Welcome to Pandora FMS Community!

Find answers, ask questions, and connect with our community around the world.

Bienvenido a la comunidad de Pandora FMS Forums Community support wmic – RPC_C_AUTHN_LEVEL_PKT_INTEGRITY problem – KB5004442

  • linspec9078

    Member
    enero 18, 2022 at 17:23
    292 Karma points
    Community rank: tentacle-rookie Tentacle rookie
    Like it
    Up
    0
    Down
    Drop it
    ::

    Hello,

    any suggestion about this case?

  • Mario

    Administrator
    enero 19, 2022 at 10:25
    1150 Karma points
    Community rank: tentacle_master_icon Tentacle Master
    Like it
    Up
    2
    Down
    Drop it
    ::

    Hello,

    A few months ago we updated the wmic binary to include the latest security changes made by Windows.

    https://firefly.artica.es/centos7/wmic-1.4-1.el7.x86_64.rpm

    With this version you should be able to continue your remote wmi monitoring operation without any problems.

    Kind regards

  • Sancho

    Administrator
    febrero 22, 2022 at 23:15
    2229 Karma points
    Community awards: bulb Bright ideas
    Community rank: tentacle_master_icon Tentacle Master
    Like it
    Up
    0
    Down
    Drop it
    ::

    Thanks for reporting this.

    We’re working in a wmic replacement, Windows servers will forbid this method in next release.

  • linspec9078

    Member
    marzo 10, 2022 at 11:42
    292 Karma points
    Community rank: tentacle-rookie Tentacle rookie
    Like it
    Up
    0
    Down
    Drop it
    ::

    Hello Sancho,

    what you mean with “wmic replacement” ? A completly new tool will be released? And could you estimate when?

    Thank you.

    • Sancho

      Administrator
      marzo 10, 2022 at 22:13
      2229 Karma points
      Community awards: bulb Bright ideas
      Community rank: tentacle_master_icon Tentacle Master
      Like it
      Up
      1
      Down
      Drop it
      ::

      Yes, it’s planned to be finished at 761 release. Will replace the current binary and it will have a similar interface, just to replace it. Please read carefully the release notes when the release it’s finished.

      • linspec9078

        Member
        abril 14, 2022 at 15:44
        292 Karma points
        Community rank: tentacle-rookie Tentacle rookie
        Like it
        Up
        0
        Down
        Drop it
        ::

        Hello Sancho,

        do you know when 761 version will be released?

        Thank you

  • Sancho

    Administrator
    abril 16, 2022 at 12:55
    2229 Karma points
    Community awards: bulb Bright ideas
    Community rank: tentacle_master_icon Tentacle Master
    Like it
    Up
    0
    Down
    Drop it
    ::

    In a week more or less, we have already a solution for this. You will need to replace the wmiclient for a new one. It will be detailed in the update documentation.

    Thanks for reporting this, please contact us here for any question regarding to this.

  • vic

    Administrator
    mayo 9, 2022 at 14:16
    1542 Karma points
    Community awards: bulb Bright ideas
    Community rank: tentacle_master_icon Tentacle Master
    Like it
    Up
    1
    Down
    Drop it
    ::

    Hi,

    Can you check if you have the following token enabled, if so, disable it and try again.

  • linspec9078

    Member
    mayo 17, 2022 at 17:32
    292 Karma points
    Community rank: tentacle-rookie Tentacle rookie
    Like it
    Up
    0
    Down
    Drop it
    ::

    Hello all,

    with the old wmic i used the parameter “–option=’client ntlmv2 auth’=Yes” . Wich autentication schema is used by default from new pandorawmi tool ?

    Thank youHello all,

    with the old wmic i used the parameter “–option=’client ntlmv2 auth’=Yes” . Wich autentication schema is used by default from new pandorawmi tool ?

    Thank you

    • Mario

      Administrator
      mayo 18, 2022 at 09:27
      1150 Karma points
      Community rank: tentacle_master_icon Tentacle Master
      Like it
      Up
      0
      Down
      Drop it
      ::

      Hi

      Have you tried to get information without additional parameters?

      Could you send the output of the pandorawmic command to check it?

      Thanks
      Kind regards

      • linspec9078

        Member
        mayo 18, 2022 at 09:33
        292 Karma points
        Community rank: tentacle-rookie Tentacle rookie
        Like it
        Up
        0
        Down
        Drop it
        ::

        Hi,

        yes i did and it works.

        I just want to now if by default the pandorawmic tool is using NTLMv2 and if it’s possible to use also kerberos, if so in wich way.

