I'm having trouble in configuring a WMI to work remotely. Every time I try to connect, I keep getting "Access Denied" error. It is a Windows 10 Enterprise, has no domain, operates in workgroup WORKGROUP.
What I did:
- I've checked if WMI service is running, I've enabled Winrm (using winrm quickconfig, I'm not even sure this step is needed but I've found it in some thread regarding the similar issue).
- I've added a new user
- In WMI Control (wmimgmt.exe), in CIMV2 security I've added my user, I enabled "remote enable, enable account, execute methods"
- In DCOM config (dcomcnfg.exe), under My Computer properties, COM security Launch and Activation permissions, I clicked "Edit limits", added my user and selected Allow in all four boxes.
- I've completely disabled a firewall for troubleshooting
- I've added my user to Administrators group for troubleshooting
- I've checked in Local Security Policy that Network Access: Security model for local accouts is set to Classic - local users authenticate as themselves.
And then, when I run:
wmic.exe /node:127.0.0.1 os get freephysicalmemoryI'm getting a normal response, but if I use external IP address and username & password, I get:
wmic.exe /node:my_ip /user:user /passsword:password os get freephysicalmemoryI get:
Error:
Description: Access is denied.What else has to be done to get it working? Thanks
22 Answers
The error 0x80070005 indicated problem was related to DCOM permission or not have the remote launch or remote activation options set.
I saw you already updated permission of computer properties, there is one more place you could update the users info: Expand my computer-->DCOM configuration-->Properties of windows management and Instrumentation-->Security.
If this does not help, you'd better capture some other traces for details.
1I've found what was the issue.
In Event logs, in System tab, I've found a Warning from LSA (LsaSrv) with the following error:
The program svchost.exe, with the assigned process ID 912, could not authenticate locally by using the target name RPCSS/<ip_address>. The target name used is not valid. A target name should refer to one of the local computer names, for example, the DNS host name. Try a different target name.It looks like using an external IP address locally won't work and will return Access Denied. I followed an answer from and once I applied the changes, I started to get the other error: "User credentials cannot be used for local connections", which is now fair.
I guess it would work remotely without this change, its just the error message is confusing. It says Access Denied and all the resources point to issues with DCOM, when there is no issue as such, it just doesn't work locally.
It could be somehow related to the fact that my host is inside NAT, it's not aware of its external IP address. It creates other issues moving forward, but it's not related to question I asked.
