resolving maps’ wmi error messages - assetlabs
TRANSCRIPT
Resolving MAPS’ WMI Error Messages
The 100th anniversary of Canada’ Census bureau (‘Statistics Canada’) was celebrated with a stamp in 1971 featuring ‘hi-tech’ data elements - ticker tape and tape reels - to create the ‘100’ and to celebrate the modernization of data analysis. Despite the ‘automation’, the actual country-wide data collection was completed by hand (legally required for all Canadian households) for the next 40 years 2011. Why? In rural areas, questionnaires were personally dropped off and picked up. In remote northern regions, the census was done via face-to-face interviews for aboriginals who did not read nor speak English or French. History repeats itself with collecting device inventory across a corporation; the difficulty is in collecting the data across remote areas where communication is difficult. Analysis is the easy part.
About WMI WMI (Windows Management Instrumentation) is a management framework found in all Windows based devices which allows for administratorbased remote management and data collection. This interface was first introduced in Windows XP. WMI is agentless, many commercial products use WMI, including Dell Kace, Spiceworks, Lansweeper and of course Microsoft Map. In almost all cases, WMI errors are a result of:
1) lack of proper credentials to the targeted device 2) Firewall in the way 3) corrupted WMI on the target device 4) The machine being absent or turned off
Each of the 5 significant ‘FAILED’ message types have a flowchart that suggests processes and resources to increase inventory fidelity.
About WMI Retrieving the WMI Error Messages ERROR MESSAGES and RESPONSES Failed Machine not found Failed Connection Timed out Failed RPC Server Unavailable Failed Access Denied FAILED Other Reasons RESOURCES and FIXES Review Group Policy/Firewall Throttling MAP’s bandwidth Test WMI of a device
Resolving MAPS’ WMI Error Messages. June 06, 2015 © 2015 AssetLabs, Inc. All rights reserved
www.AssetLabs.com
Retrieving the WMI Error Messages AssetLabs’ clients can use the ECHO utility to review WMI Error messages by clicking on the big red box for each of Server and Desktop devices (Server example seen below)
Users of MAP (9.x) can generate an Error report XLS file from the Inventory Results box, though there is no filtering on device type nor AD age.
Resolving MAPS’ WMI Error Messages. June 06, 2015 © 2015 AssetLabs, Inc. All rights reserved
www.AssetLabs.com
Failed - Machine not found This is not typically a WMI issue, but a network issue.There are three scenarios:
1) Your ActiveDirectory (AD) contains old entries of devices MAP collects a list of device names from your Active Directory. If you do not actively manage your AD, then you likely have old device entries of devices that have been reimaged or retired. The AssetLabs ‘Echo’ utility limits devices to having an AD ‘update age’ of 45 days or less, so any ‘Machine Not Found’ devices may have been recently retired or reimaged. 2) Your Device is not on the Network at time of MAP inventory. If the device is a laptop or a desktop; it’s likely off or offsite at the time you ran the inventory. Rerun MAP at a later date and MAP will attempt to inventory only the devices that it missed previously. 3) Your device *is* there, but the DNS server timedout If the device is a server that is typically running 24/7, you might have experienced a network ‘timeout’ or a failed connection. Since collecting server inventory is more important than desktop, we suggest running a WBEMTEST for that server and/or modifying MAP configuration to lower its network bandwidth.
