Are you facing WMI Error: Login to remote object ? This guide will help you.

Generally, we receive this error when we run the WMI Configuration Wizard.

Here at Ibmi Media, as part of our Server management Services, we regularly help our Customers to perform related Nagios queries.

In this context, we shall look into how to resolve the WMI error, Login to remote object.

Nature of WMI Error: Login to remote object ?

WMI can provide management data and operational information about Windows systems.

Nagios Core and Nagios XI are capable of monitoring Windows machines via WMI.

When we run the WMI Configuration Wizard, we receive the error:

UNKNOWN – The WMI query had problems. The error text from wmic is: [wmi/wmic.c:196:main()]
ERROR: Login to remote object.
NTSTATUS: NT code 0x800706ba – NT code 0x800706ba

It is possible that the Windows Firewall is not allowing the traffic through. This can be the cause of the error.

How to fix WMI Error: Login to remote object ?

In Windows Firewall, under Allowed Programs, we ensure WMI is enabled.

1.  Windows Server 2008/2012/2016 Firewall Rules

• To check firewall settings, we select Start and search firewall and open Windows Firewall with Advanced Security.
• In Server 2012/2016, we can find it at Server Manager > Tools > Windows Firewall with Advanced Security.
• Here, in the left-hand pane, we click Inbound Rules. In the right-hand pane, we click Filter by Group and then select WMI.
• Then we will see the available firewall rules. We ensure to enable the DCOM-In and WMI-In rules.
• If the WMI rule group does not exist, Microsoft suggests the below method.
• In the command prompt we enter:

netsh advfirewall firewall add rule dir=in name=”DCOM” program=%systemroot
%\system32\svchost.exe service=rpcss action=allow protocol=TCP localport=135
netsh advfirewall firewall add rule dir=in name =”WMI” program=%systemroot
%\system32\svchost.exe service=winmgmt action = allow protocol=TCP localport=any
netsh advfirewall firewall add rule dir=in name =”UnsecApp” program=%systemroot
%\system32\wbem\unsecapp.exe action=allow
netsh advfirewall firewall add rule dir=out name =”WMI_OUT” program=%systemroot
%\system32\svchost.exe service=winmgmt action=allow protocol=TCP localport=any

2. Windows Server 2003 Firewall Rules

By default, DCOM communicates with the client on a random port, so in order to write firewall rules, we can specify a port range:

• To do so, we click Start, choose Run, type DCOMCnfg.exe, and click OK.
• Then we expand Component Services > Computers > right-click My Computer > Properties.
• In the Default Protocols tab > Properties > Add.
• We add a port range for COM services. For example, a range from 5000-5020.
• Once done, we click OK.

Eventually, we allow the port range through the windows firewall:

1. The below command will open ports from 5000-5020 to match the COM Internet Services Range.

FOR /L %I IN (5000,1,5020) DO netsh firewall add portopening TCP %I “COM”%I

2. Lastly, we open DCOM port 135.

3. Then in the command prompt, we type:

netsh firewall add portopening TCP 135 “DCOM”

[Need help with the procedures? We'd be happy to assist. ]