WMI.QUERY ON AGENT SOME QUERY COMMAND Has Problem

Started by hmjvaline, November 16, 2024, 05:59:01 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

hmjvaline

November 16, 2024, 05:59:01 PM
Recently, I started to use wmi query seriously in my working environment USING NETXMS 5.1.0 .
I added a DCI tableB in node and used agent as the data source. 
When setting METRIC to WMI.Query(root\CIMV2,"SELECT * FROM Win32_Product"), 
It was found that it had no effect. :'( :'( :'( The DCI was blank and had no field name, 
but the DCI did not automatically DISABLE. However, 
when I changed the query command to the following 
SELECT * FROM Win32_OperatingSystem
SELECT * FROM Win32_Process
SELECT * FROM Win32_Service
SELECT * FROM Win32_BIOS
SELECT * FROM Win32_NetworkAdapterConfiguration
SELECT * FROM Win32_UserAccount
All values in table format are displayed normally.
I just want to change the built-in NODE function 「SOFTWARE INVENTORY 」of NETXMS
to be used on DCI TABLE, but I found that the built-in functions are all normal,
except that I cannot reproduce it on DCI.
Get-WmiObject -Class Win32_Product | Select-Object Name, Version, Vendor | Format-Table -AutoSize On the tested NODE, it is normal to use POWERSHELL to test.
What is the cause of this problem?
The following is what I excerpted from the DEBUG LOG. ERROR=500 RESULT =5 appears.


2024.11.16 23:12:57.099 *D* [dc.agent          ] Node(YMXXXX)->getTableFromAgent(WMI.Query(root\CIMV2,"SELECT * FROM Win32_Product")): error=500 result=5
2024.11.16 23:12:57.099 *D* [client.session.0  ] Sending message CMD_NOTIFY (48 bytes)
2024.11.16 23:12:57.099 *D* [client.session.0  ] Message dump:
  ** 000000 | 00 12 50 00 00 00 00 30 00 00 00 00 00 00 00 02 | ..P....0........
  ** 000010 | 00 00 00 17 00 00 00 00 00 00 00 22 00 00 00 00 | ..........."....
  ** 000020 | 00 00 00 5C 00 00 00 00 00 01 1E 68 00 00 00 00 | ...\.......h....
  ** code=0x0012 (CMD_NOTIFY) version=5 flags=0x0000 id=0 size=48 numFields=2
  ** 000000: [    23] INT32      34
  ** 000010: [    92] INT32      73320

2024.11.16 23:12:57.099 *D* [client.session.0  ] Sending message CMD_NOTIFY (48 bytes)
2024.11.16 23:12:57.099 *D* [client.session.0  ] Message dump:
  ** 000000 | 00 12 50 00 00 00 00 30 00 00 00 00 00 00 00 02 | ..P....0........
  ** 000010 | 00 00 00 17 00 00 00 00 00 00 00 22 00 00 00 00 | ..........."....
  ** 000020 | 00 00 00 5C 00 00 00 00 00 01 1E 68 00 00 00 00 | ...\.......h....
  ** code=0x0012 (CMD_NOTIFY) version=5 flags=0x0000 id=0 size=48 numFields=2
  ** 000000: [    23] INT32      34
  ** 000010: [    92] INT32      73320
2024.11.16 23:27:01.926 *D* [obj.dc.queue      ] DataCollectionTarget(YMXXXX)->QueueItemsForPolling(): item 143083 "WMI.Query(root\CIMV2,"SELECT * FROM Win32_Product")" added to queue
2024.11.16 23:27:01.926 *D* [dc.collector      ] DataCollector(): processing DC object 143083 "WMI.Query(root\CIMV2,"SELECT * FROM Win32_Product")" owner=73320 sourceNode=0
2024.11.16 23:27:05.928 *D* [dc.agent          ] Node(YMXXXX)->getTableFromAgent(WMI.Query(root\CIMV2,"SELECT * FROM Win32_Product")): error=500 result=5

hmjvaline

#1
November 17, 2024, 09:41:35 AM 
The query SELECT * FROM Win32_Product was unsuccessful.
 I checked the agnet log and found that in addition to the 500 error,
 there was also WMI: call to CoInitializeSecurity failed. 
It seems to be a security issue. Is there any solution?