Resolving MAPS’ WMI Error Messages. June 06, 2015 © 2015 AssetLabs, Inc. All rights reserved
www.AssetLabs.com
Failed - Connection Timed out This is typically not a WMI issue, but a network issue. In this scenario, the device was successfully found, and MAP attempted to open port 135 ( in order to invoke the WMI inventory command), but the the device took too long to respond. If you are receiving this error message from a significant number of devices, throttle down MAP’s connection count If you are receiving this error message from a few devices, those devices may require 1) another inventory attempt at a later date, 2) a reboot or 3) WMI regeneration WMI Regeneration Before attempting to regenerate a devices WMI, confirm its WMI viability using WBEMTEST If the device can not be accessed via WBEMTEST, then the WMI layer may be corrupt. This can be fixed by rebooting the device or running the script to regenerate the WMI later. If the devices *does* respond to WBEMTEST, then throttle MAP down by modifying MAP’s configuration file
Resolving MAPS’ WMI Error Messages. June 06, 2015 © 2015 AssetLabs, Inc. All rights reserved
www.AssetLabs.com
Failed - RPC Server Unavailable In order for a WMI inventory to happen, a devices’ RPC (Remote Procedure Call) must be running to get the port number for the WMI inventory call. If there’s no RPC, there’s no WMI The most common problem is that port 135 is blocked by either Windows Firewall or a 3rd party firewall
Resolving MAPS’ WMI Error Messages. June 06, 2015 © 2015 AssetLabs, Inc. All rights reserved
www.AssetLabs.com
Failed - Access Denied WMI is working well, but refuses to offer inventory because your admin rights are not sufficient to allow for ‘remote management’ for that device. If you receive MANY ‘Failed -Access denied’ messages, the issue is likely your currents rights. Suggestion 1 : Run as Admin When launching MAP, right click on the ICON and use ‘Run as Admin’
Suggestion 2: Don’t confuse MAPs AD Credentials with ALL Computers Credentials
AD Credentials Screen ( 3rd screen in) Used to simply gain ‘read-only’ access to your AD. Any user credential will work here, but this is not for WMI
ALL Computers Credentials ( 6th screen in) Used to assign ‘ADMIN’ rights when using a WMI call. AD Rights must be high enough to allow Remote Management
Resolving MAPS’ WMI Error Messages. June 06, 2015 © 2015 AssetLabs, Inc. All rights reserved
www.AssetLabs.com
Resolving MAPS’ WMI Error Messages. June 06, 2015 © 2015 AssetLabs, Inc. All rights reserved
www.AssetLabs.com
FAILED - Other Reasons
This is not a WMI error, but an error specific to MAP that involve a series of WMI failures (which is why it
doesn’t show up well on google searches). This is a catch-all where MAP tried 5 different ways of getting a
WMI response from a device, but failed.
If given a chance for a re-inventory, MAP will ‘shuffle’ the order of the WMI methods at attempt to
re-inventory the device (up to 4 different attempts) until MAP gives up and labels the device as FAILED.
There is no shared ‘root-cause’ reason for ‘Failed - Other Reasons’ other than being a WMI ‘non-response’
Assetlabs suggests the following:
1. Try the inventory again the next day. When MAP is used for a subsequent inventory, there’s a
smaller number of targeted devices involved and this may eliminate a ‘drop’ due to network traffic.
2. Run a WMI test on any of the ‘failed’ devices to see if the device will properly respond to a WMI
call.
3. Consider rebooting the device, or reviewing ‘process load’ on that device
Resolving MAPS’ WMI Error Messages. June 06, 2015 © 2015 AssetLabs, Inc. All rights reserved
www.AssetLabs.com
Review Group Policy/Firewall From your Group Policy editor open your Firewall Profile (Administrative Templates => Network=>Network Connections=>Windows Firewall) Double click on
Windows Firewall:
Allow remote
administration
exception. In the Windows Firewall: Allow remote
administration exception properties dialog box, on
the Settings tab, click Enabled or Disabled. Alternately, you can modify the device’s firewall setting from a NETSH command: netsh advfirewall firewall set rule group="remote administration" new enable=Yes Then for good measure ensure that WMI is also running: netsh advfirewall firewall set rule group="windows management instrumentation (WMI)" new enable=Yes
Resolving MAPS’ WMI Error Messages. June 06, 2015 © 2015 AssetLabs, Inc. All rights reserved
www.AssetLabs.com
Throttling MAP’s bandwidth It’s possible that MAP may be saturating your network and causing a data ‘pocket drop’ If you have taken measures to ensure that WMI is functioning properly, then you may want to modify MAP to lower its ‘bandwidth’ within your network. NOTE: Our experience here at AssetLabs suggest that, most networks can certainly handle MAPs network activity. Networks connected to remote branches via a WAN or a thin ‘DSL’ may benefit from this modification to slow MAP http://blogs.technet.com/b/mapblog/archive/2012/01/11/maptoolkitmaycausenetworksaturationormachinetoreboot.aspx
1. Shutdown MAP if it is running
2. Edit the %Program Files%\Microsoft Assessment and Planning Toolkit\bin\Microsoft.MapToolkit.exe.config
file and add the following lines into the “<appSettings>” section.
