0

I'm getting a weird access denied error for WMI on one of our servers that I can't understand. It appears to fail from any PC/Server that's attached to our domain, yet if I try it from my laptop that isn't part of the domain, it works!

I've checked all permissions in DCOM and WMI and all look correct. All required services appear to be running and all rules appear correct in the firewall. I've matched them all up with one of our other server that works and they're identical.

So if I try the command below from any PC ON the domain:

WMIC /node:10.0.2.2 /user: /password: computersystem get totalphysicalmemory

I get:

Node - 10.0.2.2 ERROR: Description = Access is denied.

If I try the exact same command from my laptop that isn't on the domain it works:

TotalPhysicalMemory 137302757376

If I try this command to any other server, from any other server/PC then it also works. It's just the above combination that fails!

The system clocks are identical between the server/PCs I've tried (to within a couple of seconds).

Anyone any idea what else I can try? I can only think of leaving the domain and re-joining it for this server.

miroslav22
  • 1
  • 4
  • Can you provide an example of how you specify your username with the specific command? Specifically, domain specification. – JG7 Sep 28 '22 at 19:14
  • Hi, sure: WMIC /node:10.0.2.2 /user:backups.admin@local.domain.com – miroslav22 Sep 28 '22 at 19:27
  • To me, the error tells us that your connection is reaching, so not a firewall or service issue. So, I would try a couple things: 1. First and foremost: take a look at the server's event logs and see if it gives you more insights. 2. Try dropping the specification of the domain name in the user field--see if there is some unexpected behavior. – JG7 Sep 28 '22 at 20:03
  • I would definitely look at firewall rules. – Greg Askew Sep 28 '22 at 20:26
  • Thanks for the help, 99% sure it's not firewall related as it works okay from my laptop. I've also turned the firewall off completely temporarily and it still failed. I'll try again tomorrow, check the event logs and report back – miroslav22 Sep 28 '22 at 20:29

1 Answers1

0

Turns out this was an issue with Windows Updates not being consistent across the servers. The server I was connecting to was up to date, but the 2 or 3 I was trying the connection from were not.

Something to do with a security change in DCOM that's now mandatory.

miroslav22
  • 1
  • 4