Hi,

I have some events from an old device that keep re-appearing. This device is no longer in Zenoss but even if I acknowledge the events and remove them they will re-appear at some point in the future. Is there a way to completely remove them and to stop them re-appearing?

Hi, all ... I've been unable to connect via WMI to any of our Windows servers.  They're all VMs, running 2008R2.  I've gone through all of the postings and guides I can find here on the site, with no luck.

My desired end-state is not to have to use a userid with admin rights, but just to spiral in and get it working, i've added a user with domain level administrator rights.  I avoided any special characters in the password, and I know the password I'm using is correct, because I can RDP into the server I'm attempting to access using those credentials.  But no form of wmic command is successful (various quoting, using \\ instead of /, using full domain name in place of shortname, etc.).

On the Zenoss box, I always get the following errors:

[librpc/rpc/dcerpc_util.c:1290:dcerpc_pipe_auth_recv()] Failed to bind to uuid 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57 - NT_STATUS_NET_WRITE_FAULT

[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c0000022) in dcerpc_pipe_connect_b_recv

[wmi/wmic.c:196:main()] ERROR: Login to remote object.

NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied

On the Windows side, I always see a "bad userid or password" error - even though I'm using the exact same userid/password as used for an interactive login over RDP, e.g.

We're operating in a secured environment, and in the past, have run into problems with e.g. LDAP calls failing, because of the GPO settings that require certain things of any processes attempting to connect ... is there anything that anyone's encountered at the network connection level that could be in play? 

On the other hand -- by doing this several times in a row, the account I'm trying to use does in fact get locked -- which might argue that the connection isn't being completely denied, since it's clearly getting to the point of passing the credentials over the connection.

To eliminate something with the domain being involved, I created an account local to the Windows server, with local administrator rights -- same behavior.

I'm assuming it's not something to do with DCOM permissions or such - since the error doesn't seem to target that.

So ... assuming that I'm correct, and that I'm not simply messing up the password (which again, I'm using on that same server to login via RDP at the exact same time)  ... is there anything else anyone is aware of that can cause a "bad userid or password" error on the windows side?

Any other thoughts?

thx!

Hi Guys,

I'm a total beginner on this so apologies in advance if my question has already been asked . I'm looking to install this on my windows server 2008 serevrs , I have 8 in the same lan and want to start monitoring disk usage , free space etc, is there zenoss just for windows? I couldn't find one in downloads section?

can anyone help me?

Thanks.

Hi,

I'm getting this error when I bind the WMITerminalServer Template to my organiser to view Terminal sessions performance information.

Could not read the WMI value (NT code 0x80041010). Check your username/password settings and verify network connectivity.

This zenpack uses the following WQL command to receive the information.

SELECT ActiveSessions,InactiveSessions,TotalSessions FROM Win32_PerfRawData_TermService_TerminalServices

As soon as I unbind the template, the error stops.

The WMIPerformanceMonitor Zenpack uses the below command to obtain the same information and the error does not appear.

$$ZENHOME/Products/WMIPerformanceMonitor/libexec/wmi_stats.pl TS "${dev/id}" "${dev/manageIp}" "${dev/zWinUser}" '${dev/zWinPassword}'

Can anyone tell me why this error appears with a WQL command

The servers are Windows 2003 Standard x64 and besides receiving the error, the performance counters to appear in the Graph

When I wanted to make the jump from the demo VM to a real Hyper-V VM, I found that the instructions were a bit all over the place and sometimes outdated.  I want to write up a nice one, but until then I'm putting a more basic walkthrough here.  Hope it helps someone.  While I put the exact versions and environment, some of this is probably applicable to slightly different ones.

