"Authentication Failed or Access denied" message is shown, when trying to add the Server Monitor through WMI mode.

"Authentication Failed or Access denied" message is shown, when trying to add the Server Monitor through WMI mode.

1) Domain Name and IP address Issues
If your machine is joined in the domain
Giving the username as Domainname\username.
For example: ZohoCorp\admin

If the username is not a domain account, give the username as machinename\username.
For example: admin\admin

If you are not aware of the domainname or username, Check in Control Panel --> User Accounts. Here you can see the users in the system and which domain and groups the user belongs to.

WMI Connectivity Test:

- Use wbemtest to find the error message when connecting to the remote system.

Click on Start --> Run --> wbemtest

It opens up Windows Management Instrument Tester. Click Connect button. In the first text box (root\default) , give the <\\hostname\root\cimv2>

Give username and password. Now click the Connect button. If it gives error, try giving the ipaddress in the place of hostname. <\\ipaddress\root\cimv2>

If it works, then through ip address only you would be able to access the machine. This may be due to some wrong entires in the hosts file in <C:\Windows\system32\drivers\etc\hosts> file. Remove the wrong entries in the file and try with the hostname.

2) DCOM Settings
On Remote Computer:
Check whether DCOM is enabled on the remote computer, you are trying to monitor.

Click on Start - Open the Run console, enter dcomcnfg - it opens Component Services console.

Click on Component Services --> select Computers -->Click on My Computer (Right Click on this and select Properties).

Then click the Default Properties tab and check whether the following properties are the same as mentioned below.

a) Check Box "Enable Distributed COM on this machine" is selected.

b) Default Authentication Level is Connect .

c) Default Impersonation Level is Impersonate or Identify.

If there are changes in above properties, then configure as mentioned above and check whether you are able to add it in Applications Manager.

Now ensure it has been changed in the registry too.

From the Start --> Run --> Enter regedit . This will open up the Registry Editor Console.

Click on My Computer -> HKey_Local_Machine ->Software -> Microsoft -> OLE -> EnableDCOM, should be set to 'Y'.


3) Checking the COM Security
Click on Start - Open the Run console, enter dcomcnfg - it opens Component Services console.

Click on Component Services --> select Computers -->Click on My Computer (Right Click on this and select Properties).

Then click the COM Security tab and check whether the following properties are the same as mentioned below.

Then click Edit Default in Access Permissions. Then check whether Remote Access is enabled for SELF and SYSTEM.

Also, again Click on My Computer, then click on DCOM config node and select Windows Management Instrumentation. Then right click and select properties. And check whether the Authentication Level is set as Default.


4) WMI Security
On Remote Computer:
Check whether the given user has enough permissions for accessing the WMI from the remote machine you are trying to monitor.

From the Start --> Run --> Enter wmimgmt.msc . This will open up the Windows Management Infrastructure Console.

Right Click on the WMI control and select Properties -> security tab -> security button

Then check, whether the Group in which the user belongs to, has full permissions like Remote Enable. If there are no permissions then select the check boxes for Allow and save the changes.

Then try to add the server in Applications Manager.

In case, you dont want to change the permissions for the Group, create a user with Guest role for this.

Go to Control Panel --> User Accounts.

Then add a user with Guests role. Then go to Security Page in Windows Management Console. And click "Add" button. In Windows 2000, it will list the newly created user. You can just select, add and grant all permissions.

In Windows XP, you have the option of "Enter the Object names to select" textarea , where you have to give the username as machinename\username. Now click ok , it will add that user and grant permissions for that user and save.

Now try adding the server with that username and password for monitoring.


5) Verifying Rights for the User
On Remote Computer

From the Start --> Run --> Enter gpedit.msc. This will open Group Policy Console

Then click on Local Computer Policy -- > Computer Configuration -->Windows Settings --> Security Settings --> Local Policies --> User Rights Assessment --> Impersonate a Client after Authentication.

Here add the user with which you are trying to add this server for Monitoring in Applications Manager. After doing this try to add the server with that username for monitoring in Applications Manager. It is required that the user has admin privilege for adding a windows monitor in WMI mode.


6) Local Security Settings
If Remote Machine is an Windows XP computer, make sure that remote logons are not being coerced to the GUEST account ("ForceGuest", which is enabled by default computers that are not attached to a domain). To do this, open the Local Security Policy editor. From the Start --> Run --> Enter secpol.msc . This will open up the Local Security Settings Console. click on -> "Local Policies" -> "Security Options"-> "Network access: Sharing and security model for local accounts". If this is set to "Guest only", right click on properties, change it to "Classic" and restart your computer.

7) Also on the remote Windows computer, configure the firewall to allow remote administration. To do this, open a command prompt and execute the following:
netsh advfirewall firewall set rule group="remote administration" new enable=yes
netsh advfirewall firewall set rule group="Windows Remote Management" new enable=yes
netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes

8) Necessary Windows Services
On Remote Computer
Make sure that all remote access and WMI-related services are enabled and running. On Windows XP, the following services should be running or allowed to start on demand:

COM+ Event System
Remote Access Auto Connection Manager
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Registry
Server
Windows Management Instrumentation
Windows Management Instrumentation Driver Extensions
WMI Performance Adapter
Workstation

9) From the Start --> Run --> Enter wmimgmt.msc . This will open up the Windows Management Infrastructure Console. Right click on properties -> logging. Enable Verbose login on the remote machine.

10) Make sure the Active Directory Domain Service in the Domain Controller is running.