Issue to integrate Domain Controller (Windows Server 2019) with WMI

Waloo5 · ‎06-07-2024

Hello everyone,

I have issue to integrate Domain Controller (Windows Server 2019) with WMI "failed (Login to remote object error)" when I configure the credential and would test I receive this message "failed (Win32_OperatingSystem Result not found via OMI)"

-IN Credentials > Access Method Definition I use OMI

- All Steps are done correctely as External Systems Configuration Guide

https://docs.fortinet.com/document/fortisiem/7.1.7/external-systems-configuration-guide/421011/micro...

- I removed the Kaspersky from server too

Please can anyone help

FortiSIEM

Amir

Waloo5 · ‎06-13-2024

Hello everyone,

Good news for me,

- The result of this command "winrm enumerate winrm/config/listener" I have in line Listener [source="GPO"] and "ListeningOn= null"

- The result of command: netstat -a no port 5985 on litening

==> solution: Create GPO in DC to force listening on all interfaces in WinRM Service.

Amir

View solution in original post

FSM_FTNT · ‎06-10-2024

It sounds like a connectivity issue or user account permission issue.

You can try via the CLI from the FortiSIEM node that will be discovering the AD server, replacing the user, password and host

omic -s /opt/phoenix/config/smb.conf -U user%password //host "select * from Win32_NTLogEvent where Logfile='security"

AliMhaerFathy · ‎02-23-2025

I use this command from Supervisor CLI:
/opt/phoenix/bin/omic -s /opt/phoenix/config/smb.conf -U 'user%pass' //192.168.x.x 'SELECT * FROM Win32_NTLogEvent WHERE Logfile = "Security" AND TimeGenerated >= "20240222000000.000000+000"'

and we can retrieve the logs, but the analytics GUI doesn't

Waloo5 · ‎06-10-2024

Hi @FSM_FTNT ,

Yes, I agree but when I try to get info WMI from another windows servers in the same VLAN as FortiSIEM I have response with no issue.

FortiSIEM have a issue to get response when trying omic command:

Result: MI_RESULT_FAILED

Message = Could not connect

Probleme Cause Description= Could not connect

OMI_ErrorMessage=A general error occured, not covered by a more specific error code.

Amir

Waloo5 · ‎06-13-2024

Hello everyone,

Good news for me,

- The result of this command "winrm enumerate winrm/config/listener" I have in line Listener [source="GPO"] and "ListeningOn= null"

- The result of command: netstat -a no port 5985 on litening

==> solution: Create GPO in DC to force listening on all interfaces in WinRM Service.

Amir

Hugues1 · ‎02-07-2025

Hello every one. I have the same issue when i try to discover my windows hosts with WMI. I configured all hosts with the right credentials in the supervisor. But i already have the same issue as on the screeshot : Sommeone have a solution ?

Le Pimo

Waloo5 · ‎02-07-2025

Hi Hugues1,

I made a video on youtube with the write steps ( no wmi but OMI)

https://www.youtube.com/watch?v=BH4X54GuSOI&list=PLnZa7L_r4n5TRTjXqtPY_v8TCfyUrb1Xr&index=5

Amir

Hugues1 · ‎02-07-2025

It doesn't work for me when i try to do omi

Le Pimo

Issue to integrate Domain Controller (Windows Server 2019) with WMI

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website