Installing a Centos 6.3/Zenoss Core 4.2.0 sp 1 VM from scratch on Windows Server 2008 R2 (System Center 2012)

A) Prepare the VM

1. Get CentOS-6.3-x86_64-LiveCD.iso from one of the mirrors at http://isoredirect.centos.org/centos/6/isos/x86_64/
2. Get Linux IC v3.4.iso from http://www.microsoft.com/en-us/download/details.aspx?id=34603
3. Create hyper-v VM (I set it to Other Linux (64 bit) but that may not be necessary)
4. Use non-legacy network card.
5. This guide will assume you are making your VM visible on your internet network (bridged).
6. Change to Connected to and choose the appropriate settings for your host network config
7. Attach CentOS-6.3-x86_64-LiveCD.iso to the virtual CD/DVD drive

B) Install CentOS and Hyper-V Integration

1. Power on, connect and login as root
2. Ctrl-Alt-D to get to desktop
3. run Install LiveCD to Hard Drive
4. Alt-F1, tab over to System -> Shutdown (not reboot)
5. Attach Linux IC v3.4.iso to the virtual CD/DVD drive
6. Power on and connect
7. Finish setup (and reboot if it makes you)
8. Alt-F1, System Tools -> Terminal
9.   cd /media/CDROM/RHEL63
10.   rpm -Uvh --nodeps kmod-microsoft-hyper-v-rhel63.3.4-1.20120727.x86_64.rpm
11.   rpm -Uvh –-nodeps microsoft-hyper-v-rhel63.3.4-1.20120727.x86_64.rpm
12.   shutdown -h 0
13. Remove the ISO from the VM
14. Power on, connect and login as root
15. Mouse should work now
16. Go to System -> Preferences -> Network Connections
17. You should see Auto eth0.  You can now change it to a static ip if necessary.
18. Open a terminal window and type ifconfig to see your network card.
19. You may need to issue "service network restart" to apply your changes.
20. You should now be able to ping and be pinged.

CentOS 6.3 should be installed properly.  Now might be a good time to shut down and make a checkpoint/backup!

C) Install Zenoss 4.2.0

1. Login as root
2. Open a Terminal window
3.   yum -y remove mysql-libs
4.   wget --no-check-certificate https://raw.github.com/zenoss/core-autodeploy/master/core-autodeploy-4.2.sh
5.   chmod +x core-autodeploy-4.2.sh
6.   ./core-autodeploy-4.2.sh
7.   iptables -I INPUT 1 -p tcp --dport 8080 -j ACCEPT
8.   iptables -I INPUT 1 -p tcp --dport memcache -j ACCEPT
9.   iptables -I INPUT 1 -p udp --dport memcache -j ACCEPT
10.   iptables -I INPUT 1 -p tcp --dport syslog -j ACCEPT
11.   iptables -I INPUT 1 -p tcp --dport snmptrap -j ACCEPT
12. And if you want ssh (you can do this earlier in the process as well):
13.   iptables -I INPUT 1 -p tcp --dport ssh -j ACCEPT
14.   Go to System -> Administration -> Services and enable and then start sshd
15.   It's a lot easier to ssh (PuTTY is a good, free ssh client) than to use the GUI for some of the following.
16. Finish with:
17.   service iptables save

Zenoss 4.2.0 should be installed properly.  Now might be another good time to shut down and make a checkpoint/backup!

D) Update to 4.2.0 sp 1

1. Login as root
2. Issue the following commands via terminal or ssh (answer "y" to all prompts):
3.   yum --enablerepo=epel install git
4.   yum install patch
5.   yum install unzip
6.   su zenoss
7.   cd /var/tmp
8.   git clone git://github.com/zenoss/CoreServicePacks.git
9.   cd CoreServicePacks/4.2.0-SP1
10.   ./apply.sh
11.   zenoss start

E) Miscellaneous

1. Login as root
2. Open up snmp so you can monitor the zenoss server's performance:
3.   Edit /etc/snmp/snmpd.conf
4.   Comment out the following lines by putting a # in front of them:
5.     view    systemview    included    .1.3.6.1.2.1.1
6.     view    systemview    included    .1.3.6.1.2.1.25.1.1
7.   Add this line at the end of the file:
8.     view    systemview    included    .1

Zenoss 4.2.0 sp 1 should be installed properly.  You know what it's a good time for by this point.

