cant connect to remote machine using WMI and Perl

Question

I'm trying to write a script that will get event log information off of a remote windows machine using the win32::ole module and a WMI query. I can ping the machine but no matter what my WMI connection always fails using the ConnectServer() method. I'm pretty sure its not a firewall related problem. Here is my code:

use Win32::OLE qw(in);
use Net::Ping;

use constant wbemFlagReturnImmediately => 0x10;
use constant wbemFlagForwardOnly => 0x20;

my $computer = "10.10.10.15";

my $user = "Administrator";
my $pwd = "pass";


$p = Net::Ping->new();
print "$computer is alive.\n" if $p->ping($host);
$p->close();

  my $locatorObj =Win32::OLE->new("WbemScripting.SWbemLocator") or die "ERROR CREATING OBJ";

  $locatorObj->{Security_}->{impersonationlevel} = 3;

  my $objWMIService = $locatorObj->ConnectServer($computer, "root\civm2", $user, $pwd) or die "WMI connection failed.\n";

  my $colItems = $objWMIService->ExecQuery("SELECT * FROM Win32_NTLogEvent", "WQL",
              wbemFlagReturnImmediately | wbemFlagForwardOnly);

   foreach my $objItem (in $colItems) {
      print "Category: $objItem->{Category}\n";
      print "CategoryString: $objItem->{CategoryString}\n";
      print "ComputerName: $objItem->{ComputerName}\n";
      print "Data: " . join(",", (in $objItem->{Data})) . "\n";
      print "EventCode: $objItem->{EventCode}\n";
      print "EventIdentifier: $objItem->{EventIdentifier}\n";
      print "EventType: $objItem->{EventType}\n";
      print "InsertionStrings: " . join(",", (in $objItem->{InsertionStrings})) . "\n";
      print "Logfile: $objItem->{Logfile}\n";
      print "Message: $objItem->{Message}\n";
      print "RecordNumber: $objItem->{RecordNumber}\n";
      print "SourceName: $objItem->{SourceName}\n";
      print "TimeGenerated: $objItem->{TimeGenerated}\n";
      print "TimeWritten: $objItem->{TimeWritten}\n";
      print "Type: $objItem->{Type}\n";
      print "User: $objItem->{User}\n";
      print "\n";
   }

Any ideas why my attempt to connect always fails? Thanks :)

Mark Wilkins · Accepted Answer · 2010-12-22T18:31:55.557

2

The ConnectServer call has a couple of potential issues:

I believe it needs two back slashes.
And It has a typo: civm2 -> cimv2

And it might reveal more information by adding a call to retrieve the error information:

my $objWMIService = $locatorObj->ConnectServer($computer, "root\\cimv2", $user, $pwd)
        or die "WMI connection failed.\n", Win32::OLE->LastError;

edited Dec 22 '10 at 18:31

answered Dec 22 '10 at 17:58

Mark Wilkins

40,729
5
57
110

ahh good catch on civm2->cimv2. I tried making these changes but its still a no go. I wonder how long I've been trying this with cimv2 spelled wrong...This is my first try at WMI script to run on a remote machine. Does it look as though I'm even on the right track? – MilqueToasted Dec 22 '10 at 18:09
I made those two changes and was able to make it work when running against my own PC. I just tried it against another machine on the network, and it failed. But in that case, I am suspecting firewall issues, so I did not investigate further. You might need to include a domain name with the user name: `my $user = "somedomain\\username";` – Mark Wilkins Dec 22 '10 at 18:13
I'm pretty sure my issue isn't firewall related because I've tried running it against a machine with no firewall...I was curious about whether or not it mattered if the machines were in a workgroup vs a domain. Guess I'll just keep playing around with it. – MilqueToasted Dec 22 '10 at 18:38
I added a call to get the LastError in the example. That might help reveal what the problem is. Good luck. – Mark Wilkins Dec 22 '10 at 18:40
Nice! I was going to ask if there was a way to get some more detailed errors...apparently it thinks RPC isn't running on the target machine: "RPC Server Unavailable". I checked and its running. Firewall is still down too... – MilqueToasted Dec 22 '10 at 19:11
even though both symantec and windows firewalls were disable typing "netsh firewall set service RemoteAdmin enable" into the command prompt worked. Follow the link for more information. And thanks to Mark Wilkins :) http://msdn.microsoft.com/en-us/library/aa389286%28v=vs.85%29.aspx – MilqueToasted Dec 22 '10 at 19:44
Disabling Windows firewall might actually bring it full up, only letting in WMI and RDP, and blocking RPC (i.e., folder and registry shares). I've seen this dozens of times. Might be due to default policy. – Lizz Sep 04 '12 at 21:24

cant connect to remote machine using WMI and Perl

1 Answers1