New Question
 
 
PRTG Network Monitor

Intuitive to Use.
Easy to manage.

200.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free PRTG
Download >>

 

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

 

Top Tags


View all Tags


WMI Error: 80041003

Votes:

1

Your Vote:

Up

Down

Greetings everyone,

I am trying to monitor my Hyper-V clusters via WMI with PRTG. I used this MS KB article to elevate the authentication level of the PRTG Probe and Server.exe services: http://support.microsoft.com/kb/268884/en-us.

I have only recently discovered PRTG. Until now, I've been relying on IP Network Host Monitor. I have successfully applied the steps in the above KB article, and was able to query root\MSCluster with IPNHM. However, the same fix does not seem to have worked either for PRTG or Paessler's WMITool.exe. Both return the following error, even though I am using the Domain Admin account in both cases:

"80041003: The current user does not have permission to perform the action."

Again, on the same server, using the same credentials, I have no problems using other programs to query the cluster. Also, the server and Hyper-V Cluster are both on the same network in the same domain.

Is there any other executable whose authentication level I have to elevate (doubt this will fix it, as WMITest.exe fails)? Any other suggestions?

authentication clustering hyper-v prtg wmi

Created on May 2, 2012 9:29:13 PM by  Mitch (11) 1



8 Replies

Votes:

0

Your Vote:

Up

Down

Hello,

do other WMI Sensors (for example simply WMI CPU Load or WMI Uptime) work on the same hosts (and only the Hyper-V WMIs do not)?

best regards.

Created on May 4, 2012 12:52:10 PM by  Torsten Lindner [Paessler Support]



Votes:

1

Your Vote:

Up

Down

Correct. I have dozens of WMI sensors for the Hyper-V Hosts, most of which work flawlessly. Those that do not work return a different error; haven't take the time to troubleshoot them yet.

However, please note, I am not directly querying a node in the cluster, I am querying the cluster IP address itself. Possibly a distinction without a difference, but I thought it was worth mentioning.

Created on May 4, 2012 2:20:49 PM by  Mitch (11) 1



Votes:

0

Your Vote:

Up

Down

So, what happens if you query the nodes directly?

Created on May 4, 2012 3:42:48 PM by  Torsten Lindner [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Sorry for the delay. Makes no difference; identical error message.

My boss happens to be an experienced VB developer. He was able to compile the example program in the KB article I linked in under a couple minutes:

http://www.filedropper.com/setclientauthenticationlevel

Please give it a try and let me know how it works for you. As I have said, it works for everything I've tried it with except PRTG.

Created on May 4, 2012 9:47:31 PM by  Mitch (11) 1



Votes:

2

Your Vote:

Up

Down

One more thing we have found:

  • UAC blocks some (not all) WMI counters, resulting in error 80041003: The current user does not have permission to perform the action. . You can add the following registry key to disable this feature of UAC.
    Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Add a new DWORD value:
    Name: LocalAccountTokenFilterPolicy
    Value: 1
    • Note: This disables some of the protection provided by UAC. Specifically, any remote access to the server using an administrator security token is automatically elevated with full administrator rights, including access to the root folder. More information can be found here: http://support.microsoft.com/kb/951016

Created on Jun 13, 2012 11:57:12 AM by  Volker Uffelmann [Paessler Support]



Votes:

1

Your Vote:

Up

Down

Hi Mitch,

We ran into the same problem trying to monitor a W2K8R2 Failover Cluster using the PRTG WMI Custom sensor.

On the cluster member server the following warning was logged into the Application log:

Log Name:      Application
Source:        Microsoft-Windows-WMI
Date:          6/29/2012 4:12:01 PM
Event ID:      5605
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      XXX.xxx.com
Description:
The root\MSCluster namespace is marked with the RequiresEncryption flag. Access to this namespace might be denied if the script or application does not have the appropriate authentication level. Change the authentication level to Pkt_Privacy and run the script or application again

So it's quite obvious that PRTG uses the default authentication level when querying the WMI namespace. And if a namespace requires encryption like in the case of 'MSCluster', then we are in trouble.

Did you find a solution?

Instance of __NameSpace
{
  Name = "MSCluster";
};
#pragma namespace("\\\\.\\Root\\MSCluster")

[RequiresEncryption] 

Created on Jun 29, 2012 3:27:06 PM by  Roman Kudryavtsev (10)

Last change on Jul 2, 2012 1:50:22 PM by  Torsten Lindner [Paessler Support]



Votes:

0

Your Vote:

Up

Down

I kept getting the 80041003 error when trying to connect to a machine not in my domain, and I figured out a fix. This might not fix your problem, but I thought I would mention it. What I did was go onto the target machine, right click on the computer icon, and select manage. I then found the "WMI Control", right-clicked on Properties, then went to the Security tab. I clicked on the namespace I was interested in (in my case, root/CIMV2, but you would select root/MSCluster) and then hit the Security button. I added the user I was trying to access with and gave it the following Permissions: Execute Methods, Provider Write, Enable Account, and most importantly, Remote Enable. This last permission is key.

Once I did that, I had no problem adding sensors.

Created on Apr 1, 2014 7:12:08 AM by  today (0) 1



Votes:

0

Your Vote:

Up

Down

I received this error using WMI to monitor Windows Domain Controllers. The account was a member of Domain Admins. Adding the account to the Builtin\Administrators group allowed WMI monitoring on the DCs to work (even though Domain Admins are already a member of Builtin\Administrators by default).

Created on May 28, 2014 6:15:10 PM by  MarkWolfe (0)



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.