So every 10 minutes during our polling for Windows services a few of our servers gives us the error "Could not read Windows services" then the next time it polls the errors clear.

I use wmic on the Zenoss box and successfully query the devices.

The devices are all random Windows servers, 2003/2003 64-bit/ 2008 64/2008 R2.

Even when the device has the error, I can still go to 'Windows Services" and monitor a service, so it appears that communication is still working.

It is random boxes across several domains.

We did performance tunning on the Zenoss box and increased the scan interval.

Also we increased the scan interval and reduced the WMI services that we monitor.

Here is the error message in Zenwin logs.

=================================================================================================

===================================================================================================

We have restarted the server, we have removed Zenpacks;

Zenpacks in use:

ZenPacks.community.DellMoncommunityEgor Puzanov2.4Yes

ZenPacks.community.VMwareDataSourcecommunityEric Enns1.1.2Yes

ZenPacks.community.VMwareESXiMonitorcommunityEric Enns1.2Yes

ZenPacks.community.WMIDataSourcecommunityEgor Puzanov2.11Yes

ZenPacks.community.WMIPerf_WindowscommunityEgor Puzanov2.5.80Yes

ZenPacks.community.deviceAdvDetailcommunityEgor Puzanov2.7Yes

ZenPacks.community.mib_browsercommunityKells Kearney & Jane Curry2.0Yes

ZenPacks.zenoss.ApacheMonitorzenossZenoss2.1.2Yes

ZenPacks.zenoss.DellMonitorzenossZenoss2.1.0Yes

ZenPacks.zenoss.DigMonitorzenossZenoss1.0.2Yes

ZenPacks.zenoss.DnsMonitorzenossZenoss2.0.2Yes

ZenPacks.zenoss.EsxTopzenossZenoss1.0.2Yes

ZenPacks.zenoss.FtpMonitorzenossZenoss1.0.2Yes

ZenPacks.zenoss.HPMonitorzenossZenoss2.1.0Yes

ZenPacks.zenoss.HttpMonitorzenossZenoss2.0.3Yes

ZenPacks.zenoss.IRCDMonitorzenossZenoss1.0.2Yes

ZenPacks.zenoss.JabberMonitorzenossZenoss1.0.2Yes

ZenPacks.zenoss.LDAPMonitorzenosszenoss1.2.3Yes

ZenPacks.zenoss.LinuxMonitorzenossZenoss1.1.5Yes

ZenPacks.zenoss.MySqlMonitorzenossZenoss2.1.2Yes

ZenPacks.zenoss.NNTPMonitorzenosszenoss1.0.2Yes

ZenPacks.zenoss.NtpMonitorzenossZenoss Team2.0.3Yes

ZenPacks.zenoss.RPCMonitorzenosszenoss1.0.2Yes

ZenPacks.zenoss.XenMonitorzenossZenoss1.0.3Yes

ZenPacks.zenoss.ZenAWSzenossZenoss1.0.3Yes

ZenPacks.zenoss.ZenJMXzenossZenoss3.5.2Yes

ZenPacks.zenoss.ZenossVirtualHostMonitorzenossZenoss2.3.6Yes

We are potentially looking at the Enterprise version of Zenoss, but if we can't fix this issue we will have to move on to another monitoring solution.

Please let me know if there are any other troubleshooting I can do...

It could possible be something in the polling that is causing the issue, but I am kinda lost on where to look next.

Thanks

Hi

I am getting this ZENWIN error from a server where I have applied the terminal server zenpack template, it has a simple WQL query

SELECT ActiveSessions,InactiveSessions,TotalSessions FROM Win32_PerfFormattedData_TermService_TerminalServices

Could not read the status of Windows services (ExecNotificationQuery (WBEM_E_QUOTA_VIOLATION)) 

Does anywone know what part of the command could be causing it?

