Troubleshooting WMI/RPC (Windows)

ALERT LEGACY ARTICLE: The content in this article is no longer updated and is available for reference purposes only. Features and workflows described may be deprecated, significantly changed, or no longer supported.

Environment

Datto EDR

Description

Occasionally, you will run into issues where Windows remote administration protocols are rejecting connections. WMI is a primary means of transport and execution for Datto EDR. (Datto EDR will fall back to other remote admin protocols such as SMB, Remote Scheduled Tasks, or PowerShell Remoting if those ports are open and available.

If enumeration or scanning fails, check the target group's Issues section for reasons why, or check the enumeration task itself.
The two most common errors will be "Permission Denied" and "RPC Service Unavailable".

Testing remote actions and authentication permissions

You can test remote access and authentication permissions outside of Datto EDR by performing a few queries using PowerShell.

As an Administrator, open a PowerShell console and follow the actions below:

To test WMI access to target machines, execute the following commands in PowerShell:

First:

                    PS C:\> $creds = Get-Credential

A credentials window will pop up; enter the credentials you are attempting to use to access the remote machine.

Next:

                    PS C:\> Get-WMIObject -Class win32_process -Credential $creds -ComputerName < REMOTEIP >

Replace with the relevant remote system DNS or IP address you are testing against.

If the command executes successfully, the running processes on the machine will be printed to the console.
If there is a red error thrown stating that access is denied, your credentials do not have access to the system.
Any other error may indicate the WMI service is not running or the connection is blocked.

Additional Troubleshooting

If other problems are encountered other than "Access is denied", there are many dependencies that could be involved. The most common problem is found when the host or windows firewall is blocking the needed WMI ports (135 or the upper dynamic ranges 49152+). The Windows Management Instrumentation firewall rules can be set easily using local or global GPOs if this is the issue.

The next step is to ensure WMI services and RPC services are running on the remote system.

1. Go to Start/Run, type services.msc and press enter.

2. In the Services window, scroll down to Remote Procedure Call (RPC). Make sure the Startup type is set to Automatic and that the Service is started. You may need to start the DCOM Server ProcessÂ and the RPC Endpoint Mapper as well.

Dell has a good article about the issues here: Troubleshooting "RPC Server Unavailable" Errors (external link).

If issues persist, gather the output logs from this test and send them to Datto Technical Support for further troubleshooting.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.