<add key="Microsoft.AssessmentPlatform.InventoryEngine.InventoryService.DefaultMaxThreadsX86" value="52" />
<add key="Microsoft.AssessmentPlatform.InventoryEngine.InventoryService.DefaultMaxThreads" value="52" />
<add key="Microsoft.AssessmentPlatform.InventoryEngine.InventoryService.DefaultMinThreads" value="3" />
<add key="Microsoft.AssessmentPlatform.InventoryEngine.InventoryService.MaxThreadsLowerBound" value="2" />
(These values in the first and second lines can be adjusted up or down as needed to maximize the performance while
maintaining system stability, but these values must be greater than 3.)
CAUTION: The first two lines will set the maximum number of machines to inventory at the same time. You can adjust
the maximum value up or down as needed to maximize the performance while maintaining system stability, but these values must be greater than 3. Changing these values may increase the inventory time.
The third line sets the minimum number of threads that MAP will use, changing this value is NOT recommended.
Resolving MAPS’ WMI Error Messages. June 06, 2015 © 2015 AssetLabs, Inc. All rights reserved
www.AssetLabs.com
Test WMI of a device
1. Microsoft WMI Diagnosis Utility Microsoft has a WMI diagnosis Utility ( a VBscript) that will help you ascertain the current state of the wmi service on a computer http://www.microsoft.com/en-us/download/details.aspx?id=7684
2. WBEMTEST WBEMTEST is an exe that is found on All Windows devices Microsoft has produced a youtube video that explains how to use WBEMTEST to probe a remote device and determine if WMI is operating properly https://www.youtube.com/watch?v=pqyhu2HtSmw 3. Rebuilding the WMI Repository Step 1: verify WMI ‘consistency’ from CMD, use winmgmt /verifyrepository to determine consistency. If ‘consistent’, then all is good. If ‘INCONSISTENT’, then run winmgmt /salvagerepository
If still ‘INCONSISTENT’, then run winmgmt /resetrepository NOTE: Microsoft has declared an potential issue for Windows Server 2012 where Cluster namespaces could re removed when attempting to resetrepository. Review: http://blogs.technet.com/b/askperf/archive/2014/08/08/wmi-repository-corruption-or-not.aspx for further details Lastly: Microsoft has noted that Anti-Virus scanning might be a root cause to recurring WMI corruption. If this is the case, Microsoft suggests exempting the WBEM folder ( and child folders) from AV scanning. Review: http://blogs.technet.com/b/askperf/archive/2014/08/08/wmi-repository-corruption-or-not.aspx for further details
Resolving MAPS’ WMI Error Messages. June 06, 2015 © 2015 AssetLabs, Inc. All rights reserved
www.AssetLabs.com
About AssetLabs AssetLabs is a license portfolio (SAM) & Audit preparedness solution, available through selected partners in North America and Europe.
As a web service, all licensing analysis is determined with the need to install a proprietary inventory agent. AssetLabs uses data from leading solutions such as Microsoft SCCM, MAP, Altiris Landesk and other leading solutions that offer device inventory.
AssetLabs helps corporations determine their Microsoft and Adobe license position in a matter of mere days, and assists in the installation and operation of tools - such as Microsoft MAP - in order to complete an audit.
AssetLabs is a participant in ISO-19770 efforts to standardize inventory, licensing and SAM activities. We encourage interested parties to visit www.19770.org - or contact your ISO National body - to learn more about SAM processes & protocols.
AssetLabs offers 3 different SAM solutions
Engage is 90 day service to determine your complete license position - including SQLServer - for Microsoft. ‘ELP’ reports from Engage are accepted by Microsoft’s SAM Engagement team.
Continuum is a 1 year SAM ‘concierge’ service that offers monthly reconciliation on your significant vendor licensing requirements. Licensing experts - your ‘SAM Wingman Team’ - maintain a constant vigil on your account, identifying licensing, & productivity and security risks
Streamline ( in both 90 & 365 day subscriptions) is your data normalization service, converting your raw software titles into ISO-19970 compliant ‘tags’ . Streamline data can be used for enhanced reporting in your ITIL ServiceDesk and Network Management solution, as
well as online reports for identifying security & productivity risks. StreamLine is included -at no extra charge - in Continuum.
Resolving MAPS’ WMI Error Messages. June 06, 2015 © 2015 AssetLabs, Inc. All rights reserved
www.AssetLabs.com