a MSDN technet page has the following
http://msdn.microsoft.com/en-us/library/aa392105(VS.85).aspx
Remarks
There are limits to the number ofANDandORkeywords that can be used in WQL queries. Large numbers of WQL keywords used in a complex query can cause WMI to return the WBEM_E_QUOTA_VIOLATION error code as anHRESULTvalue. The limit of WQL keywords depends on how complex the query is.
not sure if this is part of the overall zenwin deamon or TS template...

thanks

Alex

CLASS: Win32_ComputerSystem
AdminPasswordStatus|AutomaticManagedPagefile|AutomaticResetBootOption|
AutomaticResetCapability|BootOptionOnLimit|BootOptionOnWatchDog|BootROMSupported|
BootupState|Caption|ChassisBootupState|CreationClassName|CurrentTimeZone|DaylightInEffect|
Description|DNSHostName|Domain|DomainRole|EnableDaylightSavingsTime|FrontPanel
ResetStatus|InfraredSupported|InitialLoadInfo|InstallDate|KeyboardPasswordStatus|
LastLoadInfo|Manufacturer|Model|Name|NameFormat|NetworkServerModeEnabled|
NumberOfLogicalProcessors|NumberOfProcessors|OEMLogoBitmap|OEMStringArray|
PartOfDomain|PauseAfterReset|PCSystemType|PowerManagementCapabilities|
PowerManagementSupported|PowerOnPasswordStatus|PowerState|PowerSupplyState|
PrimaryOwnerContact|PrimaryOwnerName|ResetCapability|ResetCount|ResetLimit|
Roles|Status|SupportContactDescription|SystemStartupDelay|SystemStartupOptions|
SystemStartupSetting|SystemType|ThermalState|TotalPhysicalMemory|UserName|
WakeUpType|Workgroup
1|True|True|True|0|0|True|
Normal boot|WSCOMKLIF02A|4|Win32_ComputerSystem|120|True|AT/AT COMPATIBLE|
wscomklif02a|emea-klif.msad-klif.sopra|3|True|2|False|NULL|(null)|2|(null)|Dell Inc.|
OptiPlex 755                 |WSCOMKLIF02A|(null)|True|2|1|NULL|(www.dell.com)|
True|-1|5|NULL|False|1|0|3|(null)|Windows User|1|-1|-1|(LM_Workstation,LM_Server,NT,Server_NT)|
OK|NULL|0|NULL|0|x64-based PC|3|2101157888|EMEA-KLIF\wmimon|6|(null)

DEBUG:zen.Watcher:connecting to wscomklif02a.ptx.fr.sopra
Failed to bind to uuid 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57 - NT_STATUS_NET_WRITE_FAULT
ERROR:zen.pysamba:Attempt to connect resulted in NT_STATUS_ACCESS_DENIED
ERROR:zen.Watcher:NT_STATUS_ACCESS_DENIED
Traceback (most recent call last):  File "/usr/local/zenoss/zenoss/Products/ZenWin/Watcher.py", line 39, in inner    driver.next()  File "/usr/local/zenoss/zenoss/Products/ZenUtils/Driver.py", line 64, in result    raise ex
WMIFailure: NT_STATUS_ACCESS_DENIED
ERROR:zen.zenwin:NT_STATUS_ACCESS_DENIED
Traceback (most recent call last):  File "/usr/local/zenoss/zenoss/Products/ZenWin/zenwin.py", line 139, in inner    driver.next()  File "/usr/local/zenoss/zenoss/Products/ZenUtils/Driver.py", line 64, in result    raise ex
WMIFailure: NT_STATUS_ACCESS_DENIED
DEBUG:zen.zenwin:Queueing event {'manager': 'zenoss.ptx.fr.sopra', 'severity': 4, 'device': 'wscomklif02a.ptx.fr.sopra', 'eventClass': '/Status/Wmi', 'component': 'zenwin', 'agent': 'zenwin', 'summary': 'Could not read the status of Windows services (NT_STATUS_ACCESS_DENIED). Check your username/password settings and verify network connectivity.'}

I'm pretty new to Zenoss and could use any advice on the following issue.

