none
0x80070005 Access Denied RRS feed

  • Question

  • Getting the below error on many clients not all the clients, while push installing the SCCM client


    CWmi::Connect(): ConnectServer(Namespace) failed. - 0x80070005
    Unable to connect to WMI on remote machine "xxxx-E843E8275F", error = 0x80070005


    Windows Management Instrumentation service is set to automatic and is started on the clients.
    DCOM is enabled on the clients.
    Installation account has an Administrative rights on the client computers.
    Firewall is completely disable on both server and client end.

    I can also access the admin$ share.
    While trying to connect using wbemtest I am getting Access Denied Error. Dcom and WMI have all the required permissions.


    Any help and suggestions are welcome.


    Wednesday, November 16, 2011 12:57 PM

Answers

All replies

  • can you try connect wmimgmt.msc to target computer ? what are the sec permissions provided?

    here are some of the troubleshooting tips http://blogs.technet.com/b/configmgrteam/archive/2009/05/08/wmi-troubleshooting-tips.aspx

    Troubleshoot or rebuild WMI. For troubleshooting WMI you can reference:


    //Eswar Koneti @ www.eskonr.com
    • Marked as answer by Sabrina Shen Thursday, December 8, 2011 10:21 AM
    Wednesday, November 16, 2011 1:01 PM
  • While trying to access wmimgmt.msc of the target computer and taking propoerties i am getting the access denied in the Propoerty page.
    Wednesday, November 16, 2011 1:14 PM
  • Have you tried with the account which has admin access on the workstation?

    Anoop C Nair - Twitter @anoopmannur

    MY BLOG:  http://anoopmannur.wordpress.com

    SCCM Professionals

    This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Wednesday, November 16, 2011 1:16 PM
  • Installation account has an Administrative rights on the client computers.
    p>

    Yes it has the admin rights.
    Wednesday, November 16, 2011 1:21 PM
  • How about the account you tried accessing wmimgmt.msc

    Anoop C Nair - Twitter @anoopmannur

    MY BLOG:  http://anoopmannur.wordpress.com

    SCCM Professionals

    This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Wednesday, November 16, 2011 1:23 PM
  • Both of them are the member of Domain Admins which ultimately is the member of Local Administrators.
    Wednesday, November 16, 2011 1:25 PM
  • I have also tried SCCM Client Center to repair wmi, with no success.

     

    Wednesday, November 16, 2011 1:35 PM
  • I have also tried SCCM Client Center to repair wmi, with no success.

     

    Have you looked at what you do to your machines, to see what stuff you are bending out of shape and thus is most likely causing this?

    It sounds to me like the permissions have been really messed around with, I think in one of the links Eswar gave you there is talk about the firewall, have you discounted that?

    • Marked as answer by Sabrina Shen Thursday, December 8, 2011 10:21 AM
    Wednesday, November 16, 2011 2:55 PM
    Moderator
  • well it is most likely the WMI corrupt and permission mess up which could be caused due to virus attack also

    there are few WMI diagnostic tools that can help you to Repair WMI as already shared by Eswar.

    have a look on to this also

    http://blogs.technet.com/b/askperf/archive/2007/06/22/basic-wmi-testing.aspx.

    try this one also

    WMI Diagnostic utility

    mostly by running WMI diagnostic utility solve the WMI issues that can be downloaded from

    http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=7684


     


    • Edited by Syed Kashif Wednesday, November 16, 2011 7:29 PM
    Wednesday, November 16, 2011 5:51 PM
  • Permissions are straight forward, I am using a single account for all the operations which account is the member of Domain Admins which is a member of local adminstrators.

     

    Wmidiag Log:

    .1420 09:52:03 (1) !! ERROR: WMI ADAP status: ............................................................................................. NOT AVAILABLE.
    .1421 09:52:03 (0) **    You can start the WMI AutoDiscovery/AutoPurge (ADAP) process to resynchronize
    .1422 09:52:03 (0) **    the performance counters with the WMI performance classes with the following commands:
    .1423 09:52:03 (0) **    i.e. 'WINMGMT.EXE /CLEARADAP'
    .1424 09:52:03 (0) **    i.e. 'WINMGMT.EXE /RESYNCPERF'
    .1425 09:52:03 (0) **    The ADAP process logs informative events in the Windows NT event log.
    .1426 09:52:03 (0) **    More information can be found on MSDN at:
    .1427 09:52:03 (0) **    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/wmi_adap_event_log_events.asp
    .1428 09:52:03 (1) !! ERROR: WMI MONIKER CONNECTION errors occured for the following namespaces: .......................................... 1 ERROR(S)!
    .1429 09:52:03 (0) ** - Root, 0x46 - Permission denied.
    .1430 09:52:03 (0) **
    .1431 09:52:03 (1) !! ERROR: WMI CONNECTION errors occured for the following namespaces: .................................................. 5 ERROR(S)!
    .1432 09:52:03 (0) ** - Root, 0x80070005 - Access is denied..
    .1433 09:52:03 (0) ** - Root, 0x80070005 - Access is denied..
    .1434 09:52:03 (0) ** - Root/Default, 0x80070005 - Access is denied..
    .1435 09:52:03 (0) ** - Root/CIMv2, 0x80070005 - Access is denied..
    .1436 09:52:03 (0) ** - Root/WMI, 0x80070005 - Access is denied..
    .1437 09:52:03 (0) **
    .1438 09:52:03 (0) ** WMI GET operations: ................................................................................................. OK.
    .1439 09:52:03 (0) ** WMI MOF representations: ............................................................................................ OK.
    .1440 09:52:03 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
    .1441 09:52:03 (0) ** WMI ENUMERATION operations: ......................................................................................... OK.
    .1442 09:52:03 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
    .1443 09:52:03 (0) ** WMI GET VALUE operations: ........................................................................................... OK.
    .1444 09:52:03 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
    .1445 09:52:03 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
    .1446 09:52:03 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
    .1447 09:52:03 (0) ** WMI static instances retrieved: ..................................................................................... 0.
    .1448 09:52:03 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
    .1449 09:52:03 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 0.
    .1450 09:52:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    .1451 09:52:03 (0) **
    .1452 09:52:03 (0) ** 1 error(s) 0x46 - (WBEM_UNKNOWN) This error code is external to WMI.
    .1453 09:52:03 (0) **
    .1454 09:52:03 (0) ** 5 error(s) 0x80070005 - (WBEM_UNKNOWN) This error code is external to WMI.
    .1455 09:52:03 (0) ** => This error is not a WMI error. It is typically due to:
    .1456 09:52:03 (0) **    - The DCOM security modifications.
    .1457 09:52:03 (0) **      => Ensure that DCOM security configuration settings are not modified.
    .1458 09:52:03 (0) **    - The user running WMIDiag has not enough privileges or rights to issue requests
    .1459 09:52:03 (0) **      against software components exposing information through WMI.
    .1460 09:52:03 (0) **      => Ensure that no third party applications installing additional WMI providers have
    .1461 09:52:03 (0) **         specific security requirements (i.e. group membership, privileges, etc ...)
    .1462 09:52:03 (0) **    - The 'Impersonate Client after authentication' Local Policy is disabled or the
    .1463 09:52:03 (0) **      'SERVICE' account has been removed from that Local Policy.
    .1464 09:52:03 (0) **      => You must add the 'SERVICE' account to the 'Impersonate Client after authentication'
    .1465 09:52:03 (0) **         Local Policy in the 'Local Policies/User Right Assignments' MMC snap-in (GPEDIT.MSC).
    .1466 09:52:03 (0) **         By default, this Local Policy includes the 'SERVICE' account.
    .1467 09:52:03 (0) **
    .1468 09:52:03 (0) ** => Errors starting with 0x8007 are Win32 errors, NOT WMI errors. More information can be found
    .1469 09:52:03 (0) **    with the 'NET.EXE HELPMSG <dddd>' command, where <dddd> is the last four hex digits (0x0005)
    .1470 09:52:03 (0) **    converted in decimal (5).
    .1471 09:52:03 (0) **    - NET HELPMSG 5
    .1472 09:52:03 (0) **
    .1473 09:52:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    .1474 09:52:03 (0) ** WMI Registry key setup: ............................................................................................. OK.
    .1475 09:52:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    .1476 09:52:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    .1477 09:52:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    .1478 09:52:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    .1479 09:52:03 (0) **
    .1480 09:52:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    .1481 09:52:03 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
    .1482 09:52:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    .1483 09:52:03 (0) **
    .1484 09:52:03 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!.  Check 'c:\wmidiag\WMIDIAG-V2.0_XP___.CLI.SP2.32_ADEEL-ITD_2011.11.17_09.51.47.LOG' for details.

