Server Management - Systems Insight Manager
cancel
Showing results for 
Search instead for 
Did you mean: 

WBEM unprivileged users on Windows targets

 
Olivier Masse
Honored Contributor

WBEM unprivileged users on Windows targets

The windows admin here started deoplying PSP 8.30 on new Windows servers and it seems that WBEM is now the default management protocol instead of SNMP. Instead of reinstalling everything with SNMP I gave it a shot using WBEM.

Of course, it doesn't work. The server is tagged in SIM 5.3 as "unknown" and running an identify doesn't do much.

There is no way I'm putting an account with admin rights in the WBEM protocol setttings.

I followed the docs which ask to make a service account, put it in the Distributed COM users group, then run "configure or repair" agents to enable this service account in WMI. It still does not work.

Are there any tools to locally test a user on a target Windows server to be sure that it is set up correctly?

Thanks
5 REPLIES
NJK-Work
Honored Contributor

Re: WBEM unprivileged users on Windows targets

I know this is not answering your question directly, but you don't HAVE to use WBEM. You can still use SNMP. When the WBEM agents first came out, I jumped on board with them right away only to realize shortly thereafter that they are severly lacking. Problems with SMH, problems with clustering monitoring, more FW ports to open up, etc.

So I gave up on them and just use SNMP again - I don't even install that agent anymore. In my opinion (in it's current state) it is worthless.

In theory, when the WBEM agent installs, it is supposed to prompt you for an account to use. I believe that account can be a non-admin account, and then the installer gives it just the rights it needs (but I am not possitive on that). Then later, you use that same account to add the server to SIM when specifying the WBEM credentials. Someone let me know if I am wrong about this...

Hope this helps.
Nelson
Olivier Masse
Honored Contributor

Re: WBEM unprivileged users on Windows targets

Nelson, this sure confirms what I think too. :)
Rob Buxton
Honored Contributor

Re: WBEM unprivileged users on Windows targets

I don't disagree with the above, but it does seem as though WBEM is the way things are going.
So it is probably worth investing some time into getting it to work.
Plus if, like us, you're starting to use ESXi then there's no alternative.
There are certainly more steps with WBEM as you need to get the authentication right as well as subscribe to the events. Not sure if that's something that can be rolled out to a large number of servers easily.
There are some tools you can use, I found some tools taht used python and pywbem. I'm not a programmer but it didn't take me too long to at least verify some connectivity with our ESXi servers. Google pywbem and you'll get some good info.
More wbem aware tools are surfacing.
Olivier Masse
Honored Contributor

Re: WBEM unprivileged users on Windows targets

Thanks for the tip on pywbem, I'll look into that.

At first glance, I'm not able to authenticate with a non-admin user even when following the documentation. Error reporting from SIM is null.

I don't have the energy to cut my teeth with WBEM integration on the Windows platform. I'll ask the Windows admin to switch back to SNMP and wait one more year.

Thanks for all your help
PNair
Frequent Advisor

Re: WBEM unprivileged users on Windows targets

You can use COnfigure->Configure Or Repair Agents tool to configure a non-admin user for WBEM access.