We are running Zenoss v3.0-v03 monitoring Windows Servers.  One server in particular has 3 graphs that are blank and the values are "nan", but all the other graphs are populated and have the correct values listed.  The graphs used to be populated with information as well as the values.

The other Windows servers we are monitoring don't have this issue.  All graphs are normal. 

If I try to create a new graph I get the same results, they are blank with "nan" for values.

Any assistance would be appreciated.

Thanks

Introduction

1. DCOM

2. WMI

Namespace Access Settings

WmiSecurity.exe /C="%computername%" /A /N=Root/CIMV2 /M=" DOMAIN\USER:REMOTEACCESS" /R

3.  Service Control Manager

4. Event  Log Permissions

• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application,Security,System,CustomLog

• Read (0x0001)
• Write (0x0002)
• Clear (0x0004)

Error  Summary

Other  Errors

Hi,

i just installed Zenoss and tryed to configure Zenoss to interact with Windows 2008 Server by WMI.

I get error from zenwin & zeneventlog:

"Could not read Windows services (NT_STATUS_IO_TIMEOUT). Check your username/password settings and verify network connectivity."

What could be the problem?

wmic  from zenoss shell works without any problems

Hi,

I have some events from an old device that keep re-appearing. This device is no longer in Zenoss but even if I acknowledge the events and remove them they will re-appear at some point in the future. Is there a way to completely remove them and to stop them re-appearing?

I just setup a test Zenoss box.  I've got it setup to monitor a few test Windows 2008R2 boxes using SNMP & WMI (I think anyway).  Do people using one or ther other? or both?  If so, do you have to use SNMP Informant on Windows boxes to gather full data?  Our current commercial solution doesn't require any additional agents which I prefer.

Thank You!

Hi, all ... I've been unable to connect via WMI to any of our Windows servers.  They're all VMs, running 2008R2.  I've gone through all of the postings and guides I can find here on the site, with no luck.

My desired end-state is not to have to use a userid with admin rights, but just to spiral in and get it working, i've added a user with domain level administrator rights.  I avoided any special characters in the password, and I know the password I'm using is correct, because I can RDP into the server I'm attempting to access using those credentials.  But no form of wmic command is successful (various quoting, using \\ instead of /, using full domain name in place of shortname, etc.).

On the Zenoss box, I always get the following errors:

[librpc/rpc/dcerpc_util.c:1290:dcerpc_pipe_auth_recv()] Failed to bind to uuid 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57 - NT_STATUS_NET_WRITE_FAULT

[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c0000022) in dcerpc_pipe_connect_b_recv

[wmi/wmic.c:196:main()] ERROR: Login to remote object.

NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied

On the Windows side, I always see a "bad userid or password" error - even though I'm using the exact same userid/password as used for an interactive login over RDP, e.g.

We're operating in a secured environment, and in the past, have run into problems with e.g. LDAP calls failing, because of the GPO settings that require certain things of any processes attempting to connect ... is there anything that anyone's encountered at the network connection level that could be in play? 

On the other hand -- by doing this several times in a row, the account I'm trying to use does in fact get locked -- which might argue that the connection isn't being completely denied, since it's clearly getting to the point of passing the credentials over the connection.

To eliminate something with the domain being involved, I created an account local to the Windows server, with local administrator rights -- same behavior.

I'm assuming it's not something to do with DCOM permissions or such - since the error doesn't seem to target that.

So ... assuming that I'm correct, and that I'm not simply messing up the password (which again, I'm using on that same server to login via RDP at the exact same time)  ... is there anything else anyone is aware of that can cause a "bad userid or password" error on the windows side?

Any other thoughts?

thx!

Hi,

i just installed Zenoss and tryed to configure Zenoss to interact with Windows 2008 Server by WMI.

I get error from zenwin & zeneventlog:

"Could not read Windows services (NT_STATUS_IO_TIMEOUT). Check your username/password settings and verify network connectivity."

What could be the problem?

wmic  from zenoss shell works without any problems

Ok, making progress.  I've come through the configuration issues to allow WMI access from the Linux Zenoss VM to the Windows 2008R2 VMs using a non-administrator account, relying on NTLMv2 (as required in my env).

