“访问被拒绝”WMI异常

Question

I am working on WMI. I want to access remote system information. The following code is working for loopback or on local host but when I try to access the remote machine it shows the following exception error:

Access is denied. (Exception from HRESULT:0X8005(E_ACCESSDENIED))

When switch is used between 2 systems.

and

The RPC server Is unavailable. (Exception from HRESULT: 0x800706BA)

When both the systems are directly connected.

---

OS on both systems: Windows Service Pack 2.
Firewalls = blocked.
Remote procedure service = running.

Tool : .NET Visual Studio 2008 C#

Code:

try
{
    ConnectionOptions _Options = new ConnectionOptions();
    ManagementPath _Path = new ManagementPath(s);

    ManagementScope _Scope = new ManagementScope(_Path, _Options);
    _Scope.Connect();
    ManagementObjectSearcher srcd = new ManagementObjectSearcher("select * from Win32_DisplayConfiguration");
    foreach (ManagementObject obj in srcd.Get())
    {
        //listBox5.Items.Add(obj.Properties.ToString());
        foreach (PropertyData aProperty in obj.Properties)
        {
            listBox1.Items.Add(aProperty.Name.ToString() + " : " + aProperty.Value);
        }
    }
}
catch (Exception ex)
{
    MessageBox.Show(ex.Message);
}

Answer 1

Note:If you do not specify credentials, the credentials of the running user will be used and so these have to be valid to access the remote computer and usually, this account has to be an admin on the remote box (not for all objects, but just to be sure).

If you are logged in with a domain account, which is valid on both computers, it would work out-of-the-box.

If you are not in a domain environment, just specify credentials.

Try this:

ConnectionOptions co = new ConnectionOptions();
co.Impersonation = ImpersonationLevel.Impersonate;
co.Authentication = AuthenticationLevel.Packet;
co.Timeout = new TimeSpan(0, 0, 30);
co.EnablePrivileges = true;
co.Username = "\\";
co.Password = "";

ManagementPath mp = new ManagementPath();
mp.NamespacePath = @"\root\cimv2";
mp.Server = "";               ///Regard this!!!!

ManagementScope ms = new ManagementScope(mp, co);
ms.Connect();

ManagementObjectSearcher srcd;
srcd = new ManagementObjectSearcher  
(
    ms, new ObjectQuery("select * from Win32_DisplayConfiguration")
);

This is working all the time for me.

From my point of view, the problem occurs, because you are not specifying a remote computer in your ManagementPath. A ManagementPath, created with the defaults, always points to the local machine. And if you just specify credentials to the local computer, this is not allowed and always fails.

br--mabra

Answer 2

It could be many things, but for a start you need to:

• Open for RPC traffic in the firewall
• Enable remote rpc calls

See: http://support.microsoft.com/kb/895085 (Although this covers a slightly different problem the resolution is relevant)

Answer 3

If you want your query to use your created ManagementScope, you should use another overload of it's constructor. I suspect, you have omitted code between? If you've had used credentials in your ConnectionOptions, your ManagementObjectServer will not use them.

Try:

ManagementObjectSearcher srcd;
srcd = new ManagementObjectSearcher  
(
    _Scope, new ObjectQuery("select * from Win32_DisplayConfiguration")
);

Look for it in the MSDN reference.

Answer 4

This may be the same issue as described in the SO question asp classic - Access Denied errors accessing IIS WMI provider from ASP .

As I explained in my answer to the above-mentioned question, I checked the event logs ("Windows Logs") on the server to which I'm attempting to access IIS remotely via WMI, and lo and behold I found an event with the following text:

Access to the root\\WebAdministration namespace was denied because the namespace is marked with RequiresEncryption but the script or application attempted to connect to this namespace with an authentication level below Pkt_Privacy. Change the authentication level to Pkt_Privacy and run the script or application again.

The answer offered by @mabra to this question included the relevant inspiration. Here's the example C# code that I added that seemed to resolve this issue for me:

ConnectionOptions options = new ConnectionOptions();
options.Authentication = AuthenticationLevel.PacketPrivacy;
ManagementScope managementScope = new ManagementScope(@"\\remote-server\root\WebAdministration", options);
// ...