firewall Rules
By default, DCOM communicates with the client on a random port, so in order to write firewall rules, we can specify a port range.
- To do so, we click Start, choose Run, type DCOMCnfg.exe, and click OK.
- Then we expand Component Services > Computers > right-click My Computer > Properties.
- In the Default Protocols tab > Properties > Add.
- We add a port range for COM services. For example, a range from 5000-5020.
- Once done, we click OK.
Eventually, we allow the port range through the windows firewall.
- The below command will open ports from 5000-5020 to match the COM Internet Services Range.
- Lastly, we open DCOM port 135.
- Then in the command prompt, we type:
netsh firewall add portopening TCP 135 “DCOM”[Need help with the procedures? We’d be happy to assist]
Conclusion
In short, we saw how our Support Techs fix the WMI error for our customers.
