WMI: wmic linux agent query error: NTSTATUS: NT_STATUS_ACCESS_DENIED

Question

Myself new to wmic and keep trying for a long time with default agent query approach.

wmic is linux based WMI tool to talk to windows WMI agent. While trying to fetch data with wmic from nt(win7 with WMI service running), it's showing access denied in all the cases.

The question is what could be the possible reason, is it Firewall ports, WMI group, file or user permission or something else ? Any kind of hints will be very much helpful.

[root@rhel6 wmic]# wmic -U nt-login-name% //nt-primary-ip "select caption, name, parentprocessid, processid from win32_process"

[librpc/rpc/dcerpc_util.c:1290:dcerpc_pipe_auth_recv()] Failed to bind to uuid 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57 - NT_STATUS_NET_WRITE_FAULT
[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c0000022) in dcerpc_pipe_connect_b_recv
[wmi/wmic.c:196:main()] ERROR: Login to remote object.

NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied

score 1 · Answer 1 · edited Aug 08 '14 at 09:33

1

Did you use your full credentials with the -U switch and appending the password with a %?

wmic -U [domain/]adminuser%password//host "select caption, name, parentprocessid, processid from win32_process""

A query that works for me is this one:

wmic -U NTDOMAIN/administrator%password //192.168.0.73 "select username from Win32_Computersystem"

edited Aug 08 '14 at 09:33

HBruijn

84,206
24
145
224

answered Aug 08 '14 at 06:21

user236693

11

score 1 · Answer 2 · answered Aug 11 '15 at 13:10

I just spent hours debugging the same problem and found the security setting Network security: LAN Manager authentication level to be the crux of the problem, which, on the problematic server was set to Send NTLMv2 response only\refuse LM & NTLM. Changing this to Send LM & NTLM - use NTLMv2 session security if negotiated fixes the problem and allows wmic to connect.

score 0 · Answer 3 · answered Oct 24 '17 at 15:17

I didn't have the reputation to comment yet but after running into this myself, I found the problem was indeed that the linux WMIC agent was sending LM authentication requests instead of the GPO-required NTLMv2 as Adrian Frühwirth mentions. Instead of making the security policy less restrictive, I took the approach of adding the following to the WMIC command line:

--option="client ntlmv2 auth"=Yes.

This resolved the issue for me and didn't force the server to accept the less-secure auth exchanges supported by LM.

Potentially Helpful Reference: https://support.nagios.com/forum/viewtopic.php?t=5029&p=22405

WMI: wmic linux agent query error: NTSTATUS: NT_STATUS_ACCESS_DENIED

3 Answers3

Linked