HPE Community
Server Management - Systems Insight Manager
1753822 Members
8874 Online
108805 Solutions
New Discussion

problems managing windows system with WBEM

 
SwisspostIT
Valued Contributor

‎04-16-2013 05:09 AM

‎04-16-2013 05:09 AM

problems managing windows system with WBEM

Hi everyone,

 

I'm trying to discover a Windows Server 2012 System with WBEM but it seems that I'm missing something.

Here's what I already did:

1) Installed WBEM Providers on managed system

2) disabled the HOLE firewall on CMS and managed system

3) used an account for the discovery which is in the group "DCOM users" on the managed system

4) granted the account "enable account" and "remote enable" permissions in the WMI Control Security on the Root WMI Namespace

5) added HP SIM Server certificate to the HP SMH certificate store on the managed system (to trusted SIM Servers)

 

The discovery Task still gives me major errors:

 

         * Checking for WBEM protocol support on system...
Minor:    This system does not have any SMI-S CIMOMs installed. No storage
          systems will be found on this system.
Minor:    The Central Management System (CMS) cannot communicate with the
          CIMOM locally installed on the managed system using the WBEM
          protocol, Identification will try to identify Windows systems using
          the WMI Mapper as proxy; for Linux and HP-UX systems, check
          credentials by going to Options->Security->Credentials->System
          Credentials. For Linux systems also check if the HP WBEM provider
          is installed.
        * Running WBEM rules based identification...
Minor:    Identification cannot get computer system hardware data from the
          WBEM / WMI providers.

 

 

Does anyone know what I could try or what I've missed?

 

Thanks and regards,

Ville

0 Kudos
Reply
1 REPLY 1
SwisspostIT
Valued Contributor

‎04-19-2013 04:11 AM

‎04-19-2013 04:11 AM

Re: problems managing windows system with WBEM

Found out what the problem was:

The Document "HP SIM Security" by HP says, that you only need to give the "enable account" and "remote enable" permissions in the WMI Control Security, but that isn't enough.

 

If you want to use a non-administrator account follow these steps for WMI Control Security:

 

For the following namespaces, add the user account to namespace security:

  • root\HPQ
  • root\HPQ\default
  • root\HPQ\TestEvent
  • root\Interop
  • root\CIMv2

 

Following Permissions:

  • Execute Methods
  • Full Write
  • Partial Write
  • Provider Write
  • Enable Account
  • Remote Enable
  • Read Security
  • Edit Security

 

I don't know why also the Edit Security is needed but without that, the Task cannot be finished successfully...

 

Now I can discover the systems with WBEM, but the WBEM Event subscription fails with Windows Event 5858 with ResultCode 0x80041003 (regarding to MSDN this means WBEM_E_ACCESS_DENIED).

 

So I still have to find out some more configuration which is needed.

 

Regards,

Ville

 

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.