Using egor's WMI Data Source and WMI Performance zenpacks, btw.  Core 3.2.1, RPM install into a RHEL 5.5 VM, accessing a 64-bit Windows 2008R2 SP2 VM.  Server is in /CIM/WMI device tree, and appears to model properly.  I have SNMP monitoring turned off (at the config level) for that portion of the device tree.

But I have the following problems with the single server I'm trying to monitor (a test case, to rough out all proper config settings, etc.):

1. For the device-specific graphs, CPU utilization always shows 0%; Memory Utilization and Paging, all values show nan
2. For Components | File Systems, the Utilization shows correct values (and a related threshold is being triggered, as i do in fact have < 10% of C:\ space available), but Queue Length and I/O Requests graphs, all values show nan (I switches the modeler plugin to community.wmi.VolumeFileSystemMap from the Core one, btw -- though the values all also looked correct with the core one [which makes sense, given that it's a simple disk, not a large volume or anything])
3. Under Components | Interfaces, the interfaces did model correctly, but all graph values show nan
4. Under Components | Windows Services, the services list populates with correct info, but all graph values for all services show nan
5. Under Software, installed software list is blank

Where I can figure out how to, I've tested, and it's not a basic access issue ... e.g., in Advanced | Monitoring Templates, with Device | /CIM/WMI selected, selecting the sysUpTime data point, and from the gear widget, selecting View and Edit Details, then entering my device and doing "TEST", I get what looks fine to me as a result (i fuxxed the IP address, but it is correct):

Get WMI Instance SELECT LastBootUpTime FROM Win32_OperatingSystem from //x.x.x.x/root/cimv2

InstanceName: root/cimv2:Win32_OperatingSystem. LastBootUpTime = 2011/11/14 10:56:53.296875 GMT-5

(Sorry for being so explicit about the steps I'm taking, but on these forums, i've noticed it's hard for a n00b, because people say "test the datasource" and never explain how to do that -- trying to help those a 1/2 step behind me :-)

Doing the same test on the Processor data point, though, I get:

Get WMI Instance SELECT LoadPercentage FROM Win32_Processor from //10.13.0.93/root/cimv2

InstanceName: root/cimv2:Win32_Processor.DeviceID="CPU0" InstanceName: root/cimv2:Win32_Processor.DeviceID="CPU1"

There's mention in some of egor's blog postings of this, how if there are multiple CPUs, you'll get a list back - and maybe his pending newer perf pack (which relies on the SQLDataSource under the covers?) will combine multiple queries or something ...?  But I couldn't make heads nor tails of it, if there was anything in there that would allow a fix for the current packs.

Then, for the PerfOSMemory data source, when I test it, I get literally nothing back -- just the SELECT line, and no 2nd result line. Running the same query via wmic -d 99, everything looks fine until the last line of debug output, which reads:

[librpc/ndr/ndr.c:200:ndr_print_debug_helper()] result                         :  WERR_BADFUNC

(even though the final line reads "[wmi/wmic.c:212:main()] OK").

Running "zenperfwmi -v10 -d device" instead, I see reasonable output, including (i've fuzzed IP and uid/pw, but values were all correct):

2011-11-16 14:13:50,445 DEBUG zen.zenperfwmi: Polling for WMI data from x.x.x.x [x.x.x.x]

2011-11-16 14:13:50,445 DEBUG zen.collector.scheduler: Task x.x.x.x changing state from RUNNING to WMIC_QUERY

2011-11-16 14:13:50,445 DEBUG zen.WMIClient: connect to x.x.x.x, user 'xx/yy'

2011-11-16 14:13:50,662 DEBUG zen.pysamba: OK: x.x.x.x - Connect

2011-11-16 14:13:50,663 DEBUG zen.WMIClient: Query: SELECT NetConnectionStatus,DeviceID FROM Win32_NetworkAdapter

2011-11-16 14:13:50,666 DEBUG zen.pysamba: OK: x.x.x.x - ExecQuery

2011-11-16 14:13:50,670 DEBUG zen.pysamba: OK: x.x.x.x - Reset result of WMI query.

