Hello,
We're using free version of Lansweeper (190 computers) and Thank You very much for this software, it's grteat!
On 60 computers everything is OK, the rest is in red in lansweeper console and "RPC Server unavailable" is reported. Firewall on workstations and servers is turned off completly. WMI is working according to http://www.lansweeper.com/kb/accessdenied.aspx. Lansweeper server is installed on Windows 2003 std 32bit. I can telent to client on port 135. DNS resolutions are OK. Worstations are scaned with logon script.
Do I need to wait some time, before rescan take place ?
Will computers be rescaned after I use "permanently delete selected computers" ?
How can I fix this problem ?
At http://127.0.0.1:9524/ I see some computers in queue, in process and threads running, what does it tell me ?
Little update:
on some workstations I got error after wmi check. Could this be the reason ?
53074 09:07:40 (0) ** Environment: ........................................................................................................ OK..
53075 09:07:40 (0) ** System drive: ....................................................................................................... C: (Dysk #0 partycja #0).
53076 09:07:40 (0) ** Drive type: ......................................................................................................... IDE (SAMSUNG SP0612N).
53077 09:07:40 (0) ** There are no missing WMI system files: .............................................................................. OK.
53078 09:07:40 (0) ** There are no missing WMI repository files: .......................................................................... OK.
53079 09:07:40 (0) ** WMI repository state: ............................................................................................... N/A.
53080 09:07:40 (0) ** BEFORE running WMIDiag:
53081 09:07:40 (0) ** The WMI repository has a size of: ................................................................................... 14 MB.
53082 09:07:40 (0) ** - Disk free space on 'C:': .......................................................................................... 7281 MB.
53083 09:07:40 (0) ** - INDEX.BTR, 1990656 bytes, 2010-04-12 07:09:31
53084 09:07:40 (0) ** - INDEX.MAP, 1048 bytes, 2010-04-12 07:09:31
53085 09:07:40 (0) ** - OBJECTS.DATA, 12181504 bytes, 2010-04-12 07:09:31
53086 09:07:40 (0) ** - OBJECTS.MAP, 6056 bytes, 2010-04-12 07:09:31
53087 09:07:40 (0) ** AFTER running WMIDiag:
53088 09:07:40 (0) ** The WMI repository has a size of: ................................................................................... 14 MB.
53089 09:07:40 (0) ** - Disk free space on 'C:': .......................................................................................... 7265 MB.
53090 09:07:40 (0) ** - INDEX.BTR, 1990656 bytes, 2010-04-12 07:09:31
53091 09:07:40 (0) ** - INDEX.MAP, 1048 bytes, 2010-04-12 07:09:31
53092 09:07:40 (0) ** - OBJECTS.DATA, 12181504 bytes, 2010-04-12 07:09:31
53093 09:07:40 (0) ** - OBJECTS.MAP, 6056 bytes, 2010-04-12 07:09:31
53094 09:07:40 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
53095 09:07:40 (0) ** Windows Firewall: ................................................................................................... NOT INSTALLED.
53096 09:07:40 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
53097 09:07:40 (0) ** DCOM Status: ........................................................................................................ OK.
53098 09:07:40 (0) ** WMI registry setup: ................................................................................................. OK.
53099 09:07:40 (0) ** WMI Service has no dependents: ...................................................................................... OK.
53100 09:07:40 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
53101 09:07:40 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
53102 09:07:40 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
53103 09:07:40 (0) ** WMI service DCOM setup: ............................................................................................. OK.
53104 09:07:40 (0) ** WMI components DCOM registrations: .................................................................................. OK.
53105 09:07:40 (0) ** WMI ProgID registrations: ........................................................................................... OK.
53106 09:07:40 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
53107 09:07:40 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
53108 09:07:40 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
53109 09:07:40 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
53110 09:07:40 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
53111 09:07:40 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment' (Launch & Activation Permissions): ........................... MODIFIED.
53112 09:07:40 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
53113 09:07:40 (0) ** - REMOVED ACE:
53114 09:07:40 (0) ** ACEType: &h0
53115 09:07:40 (0) ** ACCESS_ALLOWED_ACE_TYPE
53116 09:07:40 (0) ** ACEFlags: &h0
53117 09:07:40 (0) ** ACEMask: &h1
53118 09:07:40 (0) ** DCOM_RIGHT_EXECUTE
53119 09:07:40 (0) **
53120 09:07:40 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
53121 09:07:40 (0) ** Removing default security will cause some operations to fail!
53122 09:07:40 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
53123 09:07:40 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
53124 09:07:40 (0) **
53125 09:07:40 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment' (Launch & Activation Permissions): ........................... MODIFIED.
53126 09:07:40 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED!
53127 09:07:40 (0) ** - REMOVED ACE:
53128 09:07:40 (0) ** ACEType: &h0
53129 09:07:40 (0) ** ACCESS_ALLOWED_ACE_TYPE
53130 09:07:40 (0) ** ACEFlags: &h0
53131 09:07:40 (0) ** ACEMask: &h1
53132 09:07:40 (0) ** DCOM_RIGHT_EXECUTE
53133 09:07:40 (0) **
53134 09:07:40 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
53135 09:07:40 (0) ** Removing default security will cause some operations to fail!