The following is the log record. Although errors have occurred, 
we can still see the table data queried.

2024.11.17 15:11:56.163 *D* [comm.cs.1          ] Received message CMD_GET_TABLE (324)
2024.11.17 15:11:56.163 *D* [comm.cs.1          ] Requesting table "WMI.Query(root\CIMV2,"SELECT * FROM Win32_Product")"
2024.11.17 15:12:00.164 *D* [comm.cs.1          ] Message dump:
  ** 000000 | 00 03 50 00 00 00 00 10 00 00 01 45 00 00 00 00 | ..P........E....
  ** code=0x0003 (CMD_KEEPALIVE) version=5 flags=0x0000 id=325 size=16 numFields=0

2024.11.17 15:12:00.164 *D* [comm.cs.1          ] Received message CMD_KEEPALIVE (325)
2024.11.17 15:12:00.164 *D* [comm.cs.1          ] Sending message CMD_REQUEST_COMPLETED (ID 325; size 32; uncompressed)
2024.11.17 15:12:00.164 *D* [comm.cs.1          ] Outgoing message dump:
  ** 000000 | 00 1D 50 00 00 00 00 20 00 00 01 45 00 00 00 01 | ..P.... ...E....
  ** 000010 | 00 00 00 1C 00 00 00 00 00 00 00 00 00 00 00 00 | ................
  ** code=0x001D (CMD_REQUEST_COMPLETED) version=5 flags=0x0000 id=325 size=32 numFields=1
  ** 000000: [    28] INT32      0

2024.11.17 15:12:00.165 *D* [comm.cs.1          ] Message dump:
  ** 000000 | 00 F5 50 00 00 00 00 50 00 00 01 46 00 00 00 01 | ..P....P...F....
  ** 000010 | 00 00 00 55 07 00 00 00 00 00 00 33 57 4D 49 2E | ...U.......3WMI.
  ** 000020 | 51 75 65 72 79 28 72 6F 6F 74 5C 43 49 4D 56 32 | Query(root\CIMV2
  ** 000030 | 2C 22 53 45 4C 45 43 54 20 2A 20 46 52 4F 4D 20 | ,"SELECT * FROM
  ** 000040 | 57 69 6E 33 32 5F 50 72 6F 64 75 63 74 22 29 00 | Win32_Product").
  ** code=0x00F5 (CMD_GET_TABLE) version=5 flags=0x0000 id=326 size=80 numFields=1
  ** 000000: [    85] UTF8-STRING "WMI.Query(root\CIMV2,"SELECT * FROM Win32_Product")"

2024.11.17 15:12:00.165 *D* [comm.cs.1          ] Received message CMD_GET_TABLE (326)
2024.11.17 15:12:00.165 *D* [comm.cs.1          ] Requesting table "WMI.Query(root\CIMV2,"SELECT * FROM Win32_Product")"
2024.11.17 15:12:00.165 *D* [                  ] WMI: call to CoInitializeSecurity failed
2024.11.17 15:12:00.165 *D* [                  ] WMI: query "SELECT * FROM Win32_Product" in namespace "root\CIMV2" failed
2024.11.17 15:12:00.165 *D* [comm.cs.1          ] GetTableValue(): result is 500 (INTERNAL_ERROR)
2024.11.17 15:12:00.165 *D* [comm.cs.1          ] Sending message CMD_REQUEST_COMPLETED (ID 326; size 32; uncompressed)
2024.11.17 15:12:00.165 *D* [comm.cs.1          ] Outgoing message dump:
  ** 000000 | 00 1D 50 00 00 00 00 20 00 00 01 46 00 00 00 01 | ..P.... ...F....
  ** 000010 | 00 00 00 1C 00 00 00 00 00 00 01 F4 00 00 00 00 | ................
  ** code=0x001D (CMD_REQUEST_COMPLETED) version=5 flags=0x0000 id=326 size=32 numFields=1
  ** 000000: [    28] INT32      500