2011-11-16 14:13:50,809 DEBUG zen.pysamba: OK: x.x.x.x - Retrieve result data.

2011-11-16 14:13:50,812 DEBUG zen.pysamba: OK: x.x.x.x - Retrieve result data.

2011-11-16 14:13:50,814 DEBUG zen.pysamba: OK: x.x.x.x - Retrieve result data.

2011-11-16 14:13:50,814 DEBUG zen.WMIClient: Query: SELECT LastBootUpTime FROM Win32_OperatingSystem

2011-11-16 14:13:50,816 DEBUG zen.pysamba: OK: x.x.x.x - ExecQuery

2011-11-16 14:13:50,818 DEBUG zen.pysamba: OK: x.x.x.x - Reset result of WMI query.

2011-11-16 14:13:50,825 DEBUG zen.pysamba: OK: x.x.x.x - Retrieve result data.

2011-11-16 14:13:50,827 DEBUG zen.pysamba: OK: x.x.x.x - Retrieve result data.

2011-11-16 14:13:50,828 DEBUG zen.WMIClient: Query: SELECT Name,CurrentDiskQueueLength,DiskWriteBytesPersec,DiskReadsPersec,DiskReadBytesPersec,DiskWritesPersec FROM Win32_PerfRawData_PerfDisk_LogicalDisk WHERE Name="C:"

2011-11-16 14:13:50,832 DEBUG zen.pysamba: OK: x.x.x.x - ExecQuery

2011-11-16 14:13:50,834 DEBUG zen.pysamba: OK: x.x.x.x - Reset result of WMI query.

2011-11-16 14:13:50,843 DEBUG zen.pysamba: OK: x.x.x.x - Retrieve result data.

2011-11-16 14:13:50,843 DEBUG zen.WMIClient: Query: SELECT PacketsOutboundErrors,Name,PacketsReceivedErrors,PacketsSentPersec,PacketsReceivedPersec,BytesSentPersec,PacketsReceivedUnicastPersec,BytesReceivedPersec,PacketsSentUnicastPersec FROM Win32_PerfRawData_Tcpip_NetworkInterface

2011-11-16 14:13:50,846 DEBUG zen.pysamba: OK: x.x.x.x - ExecQuery

2011-11-16 14:13:50,848 DEBUG zen.pysamba: OK: x.x.x.x - Reset result of WMI query.

2011-11-16 14:13:50,856 DEBUG zen.pysamba: OK: x.x.x.x - Retrieve result data.

2011-11-16 14:13:50,856 DEBUG zen.WMIClient: Query: SELECT AvailableKBytes, CacheBytes, PagesPerSec FROM Win32_PerfRawData_PerfOS_Memory

2011-11-16 14:13:50,859 DEBUG zen.pysamba: OK: x.x.x.x - ExecQuery

2011-11-16 14:13:50,861 DEBUG zen.pysamba: OK: x.x.x.x - Reset result of WMI query.

2011-11-16 14:13:50,877 DEBUG zen.pysamba: OK: x.x.x.x - Retrieve result data.

After all the queries, I see:

2011-11-16 14:13:50,965 DEBUG zen.collector.scheduler: Task x.x.x.x changing state from WMIC_QUERY to WMIC_PROCESS

2011-11-16 14:13:50,965 DEBUG zen.zenperfwmi: Successful collection from x.x.x.x [x.x.x.x], results={

followed by an output of a table, with results - showing e.g.:

'x.x.x.x_Device_sysUpTime': [{'sysUpTime': DateTime('2011/11/14 10:56:53.296875 GMT-5')}], 'C_FileSystem_usedBlocks': [{'usedBlocks': 3241193472}], 'Intel_R_ PRO_1000 MT Network Connection_ethernetCsmacd_PerfRawData': [], 'x.x.x.x_Device_Processor': [{'LoadPercentage_count': 0, 'LoadPercentage_avg': 0}, {'LoadPercentage_count': 0, 'LoadPercentage_avg': 0}], 'x.x.x.x_Device_PerfOSMemory': [], 'Intel_R_ PRO_1000 MT Network Connection _2_ethernetCsmacd_PerfRawData': []

