Category: Windows Server

Remote WMI Access Denied

You want to connect to WMI but you get an “Access Denied”. On the remote Server you may see the following Event Log Entry :

Log Name: Application
Source: Microsoft-Windows-WMI
Event ID: 5605
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
The Root\XXXXX namespace is marked with the RequiresEncryption flag. Access to this namespace might be denied if the script or application does not have the appropriate authentication level. Change the authentication level to Pkt_Privacy and run the script or application again.

This is an issue with some WMI Providers : MicrosoftIISv2, Cluster, …

There’s only one workaround as far as I know :

  • Open a UACed command prompt
  • Change the directory to %windir%\System32\Wbem
  • Run “notepad”
  • Open ClusWMI.mof
  • Change [RequiresEncryption] to [RequiresEncryption(FALSE)]
  • Run “Mofcomp.exe ClusWMI.mof”
  • Retry the WMI Query using Wbemtest to see if this fixes the error logging issue.

Good Luck 🙂

Using a Windows 2008 R2 Server that runs IIS and that is part of a NLB cluster, the following error may occur in the System Log:

NLB cluster []: Timer starvation has been detected. This might be due to a denial of service attack or a very high server load. During this period, some connections might fail. If this problem recurs frequently, analyze the threat and take appropriate measures and/or add more servers to the cluster. An informational event log entry will be logged when the attack has subsided. Event 105, NLB

This Microsoft article shows that the TCP Chimney Offload does not work together with Network Load Balancing:

In Windows 2008 R2, TCP Chimney Offload is set to automatic by default. To disable it run the following command :

netsh int tcp set global chimney=disabled

Each WIP Transaction that is failing will write to the server event log. But with IIS 7 the security has been redefined more stricktly and you will get first the following error on you client side : ASP.NET Cannot open log for source {0}. You may not have write access. – Access is denied. If the execution is failing again afterwards you will normally receive an Invalid Handle error. If this is the case, here’s my workaround :

1.    Run Regedit
2.    Add the “Authenticated Users” to the EventLog –> Application (not to a child)
3.    Give the permissions FullAccess to the Authenticated Users” and replace the permission on the child objects
4.    Add (A;; 0x3;;;AU) the CustomSD

Install one of the machines and allow it to download updates from the “Windows Update” site and present you with a “Ready to install updates” dialog. Then, perform the following:

  • Stop the “Automated Updates” service.
  • Open a command prompt and paste in the following commands:
cd %SystemRoot%\SoftwareDistribution\Download
for "usebackq delims=" %i in (`dir /s /a /b update.exe`) do start %i /nobackup /passive /norestart
for "usebackq delims=" %i in (`dir /s /a /b update.exe`) do start %i /n /passive /norestart

(Those commands will install most of the pending updates silently w/o making backup copies of the replaced files. Be aware that .NET Framework update, MSXML updates, and application updates won’t be installed by this method.)

  • Install the other 2 machines but don’t allow them to perform updates automatically. Copy the contents of the “%SystemRoot%\SoftwareDistibution\Download” directory from the first machine to each of the remaining machines and perform the procedure above on those machines.
  • Remove the contents of the “%SystemRoot%\SoftwareDistibution” on both machines while the “Automated Updates” service is stopped, then reboot and allow the machines to detect updates again. The remaining “.NET Framework” and other updates will be detected and installed.

(That procedure is basically what I do when prepping a new machine w/ updates from WSUS. I manually execute the updates that don’t install via the “for …” loops when they’re done, then clean the machine up. I detest having the “$NtUninstall…” directories on brand new machines, and that method prevents them from being created…)