2024.11.17 15:12:03.645 *D* [comm.cs.1          ] GetTableValue(): result is SUCCESS, value contains 471 rows
2024.11.17 15:12:03.645 *D* [comm.cs.1          ]    AssignmentType|Caption|Description|HelpLink|HelpTelephone|IdentifyingNumber|InstallDate|InstallDate2|InstallLocation|InstallSource|InstallState|Language|LocalPackage|Name|PackageCache|PackageCode|PackageName|ProductID|RegCompany|RegOwner|SKUNumber|Transforms|URLInfoAbout|URLUpdateInfo|Vendor|Version|WordCount
2024.11.17 15:12:03.645 *D* [comm.cs.1          ]    1|Office 16 Click-to-Run Extensibility Component|Office 16 Click-to-Run Extensibility Component|||{90160000-008C-0000-1000-0000000FF1CE}|20241101|||c:\program files\microsoft office\root\integration\|5|0|c:\WINDOWS\Installer\fbc3.msi|Office 16 Click-to-Run Extensibility Component|c:\WINDOWS\Installer\fbc3.msi|{C765E232-FFB0-4E0C-ABE2-57538949FC70}|C2RInt.16.msi||||||||Microsoft Corporation|16.0.18129.20100|0
2024.11.17 15:12:03.645 *D* [comm.cs.1          ]    1|Office 16 Click-to-Run Localization Component|Office 16 Click-to-Run Localization Component|||{90160000-008C-0404-1000-0000000FF1CE}|20241101|||c:\program files\microsoft office\root\integration\|5|1028|c:\WINDOWS\Installer\fbf3.msi|Office 16 Click-to-Run Localization Component|c:\WINDOWS\Installer\fbf3.msi|{9C80BB02-55A3-428E-8044-3556FB56F9B6}|C2RIntLoc.zh-tw.16.msi||||||||Microsoft Corporation|16.0.18129.20100|0
2024.11.17 15:12:03.645 *D* [comm.cs.1          ]    1|Office 16 Click-to-Run Licensing Component|Office 16 Click-to-Run Licensing Component|||{90160000-007E-0000-1000-0000000FF1CE}|20241101|||c:\program files\microsoft office\root\integration\|5|0|c:\WINDOWS\Installer\fbfc.msi|Office 16 Click-to-Run Licensing Component|c:\WINDOWS\Installer\fbfc.msi|{29F8FAA5-EBBF-4EA4-81CB-C0629F26D29C}|SPPRedist.msi||||||||Microsoft Corporation|16.0.18129.20116|0
2024.11.17 15:12:03.646 *D* [comm.cs.1          ]    1|SQL Server 2017 Full text search|SQL Server 2017 Full text search|https://go.microsoft.com/fwlink/?LinkId=154582||{C37AD300-12CF-4911-9019-A05D66055EB4}|20241115|||C:\SQLServer2017Media\ExpressAdv_CHT\x64\setup\|5|1033|C:\Windows\Installer\1b46f21.msi|SQL Server 2017 Full text search|C:\Windows\Installer\1b46f21.msi|{CE06E25F-15DC-4D18-889C-34CF07054C9E}|SQL_FULLTEXT.MSI|||||:SqlRun01.mst;:InstID01.mst;:InstName01.mst|||Microsoft Corporation|14.0.1000.169|0
2024.11.17 15:12:03.646 *D* [comm.cs.1          ]    1|Microsoft .NET Framework 4.5.1 Multi-Targeting Pack|Microsoft .NET Framework 4.5.1 Multi-Targeting Pack|||{6A0C6700-EA93-372C-8871-DCCF13D160A4}|20200313|||C:\ProgramData\Microsoft\VisualStudio\Packages\Microsoft.Net.4.5.1.TargetingPack,version=4.5.50932.1\|5|1033|C:\Windows\Installer\1bfbac2.msi|Microsoft .NET Framework 4.5.1 Multi-Targeting Pack|C:\Windows\Installer\1bfbac2.msi|{D6098F6F-BA25-46AC-8358-CEBEA010E3BA}|netfx_451mtpack.msi||||||||Microsoft Corporation|4.5.50932|0
2024.11.17 15:12:03.646 *D* [comm.cs.1          ]    1|SQL Server 2017 Advanced Analytics|SQL Server 2017 Advanced Analytics|https://go.microsoft.com/fwlink/?LinkId=154582||{826DA700-7B76-49BA-8A83-E55F5FA1301E}|20241115|||C:\SQLServer2017Media\ExpressAdv_CHT\x64\setup\|5|1033|C:\Windows\Installer\1b46f06.msi|SQL Server 2017 Advanced Analytics|C:\Windows\Installer\1b46f06.msi|{D51BE933-FA08-415D-965A-C04006F87189}|SQL_EXTENSIBILITY.MSI|||||:SqlRun01.mst;:InstID01.mst;:InstName01.mst|||Microsoft Corporation|14.0.1000.169|0
2