        Thank you

  • Mario

    Administrator
    mayo 18, 2022 at 10:48
    1150 Karma points
    Community rank: tentacle_master_icon Tentacle Master
    Like it
    Up
    0
    Down
    Drop it
    ::

    Yes, with pandorawmic the use of NTLMv1 is restricted to SMB version 1 only if NTLMv2 authentication failed or SMB Extended Security is not supported.

    We have been checking about kerberos authentication and it is true that the new library used in pandorawmic supports this authentication, but it is not included in the new binary. We are going to check it to include it in next versions.

    Thanks
    Kind regards


    • linspec9078

      Member
      mayo 25, 2022 at 15:33
      292 Karma points
      Community rank: tentacle-rookie Tentacle rookie
      Like it
      Up
      0
      Down
      Drop it
      ::

      Hi,

      during these days i noticed that pandorawmic use of CPU is more intensive than wmic. Don’t you think?

      • Mario

        Administrator
        mayo 26, 2022 at 09:06
        1150 Karma points
        Community rank: tentacle_master_icon Tentacle Master
        Like it
        Up
        0
        Down
        Drop it
        ::

        Hi

        We have not experienced that problem at the moment, we will monitor the CPU usage in depth.

        Kind regards

  • linspec9078

    Member
    junio 6, 2022 at 10:13
    292 Karma points
    Community rank: tentacle-rookie Tentacle rookie
    Like it
    Up
    0
    Down
    Drop it
    ::

    Hi All,

    is possible that pandorawmic is creating a lot of subdirs like this one under /tmp ?

    ls -l /tmp/_MEI77SShW/

    totale 10788

    -rwx—— 1 root root 786953 6 giu 09.49 base_library.zip

    -rwx—— 1 root root 856432 6 giu 09.49 _cffi_backend.cpython-36m-x86_64-linux-gnu.so

    drwx—— 8 root root 4096 6 giu 09.49 Cryptodome

    drwx—— 2 root root 4096 6 giu 09.49 impacket-0.9.24.dist-info

    -rwx—— 1 root root 68192 6 giu 09.49 libbz2.so.1

    -rwx—— 1 root root 15856 6 giu 09.49 libcom_err.so.2

    -rwx—— 1 root root 2521144 6 giu 09.49 libcrypto.so.10

    drwx—— 2 root root 4096 6 giu 09.49 lib-dynload

    -rwx—— 1 root root 173320 6 giu 09.49 libexpat.so.1

    -rwx—— 1 root root 63088 6 giu 09.49 libffi-d58a691e.so.8.1.0

    -rwx—— 1 root root 32328 6 giu 09.49 libffi.so.6

    -rwx—— 1 root root 320720 6 giu 09.49 libgssapi_krb5.so.2

    -rwx—— 1 root root 210784 6 giu 09.49 libk5crypto.so.3

    -rwx—— 1 root root 15688 6 giu 09.49 libkeyutils.so.1

    -rwx—— 1 root root 967840 6 giu 09.49 libkrb5.so.3

    -rwx—— 1 root root 67104 6 giu 09.49 libkrb5support.so.0

    -rwx—— 1 root root 157424 6 giu 09.49 liblzma.so.5

    -rwx—— 1 root root 402384 6 giu 09.49 libpcre.so.1

    -rwx—— 1 root root 3144192 6 giu 09.49 libpython3.6m.so.1.0

    -rwx—— 1 root root 285136 6 giu 09.49 libreadline.so.6

    -rwx—— 1 root root 155744 6 giu 09.49 libselinux.so.1

    -rwx—— 1 root root 470376 6 giu 09.49 libssl.so.10

    -rwx—— 1 root root 174576 6 giu 09.49 libtinfo.so.5

    -rwx—— 1 root root 90176 6 giu 09.49 libz.so.1

    drwx—— 2 root root 4096 6 giu 09.49 setuptools-59.6.0.dist-info

    drwx—— 2 root root 4096 6 giu 09.49 wheel-0.37.1.dist-info

  • Mario

    Administrator
    junio 7, 2022 at 18:16
    1150 Karma points
    Community rank: tentacle_master_icon Tentacle Master
    Like it
    Up
    1
    Down
    Drop it
    ::

    Hi

    It´s true that this folder is created by python, but we have not this files in /tmp folder of our testing environment. Do you have wmi checks not working at this moment in Pandora Server or failing some times with timeouts problems?

    We have seen in other occasions with compiled files that can store these files when they do not finish the execution correctly.

    Kind regards

    • linspec9078

      Member
      junio 9, 2022 at 12:02
      292 Karma points
      Community rank: tentacle-rookie Tentacle rookie
      Like it
      Up
      0
      Down
      Drop it
      ::

      ok i will investigate further.

      Thank you for the clarification.