53136 09:07:40 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
53137 09:07:40 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
53138 09:07:40 (0) **
53139 09:07:40 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment' (Launch & Activation Permissions): ........................... MODIFIED.
53140 09:07:40 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED!
53141 09:07:40 (0) ** - REMOVED ACE:
53142 09:07:40 (0) ** ACEType: &h0
53143 09:07:40 (0) ** ACCESS_ALLOWED_ACE_TYPE
53144 09:07:40 (0) ** ACEFlags: &h0
53145 09:07:40 (0) ** ACEMask: &h1
53146 09:07:40 (0) ** DCOM_RIGHT_EXECUTE
53147 09:07:40 (0) **
53148 09:07:40 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
53149 09:07:40 (0) ** Removing default security will cause some operations to fail!
53150 09:07:40 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
53151 09:07:40 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
53152 09:07:40 (0) **
53153 09:07:40 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': ..................................................................... MODIFIED.
53154 09:07:40 (1) !! ERROR: Actual trustee 'NT AUTHORITY\NETWORK SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default)
53155 09:07:40 (0) ** - ACTUAL ACE:
53156 09:07:40 (0) ** ACEType: &h0
53157 09:07:40 (0) ** ACCESS_ALLOWED_ACE_TYPE
53158 09:07:40 (0) ** ACEFlags: &h2
53159 09:07:40 (0) ** CONTAINER_INHERIT_ACE
53160 09:07:40 (0) ** ACEMask: &h1
53161 09:07:40 (0) ** WBEM_ENABLE
53162 09:07:40 (0) ** - EXPECTED ACE:
53163 09:07:40 (0) ** ACEType: &h0
53164 09:07:40 (0) ** ACCESS_ALLOWED_ACE_TYPE
53165 09:07:40 (0) ** ACEFlags: &h12
53166 09:07:40 (0) ** CONTAINER_INHERIT_ACE
53167 09:07:40 (0) ** INHERITED_ACE
53168 09:07:40 (0) ** ACEMask: &h13
53169 09:07:40 (0) ** WBEM_ENABLE
53170 09:07:40 (0) ** WBEM_METHOD_EXECUTE
53171 09:07:40 (0) ** WBEM_WRITE_PROVIDER
53172 09:07:40 (0) **
53173 09:07:40 (0) ** => The actual ACE has the right(s) '&h12 WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
53174 09:07:40 (0) ** This will cause some operations to fail!
53175 09:07:40 (0) ** It is possible to fix this issue by editing the security descriptor and adding the removed right.
53176 09:07:40 (0) ** For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
53177 09:07:40 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace.
53178 09:07:40 (0) ** The security diagnostic is based on the WMI namespace expected defaults.
53179 09:07:40 (0) ** A specific WMI application can always require a security setup different
53180 09:07:40 (0) ** than the WMI security defaults.
53181 09:07:40 (0) **
53182 09:07:40 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': ..................................................................... MODIFIED.
53183 09:07:40 (1) !! ERROR: Actual trustee 'NT AUTHORITY\LOCAL SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default)
53184 09:07:40 (0) ** - ACTUAL ACE:
53185 09:07:40 (0) ** ACEType: &h0
53186 09:07:40 (0) ** ACCESS_ALLOWED_ACE_TYPE
53187 09:07:40 (0) ** ACEFlags: &h2
53188 09:07:40 (0) ** CONTAINER_INHERIT_ACE
53189 09:07:40 (0) ** ACEMask: &h1
53190 09:07:40 (0) ** WBEM_ENABLE
53191 09:07:40 (0) ** - EXPECTED ACE:
53192 09:07:40 (0) ** ACEType: &h0
53193 09:07:40 (0) ** ACCESS_ALLOWED_ACE_TYPE
53194 09:07:40 (0) ** ACEFlags: &h12
53195 09:07:40 (0) ** CONTAINER_INHERIT_ACE
53196 09:07:40 (0) ** INHERITED_ACE
53197 09:07:40 (0) ** ACEMask: &h13
53198 09:07:40 (0) ** WBEM_ENABLE
53199 09:07:40 (0) ** WBEM_METHOD_EXECUTE
53200 09:07:40 (0) ** WBEM_WRITE_PROVIDER
53201 09:07:40 (0) **
53202 09:07:40 (0) ** => The actual ACE has the right(s) '&h12 WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
53203 09:07:40 (0) ** This will cause some operations to fail!
53204 09:07:40 (0) ** It is possible to fix this issue by editing the security descriptor and adding the removed right.
53205 09:07:40 (0) ** For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
53206 09:07:40 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace.
53207 09:07:40 (0) ** The security diagnostic is based on the WMI namespace expected defaults.
53208 09:07:40 (0) ** A specific WMI application can always require a security setup different
53209 09:07:40 (0) ** than the WMI security defaults.
53210 09:07:40 (0) **
53211 09:07:40 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': ..................................................................... MODIFIED.
53212 09:07:40 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED!