uldis

#2
November 19, 2024, 11:49:53 AM
Hi, so I will be treading carefully here as all based on Google research. There is an indication that Win32_Product is not query optimized class and thus query on this class runs a consistency check and performs silent repairs. This would probably require for agent to have admin rights on Windows server(?).

Here is Microsoft guidance to use an alternative method and that is to query registry - https://learn.microsoft.com/en-us/troubleshoot/windows-server/admin-development/windows-installer-reconfigured-all-applications

Please let us know if that works for you.

hmjvaline

#3
November 20, 2024, 04:30:58 PM
Quote from: uldis on November 19, 2024, 11:49:53 AMHi, so I will be treading carefully here as all based on Google research. There is an indication that Win32_Product is not query optimized class and thus query on this class runs a consistency check and performs silent repairs. This would probably require for agent to have admin rights on Windows server(?).

Here is Microsoft guidance to use an alternative method and that is to query registry - https://learn.microsoft.com/en-us/troubleshoot/windows-server/admin-development/windows-installer-reconfigured-all-applications.

Please let us know if that works for you.
hi
According to the link guide you provided, the Win32reg_AddRemovePrograms mentioned also has the same result as Win32_Product. I had also suspected that it was an issue with administrator rights, but I found that other queries with more system confidentiality and security, such as Win32_Process, Win32_Service, and Win32_UserAccount, could all be queried normally. Maybe as the page explains, Win32_Product was not done properly. For general queries, Microsoft also requires that you try not to use this.
Finally, I want to know how NetXMS can successfully obtain software inventory from the agent? I want to implement it on DCI.

hmjvaline

#4
November 21, 2024, 04:07:26 PM
Although the previous wmiquery problem cannot be solved, 
but I want to use DCI to list the requirements of the software installed on the computer, 
in the built-in DCI TABLE source NETXMS.AGENT can be set in the METRIC System.InstalledProducts,
the table will list the software installed on the computer

Victor Kirhenshtein

#5
November 22, 2024, 01:54:31 PM
Agent reads registry keys under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall to get list of installed products.
I tested WMI query on Win32_Product on my Windows servers, and it seems to work, but is very slow (usually more than 10 seconds). Normally agent command timeout is less than that, so data collection end up in error.
Could you use System.InstalledProducts table instead?

Best regards,
Victor

hmjvaline

#6
November 23, 2024, 04:40:45 PM
Quote from: Victor Kirhenshtein on November 22, 2024, 01:54:31 PMAgent reads registry keys under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall to get list of installed products.
I tested WMI query on Win32_Product on my Windows servers, and it seems to work, but is very slow (usually more than 10 seconds). Normally agent command timeout is less than that, so data collection end up in error.
Could you use System.InstalledProducts table instead?

Best regards,
Victor

hi
After receiving your tip, I immediately looked for the agent timeout settings. 
Sure enough, I found agentcommandtimeout in the server configuration. 
The default value is 4000. For testing, I increased it to 20000. 
After restarting the service, it worked magically. The content of the data table is displayed normally.
Although I don't know the reasonable value of timeout, 
I will continue to pay attention to the difference in the increased timeout value.
thx victor
Print
Go Up Pages1
User actions