     

    Please suggest..

    Thursday, November 17, 2011 5:58 AM
  • OS rebuild is the last option???

     

    Friday, November 18, 2011 7:26 AM
  • Have you tried rebuilding the WMI?

    Anoop C Nair - Twitter @anoopmannur

    MY BLOG:  http://anoopmannur.wordpress.com

    SCCM Professionals

    This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Friday, November 18, 2011 7:30 AM
  • Permissions are straight forward, I am using a single account for all the operations which account is the member of Domain Admins which is a member of local adminstrators.

     

    Wmidiag Log:

    .1428 09:52:03 (1) !! ERROR: WMI MONIKER CONNECTION errors occured for the following namespaces: .......................................... 1 ERROR(S)!
    .1429 09:52:03 (0) ** - Root, 0x46 - Permission denied.
    .1430 09:52:03 (0) **
    .1431 09:52:03 (1) !! ERROR: WMI CONNECTION errors occured for the following namespaces: .................................................. 5 ERROR(S)!
    .1432 09:52:03 (0) ** - Root, 0x80070005 - Access is denied..
    .1433 09:52:03 (0) ** - Root, 0x80070005 - Access is denied..
    .1434 09:52:03 (0) ** - Root/Default, 0x80070005 - Access is denied..
    .1435 09:52:03 (0) ** - Root/CIMv2, 0x80070005 - Access is denied..
    .1436 09:52:03 (0) ** - Root/WMI, 0x80070005 - Access is denied..

    i see access denied in log you provided at few locations

    Please check the following three registry keys and delete them if exist, which is to restore the original default limits

    HKLM\SOFTWARE\Microsoft\Ole\DefaultAccessPermission
    HKLM\SOFTWARE\Microsoft\Ole\MachineAccessRestriction
    HKLM\SOFTWARE\Microsoft\Ole\MachineLaunchRestriction

    Note: Please backup them before any changes.

    3. Check WMI settings in DCOM management console.

    a. Click Start, click Run, type dcomcnfg, and then click OK.
    b. Expand the Component Services node.
    c. Expand the Computers node.
    d. Expand the My Computer node.
    e. Expand the DCOM Config node.
    f. Right-click Windows Management [and] Instrumentation, and then click Properties.
    g. Authentication Level should be "default" on the general tab.
    Launch Permissions should be "Everyone" on the security tab.
    Access Permissions should be "Use Default" on the security tab.

    Hope it works for you.



    Syed Kasif | My blogs: http://syedtechblog.wordpress.com | Linkedin: /syedkashif
    • Edited by Syed Kashif Friday, November 18, 2011 7:53 AM
    Friday, November 18, 2011 7:52 AM
  • That will endup with applications breakup.
    Friday, November 18, 2011 8:01 AM
  • you have a corrupt WMI as i have experinced in your envoirment =)

     

    there are even dcom issues as when you go to the services you will find the Win32 access denied in the dependencies of those services.

    there were conflicker.b viruses as well

    when you tried a repair on the XP machine things do work correctly so it is an OS Issue

     

    you need to take it to CSS and see if you can find any help from there....

     


    AMIM MUHAMMAD KHAN | CTTCNET USER GROUP LEAD | EVENT SPEAKER, MCT, MCTS, MCITP-ENTERPRISE, MCSA http://amimkhan.wordpress.com
    Saturday, November 19, 2011 2:09 PM
  • Corrupted WMI should not result in an Access Denied error.  Any chance that you could RDP to that machine?  If you can run WBEMTEST on the machine and connect to root/cimv2, then WMI is OK.

    Check that address resolution is working correctly.  Do you get the same IP when you PING remotemachine and PING remotemachine.contoso.com?  Confirm by connecting to WMI (via WBEMTEST) using the IP address instead of the name.

    Please check the following reg key on the macine:

    HKLM/Software/Microsoft/Ole/[EnableDCOM] = Y (where type = REG_SZ)

    Nick.

    • Marked as answer by Sabrina Shen Thursday, December 8, 2011 10:21 AM
    Sunday, November 20, 2011 10:26 PM