• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

VBScript GetObject for WMI fails

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> VBScript GetObject for WMI fails Page: [1]
Login
Message << Older Topic   Newer Topic >>
VBScript GetObject for WMI fails - 26.Aug.2004 1:58:00 AM   
EdR

 

Posts: 1
Joined: 28.May2004
Status: offline
There are several Windows Server 2003 systems in our domain. They are all in the same forest, site, and network subnet. One of them is a PDC, and the other one is running ISA Server 2004.

On the PDC, I run a VBS script that gathers information from all the servers and consolidates it all into a ˘network status÷ report. The VBS script works fine for all the servers except for the ISA server. When the script runs GetObject(˘winmgmtsÓ÷) for the ISA server, the GetObject procedure throws a VBS runtime error. I suspect that the ISA firewall system or client is causing the error, since the other servers on the network do not have this problem.

Does anyone have ideas on what is going on here? Thanks in advance!

Here is detailed informationÓ

- On the PDC, I am running the VBS script from an account that is in the Domain Admins group.

- On the PDC, I can open the ˘Computer Management÷ app and use the ˘Connect to another computerÓ÷ command to administer the ISA server.

- On the ISA serverĂs system policies, Remote Management via MMC is enabled and the PDC computer is in the Remote Management Computers list.

- Also on the ISA the Domain Admin account I am logged into is granted the ˘ISA Server Full Administrator÷ role.

- The minimal VBS program that demonstrates the problem is:
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\ISA\root\cimv2")

- The above VBS program executes successfully when run from the ISA server computer itself.

- When run from the PDC, the VBS program displays this error:
The remote server machine does not exist or is unavailable: ŠGetObjectĂ
Code: 800A01CE

- I have Netlogon logging going on the ISA server. There are no entries in the Netlogon log file associated with this failure.

- The VBS failure causes these two entries in the PDCĂs Event Log (these are logged in reverse chronological order):
8/25/2004 3:38:15 PM DCOM Error None 10006 DOMAIN\administrator PDC "DCOM got error ""General access denied error "" from the computer ISA when attempting to activate the server:{8BC3F05E-D86B-11D0-A075-00C04FB68820}"
8/25/2004 3:38:15 PM DCOM Error None 10009 DOMAIN\administrator PDC DCOM was unable to communicate with the computer ISA using any of the configured protocols.

- The ISA serverĂs firewall service log file contains these entries from the time the VBS script was run. The IP address of the ISA server is 192.168.1.2, and the PDC is 192.168.1.1. There are a lot of columns, you probably will have to copy this into a text editor or spreadsheet to view it properly:
computer date time IP protocol source destination original client IP source network destination network action status rule application protocol bytes sent bytes sent intermediate bytes received bytes received intermediate connection time connection time intermediate source name destination name username agent session ID connection ID
ISA 2004-08-25 22:38:14 TCP 192.168.1.1:1930 192.168.1.2:135 192.168.1.1 Internal Local Host Establish 0x0 Allow remote management from selected computers using MMC RPC (all interfaces) 0 0 0 0 10 10 - - - - 922 3638
ISA 2004-08-25 22:38:14 TCP 192.168.1.1:1930 192.168.1.2:135 192.168.1.1 Internal Local Host Terminate 0x80074e24 Allow remote management from selected computers using MMC RPC (all interfaces) 1349 1349 214 214 20 10 - - - - 922 3638
ISA 2004-08-25 22:38:14 TCP 192.168.1.1:1888 192.168.1.2:135 192.168.1.1 Internal Local Host Terminate 0x80074e24 Allow remote management from selected computers using MMC RPC (all interfaces) 872 872 100 100 104100 104090 - - - - 922 3628
ISA 2004-08-25 22:38:14 TCP 192.168.1.1:1931 192.168.1.2:135 192.168.1.1 Internal Local Host Establish 0x0 Allow remote management from selected computers using MMC RPC (all interfaces) 0 0 0 0 - - - - - - 922 3639
ISA 2004-08-25 22:38:14 TCP 192.168.1.1:1931 192.168.1.2:135 192.168.1.1 Internal Local Host Terminate 0x80074e24 Allow remote management from selected computers using MMC RPC (all interfaces) 1349 1349 214 214 10 10 - - - - 922 3639
ISA 2004-08-25 22:38:14 TCP 192.168.1.1:1932 192.168.1.2:135 192.168.1.1 Internal Local Host Establish 0x0 Allow remote management from selected computers using MMC RPC (all interfaces) 0 0 0 0 10 10 - - - - 922 3640
Post #: 1
RE: VBScript GetObject for WMI fails - 14.Oct.2004 9:22:00 AM   
reveszc

 

Posts: 3
Joined: 14.Oct.2004
From: Hungary
Status: offline
Hi EdR,

I have the same problem. I spent a lot of time solving this issue, without any result. Have you find the solution?

Csaba

(in reply to EdR)
Post #: 2
RE: VBScript GetObject for WMI fails - 20.Oct.2004 9:28:00 AM   
lszabi

 

Posts: 1
Joined: 20.Oct.2004
Status: offline
My problem is same.
I want to collect disk information from my network servers. All remote query working properly except ISA 2004. The WMI Control properties and the Component services DCOM setting as same as the other servers in my network.
In the management machine where I run the script I get the following event:
System log:
Source: DCOM
Event ID: 10006
DCOM got error "General access denied error " from the computer ISA2004 when
attempting to activate the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp

In the ISA server:
Security log:
Evet ID: 537
Logon Failure:
Reason: An error occurred during logon
User Name: jano
Domain: CEGDOM
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
Status code: 0xC00002EE
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: -

All connection is enabled between this machines.
Thank for help.

(in reply to EdR)
Post #: 3
RE: VBScript GetObject for WMI fails - 15.Mar.2005 10:19:00 AM   
awj

 

Posts: 107
Joined: 26.Feb.2004
From: UK
Status: offline
Anyone get a resolution to this i am getting the same errors and have not been able to find a solution.

(in reply to EdR)
Post #: 4
RE: VBScript GetObject for WMI fails - 18.Mar.2005 11:16:00 PM   
Guest
I had a similar problem: an ISA 2004 box couldn't request a cert from my CA. Try matching the number from the event log message to an Application ID number in the Component Services snap-in: Computers > My Computer > DCOM Config. Right-click that icon > Properties > set the authentication level to None. Restart the application or service involved (or just reboot). If this doesn't work, set it back to what it was before. If it does work, be very careful since you are changing the security of that service!

(in reply to EdR)
  Post #: 5
RE: VBScript GetObject for WMI fails - 11.Apr.2005 10:46:00 PM   
Tweak36

 

Posts: 39
Joined: 3.Mar.2002
From: Ontario, Canada
Status: offline
Jason's fix worked in my case.

I was unable to request a certificate for my ISA 2004 server using the web enrolement page. The certificate web pages are hosted on a seperate box from the CA which logged a DCOM error 10006 (general access denied) each time I tried to request a cert using the web enrolement page. I hunted down the application ID # that appeared in the event log message and matched it to the ID of the DCOM object. When I changed the object's authentication from Default to None and restarted the service, I was immediately able to use the certsrv web page from the ISA 2K4 box to request an adminstrator certificate.

In this case, the event log error message identified what server returned the "General access denied error" which made it easier to track down and match the application ID # that appeared in the DCOM event. Your milleage may vary.

Thanks for the info Jason. [Cool]

Reg

(in reply to EdR)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> VBScript GetObject for WMI fails Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts