The Windows discovery on Device42 is supported through a service called Windows Discovery Service (WDS) which can be downloaded from the following link:
https://www.device42.com/autodiscovery/
and it can be installed on any windows machine and connected to the main appliance or the remote collector. For the installation and setup steps you can refer to this link:
https://docs.device42.com/getstarted/installation/windows-discovery-service-installation/
Permissions and Firewall Ports required for this discovery:
1- Ensure the user has remote access to "CIMV2", "DEFAULT" and "WMI" namespaces on the target machine.
2- Firewall Rules to Enable:
Windows Management Instrumentation (DCOM-In)
Windows Management Instrumentation (WMI-In)
3- 135 port must be open on the remote server
And an ephemeral port range of ports 1024 to 65535 are to be left open. WMI first uses port 135 to negotiate, then DCOM selects a random port between 1024 and 65535.
4- If you have a domain\user_name on the Windows server you need also to use the same for the auto discovery job.
Port Failed Error
If we got a port failed error we can test if the port 135 on the remote machine is reachable from the WDS server, you can do that by executing the following command from the PowerShell of WDS server:
New-Object System.Net.Sockets.TcpClient("target_IP", 135)
Authentication Error
In case we got authentication error we can use the following tool to test the discovery user permissions on the target machine:
https://www.dropbox.com/s/hjlx8zyuplb2qn8/D42WMITester.exe?dl=0
WDS Test Tool
WDS Test Tool is now part of Device42 Debug Tool installed as part of WDS (v18.13+)
This tool will run commands in the context of the WDS service.
Navigate to the Device42Debug tool on a WDS Machine:
C:\Program Files\Device42\Device42Discovery
Credential Check sample
WMI call sample
WMI call with Namespace sample
Execute sample
Test WMI query before discovery
We can test if we are able to query the WMI on the target machine and check if we are getting some result by executing the following command from the PowerShell of WDS server:
Get-WmiObject -query "SELECT * FROM win32_OperatingSystem" -credential "domain\user" -ComputerName IP
where
"domain\user" will be replaced with the auto discovery job user name (the password will be prompted)
IP will be the IP address or the DNS of the remote windows machine which need to be discovered
If you get an output like this:
so the query is worked and we can go and setup the discovery job.
For some cases you may get "RPC Server is not Available" error after running the query, for such cases we may need to check the followings:
- The remote computer is blocked by the firewall.
- The “TCP/IP NetBIOS Helper” service isn’t running.
- The “Remote Procedure Call (RPC)” service is not running on the remote computer.
- The “Windows Management Instrumentation” service is not running on the remote computer.
- UAC is enabled for some cases it can prevent remote WMI queries.
- And the final and worth scenario is that there is some issue with the WMI registry on the target.
If for some reason the issue is not fixed, as an alternative we can use the agent based scan for such cases: https://docs.device42.com/auto-discovery/agent-based-discovery/
You can refer to the following links to check how to enable the remote access to WMI:
https://docs.microsoft.com/en-us/windows/desktop/wmisdk/connecting-to-wmi-on-a-remote-computer
https://www.poweradmin.com/help/faqs/how-to-enable-wmi-for-remote-access/
Comments
0 comments
Article is closed for comments.