53213 09:07:40 (0) ** - REMOVED ACE:
53214 09:07:40 (0) ** ACEType: &h0
53215 09:07:40 (0) ** ACCESS_ALLOWED_ACE_TYPE
53216 09:07:40 (0) ** ACEFlags: &h12
53217 09:07:40 (0) ** CONTAINER_INHERIT_ACE
53218 09:07:40 (0) ** INHERITED_ACE
53219 09:07:40 (0) ** ACEMask: &h13
53220 09:07:40 (0) ** WBEM_ENABLE
53221 09:07:40 (0) ** WBEM_METHOD_EXECUTE
53222 09:07:40 (0) ** WBEM_WRITE_PROVIDER
53223 09:07:40 (0) **
53224 09:07:40 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
53225 09:07:40 (0) ** Removing default security will cause some operations to fail!
53226 09:07:40 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
53227 09:07:40 (0) ** For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
53228 09:07:40 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace.
53229 09:07:40 (0) ** The security diagnostic is based on the WMI namespace expected defaults.
53230 09:07:40 (0) ** A specific WMI application can always require a security setup different
53231 09:07:40 (0) ** than the WMI security defaults.
53232 09:07:40 (0) **
53233 09:07:40 (0) **
53234 09:07:40 (0) ** DCOM security warning(s) detected: .................................................................................. 0.
53235 09:07:40 (0) ** DCOM security error(s) detected: .................................................................................... 3.
53236 09:07:40 (0) ** WMI security warning(s) detected: ................................................................................... 0.
53237 09:07:40 (0) ** WMI security error(s) detected: ..................................................................................... 3.
53238 09:07:40 (0) **
53239 09:07:40 (1) !! ERROR: Overall DCOM security status: ................................................................................ ERROR!
53240 09:07:40 (1) !! ERROR: Overall WMI security status: ................................................................................. ERROR!
53241 09:07:40 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
53242 09:07:40 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 2.
53243 09:07:40 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer".
53244 09:07:40 (0) ** 'select * from MSFT_SCMEventLogEvent'
53245 09:07:40 (0) ** - ROOT/SUBSCRIPTION, MSFT_UCScenarioControl.Name="Microsoft WMI Updating Consumer Scenario Control".
53246 09:07:40 (0) ** 'SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario''
53247 09:07:40 (0) **
53248 09:07:40 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
53249 09:07:40 (0) ** INFO: WMI ADAP status: .............................................................................................. 2.
53250 09:07:40 (0) ** => The WMI ADAP process is processing a performance library (2).
53251 09:07:40 (0) ** Some WMI performance classes could be missing at the time WMIDiag was executed.
53252 09:07:40 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: .................................................................... 1 NAMESPACE(S)!
53253 09:07:40 (0) ** - ROOT/SERVICEMODEL.
53254 09:07:40 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to
53255 09:07:40 (0) ** use an encrypted connection by specifying the PACKET PRIVACY authentication level.
53256 09:07:40 (0) ** (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags)
53257 09:07:40 (0) ** i.e. 'WMIC.EXE /NODE:"ABROD" /AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class __SystemSecurity'
53258 09:07:40 (0) **
53259 09:07:40 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK.
53260 09:07:40 (0) ** WMI CONNECTIONS: .................................................................................................... OK.
53261 09:07:40 (0) ** WMI GET operations: ................................................................................................. OK.
53262 09:07:40 (0) ** WMI MOF representations: ............................................................................................ OK.
53263 09:07:40 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
53264 09:07:40 (0) ** WMI ENUMERATION operations: ......................................................................................... OK.
53265 09:07:40 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
53266 09:07:40 (0) ** WMI GET VALUE operations: ........................................................................................... OK.
53267 09:07:40 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
53268 09:07:40 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
53269 09:07:40 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
53270 09:07:40 (0) ** WMI static instances retrieved: ..................................................................................... 1462.
53271 09:07:40 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
53272 09:07:40 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 0.
53273 09:07:40 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
53274 09:07:40 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
53275 09:07:40 (0) ** DCOM: ............................................................................................................. 9562.
53276 09:07:40 (0) ** WINMGMT: .......................................................................................................... 0.
53277 09:07:40 (0) ** WMIADAPTER: ....................................................................................................... 0.
53278 09:07:40 (0) ** => Verify the WMIDiag LOG at line #23967 for more details.
53279 09:07:40 (0) **
53280 09:07:40 (0) ** # of additional Event Log events AFTER WMIDiag execution:
53281 09:07:40 (0) ** DCOM: ............................................................................................................. 28.
53282 09:07:40 (0) ** WINMGMT: .......................................................................................................... 0.
53283 09:07:40 (0) ** WMIADAPTER: ....................................................................................................... 0.
53284 09:07:40 (2) !! WARNING: => Verify the WMIDiag LOG at line #52662 for more details.
53285 09:07:40 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
53286 09:07:40 (0) ** WMI Registry key setup: ............................................................................................. OK.
53287 09:07:40 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
53288 09:07:40 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
53289 09:07:40 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
53290 09:07:40 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
53291 09:07:40 (0) **
53292 09:07:40 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
53293 09:07:40 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
53294 09:07:40 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
53295 09:07:40 (0) **