When I run those same queries from WBEMTEST, I get basically the same results - an object returned for uptime, no object returned for the PerfOSMemory query.  Turning on WMI event tracing on the Windows server, nothing in particular shows up - i see the queries coming in,

I've done what things I could find on the Windows box, e.g. run wmiadap /F, winmgmt /resyncperf, restarted WMI service, ran mofcomp and regsvr32 /s on all the .mof and .dll files in %windir%\system32\wbem.

So ... any thoughts?  Something I'm doing wrong?

thx!

Hi

I am getting this ZENWIN error from a server where I have applied the terminal server zenpack template, it has a simple WQL query

SELECT ActiveSessions,InactiveSessions,TotalSessions FROM Win32_PerfFormattedData_TermService_TerminalServices

Could not read the status of Windows services (ExecNotificationQuery (WBEM_E_QUOTA_VIOLATION)) 

Does anywone know what part of the command could be causing it?

a MSDN technet page has the following
http://msdn.microsoft.com/en-us/library/aa392105(VS.85).aspx
Remarks
There are limits to the number ofANDandORkeywords that can be used in WQL queries. Large numbers of WQL keywords used in a complex query can cause WMI to return the WBEM_E_QUOTA_VIOLATION error code as anHRESULTvalue. The limit of WQL keywords depends on how complex the query is.
not sure if this is part of the overall zenwin deamon or TS template...

thanks

Alex

Hi,

I have some events from an old device that keep re-appearing. This device is no longer in Zenoss but even if I acknowledge the events and remove them they will re-appear at some point in the future. Is there a way to completely remove them and to stop them re-appearing?

Hi, all ... I've been unable to connect via WMI to any of our Windows servers.  They're all VMs, running 2008R2.  I've gone through all of the postings and guides I can find here on the site, with no luck.

My desired end-state is not to have to use a userid with admin rights, but just to spiral in and get it working, i've added a user with domain level administrator rights.  I avoided any special characters in the password, and I know the password I'm using is correct, because I can RDP into the server I'm attempting to access using those credentials.  But no form of wmic command is successful (various quoting, using \\ instead of /, using full domain name in place of shortname, etc.).

On the Zenoss box, I always get the following errors:

[librpc/rpc/dcerpc_util.c:1290:dcerpc_pipe_auth_recv()] Failed to bind to uuid 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57 - NT_STATUS_NET_WRITE_FAULT

[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c0000022) in dcerpc_pipe_connect_b_recv

[wmi/wmic.c:196:main()] ERROR: Login to remote object.

NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied

On the Windows side, I always see a "bad userid or password" error - even though I'm using the exact same userid/password as used for an interactive login over RDP, e.g.

We're operating in a secured environment, and in the past, have run into problems with e.g. LDAP calls failing, because of the GPO settings that require certain things of any processes attempting to connect ... is there anything that anyone's encountered at the network connection level that could be in play? 

On the other hand -- by doing this several times in a row, the account I'm trying to use does in fact get locked -- which might argue that the connection isn't being completely denied, since it's clearly getting to the point of passing the credentials over the connection.

To eliminate something with the domain being involved, I created an account local to the Windows server, with local administrator rights -- same behavior.

I'm assuming it's not something to do with DCOM permissions or such - since the error doesn't seem to target that.

So ... assuming that I'm correct, and that I'm not simply messing up the password (which again, I'm using on that same server to login via RDP at the exact same time)  ... is there anything else anyone is aware of that can cause a "bad userid or password" error on the windows side?

Any other thoughts?

thx!

Hi,

I have some events from an old device that keep re-appearing. This device is no longer in Zenoss but even if I acknowledge the events and remove them they will re-appear at some point in the future. Is there a way to completely remove them and to stop them re-appearing?