Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

STRM WMI Troubleshooting

0

0

Article ID: KB15576 KB Last Updated: 02 Jan 2013Version: 3.0
Summary:
Starting with the 2009 version of STRM, Windows logs can be pulled into STRM by using the WMI protocol.
Symptoms:
Windows devices are not reporting logs to STRM
Solution:
Starting with the 2009.1 version of STRM, logs from Windows machines can be pulled by STRM.
(Note - Only Local Windows logs can be pulled into STRM (application specific logs e.g Exchange, DHCP etc is currently not available) 

To configure STRM to retrieve logs from Windows servers, follow the instructions in this guide -  Log Sources Guide

Follow the steps below if STRM fails to get logs for Windows Servers:
  1. In versions below 2012, ensure the Windows system is NOT set to NTLM v2 authentication only – currently NTLM v2 is not supported.   You can check the settings using: http://imss.caltech.edu/cms.php?op=wiki&wiki_op=view&id=396
  2. In WMI Configuration, make sure the Windows account is Domain Administrator or Local System Administrator (power users with admin privileges will not work).
  3. Verify in tcpdump that there is actually a two-way communication between the STRM system and the Windows server.
  4. Check the windows event viewer on the target system to see if the account is getting logged in or failing logins.  Make sure you check the domain to see if the user is locked.
  5. Try a third party application, such as “wmitester”, from another windows workstation to see if it can connect to the remote system being queried.
  6. Check the Windows event viewer on the target system to see if the account is getting logged in or failing logins. 
  7. Check the domain to see if the user is locked.


If all the above steps are successful, troubleshoot by running the WMI query manually from STRM
  1. Download the following utility  to the Console or Event collector that is attempting to connect to the Windows machine: RemoteWmiActivationAndQueryTest.jar
  2. This file is downloaded as a .zip file and needs to be renamed to a .jar file.
  3. Then run the jar file with the command:
    #java -jar RemoteWmiActivationAndQueryTest.jar

    It will prompt for credentials and server IP, and attempt to create the WMI object. 
  4. If the connection is successful, verify your configuration and open a Tech Support Case by going to http://juniper.net/support

    If the output dumps stack traces - collect that information and open a Tech Support Case by going to http://juniper.net/support 

Additional configuration steps for Windows 2000 Server:
---------------------------------------------------------------------
On Windows 2000 Server
  1. Go to Start Menu > Administrative Tools > Computer Management;
  2. Under "Services and Applications" Right-click on "WMI Control";
  3. Expand the tree where it says "root" and highlight CIM2;
  4. Select "Security".
  5. Highlight the user of interest.  For testing purposes, we used "Everyone".
  6. Check off "Remote Enable" and "Read Security".
  7. Select "Advanced".
  8. Highlight the two "Everyone" entries and choose "Remote Enable", "Read Security", and pick "This namespace and subnamespaces" from the drop down.
Additional Configuration steps WMI and Windows 2008 Server:
Troubleshooting WMI Connections to Win2008 servers


Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search