I just recently installed the Open-Audit system, worked out a few bugs thanks to some other posts here, and now i've got a few bugs of my own.
When auditing some computers on our network with the domain script, the wbem/logs logfile 'wmiprov.log' returns numerous:
WDM call returned error: 4200
Impersonation failed - Access denied
This is bullshit though 'cause our script works and outputs information from over 100 of our computers but for a small handful it fails. When specifically choosing one of these computers to audit, the audit.bat returns this error:
No username and password provided - therefore assuming local domain PC.
C:\audit\local script\audit.vbs(158, 7) (null): 0x80041003
then it terminates.
I searched all over for this error code and found it and ones like it in numerous areas:
I found this one regarding granting DCOM remote launch and activation permissions.
http://msdn2.microsoft.com/en-us/library/aa393266.aspx
Also this one regarding the 4200 error:
http://msdn2.microsoft.com/en-us/library/ms681387.aspx
That one states that the GUID being passed is not recognized as valid by a WMI data provider. This ones a bit beyond me 'cause i don't know which GUID it's talking about, there are dozens.
Then i started reading this one and opted to just run the diag tool listed at the very top for WMI thinking I had a serious problem with a corrupted WMI installation.
http://www.microsoft.com/technet/script ... mspx#E2EAC
That returned only one error "# of machines w/ WMI enumeration errors (E) 1 100.00%" BUT, and here's a tricky part... this tool pops up dialog boxes telling me that WMI is working perfectly when the script has completed running.
I've tried most of the tricks like starting and stopping winmgmts and granting additional dcom security rights, turning off/on the windows firewall, to no avail. I did read an interesting area on impersonation where i think the problem actually lies because of the 'access denied' types of error message i'm getting.
http://msdn2.microsoft.com/en-us/library/aa389763.aspx
I don't know enough VB to figure out how to fix it, but I believe the server i run the script from is not doing this impersonation properly on the remote PC. (But again it works on 95% of my organization, just not this random handful)
Other bits of info:
All windows XP systems.
We are but one small OU of a much larger domain.
I log into the server as my domain admin account and run the domain script so that it extracts the LDAP data properly. The script then audits all computers and ignores some with these WMI errors.
All computers have the same local administrator username and password. The administrator username and password is inserted into audit.config as:
[code]strUser = "strComputer\AdministratorUsernameHere"
strPass = "MyLocalAdminPasswordHere"[/code]
Changing this to:
[code]strUser = "MyDomain\DomainAdminUsernameHere"
strPass = "MyDomainAdminPWHere"[/code]
doesn't work either. In fact that one doesn't work at all on any computers even thogh 'Domain Admins' are part of the administrators group, and i am a part of that group.
Then it gets a bit crazy:
I can log on to the same server as the same local administrator username and password as all the other computers in the organization and run the local script again (forcing it to run on a computer of my choosing only by entering the computer name), and it will audit it perfectly.
My theory: Impersonation is failing on some computers. I need to be logged in as a domain admin to force the domain script to work so I can get current LDAP information. I can't run the domain script as a local admin obviously so I can't get LDAP information, but i need to manually force the script on a handful of machines this way. When i'm logged in as a domain admin, and impersonation fails, why?
Help. Why is the WMI failing on some but not others? There is no rhyme or reason as to which ones fail and which do not. No consistency; i've got laptops, desktops that are old, and desktops that are new. Various OS installation methods from RIS server to CD's.
Thanks in advance.