Help
FortiSIEM Discussions
Waloo5
New Contributor III

Created on ‎06-07-2024 04:01 AM Edited on ‎06-07-2024 08:56 AM

Issue to integrate Domain Controller (Windows Server 2019) with WMI

Hello everyone,

I have issue to integrate Domain Controller (Windows Server 2019) with WMI "failed (Login to remote object error)" when I configure the credential and would test I receive this message "failed (Win32_OperatingSystem Result not found via OMI)"

-IN Credentials > Access Method Definition I use OMI 

- All Steps are done correctely as External Systems Configuration Guide

https://docs.fortinet.com/document/fortisiem/7.1.7/external-systems-configuration-guide/421011/micro...

- I removed the Kaspersky from server too

 

Please can anyone help 

 

FortiSIEM 

Amir
Amir
Labels:
976
0 Kudos
1 Solution
Waloo5
New Contributor III

Created on ‎06-13-2024 08:34 AM

Hello everyone,

Good news for me, 

- The result of this command "winrm enumerate winrm/config/listener" I have in line Listener [source="GPO"] and "ListeningOn= null" 

- The result of command: netstat -a     no port 5985 on litening

==> solution: Create GPO in DC to force listening on all interfaces in WinRM Service.

Amir

View solution in original post

Amir
847
3 REPLIES 3
FSM_FTNT
Staff
Staff

Created on ‎06-10-2024 08:00 AM

It sounds like a connectivity issue or user account permission issue.

You can try via the CLI from the FortiSIEM node that will be discovering the AD server, replacing the user, password and host

omic -s /opt/phoenix/config/smb.conf -U user%password //host "select * from Win32_NTLogEvent where Logfile='security"

926
0 Kudos
Waloo5
New Contributor III

Created on ‎06-10-2024 08:37 AM

Hi @FSM_FTNT ,

Yes, I agree but when I try to get info WMI from another windows servers in the same VLAN as FortiSIEM I have response with no issue. 

FortiSIEM have a issue to get response when trying omic command:

Result: MI_RESULT_FAILED

Message = Could not connect

Probleme Cause Description= Could not connect

OMI_ErrorMessage=A general error occured, not covered by a more specific error code.

 

Amir
Amir
916
0 Kudos
Waloo5
New Contributor III

Created on ‎06-13-2024 08:34 AM

Hello everyone,

Good news for me, 

- The result of this command "winrm enumerate winrm/config/listener" I have in line Listener [source="GPO"] and "ListeningOn= null" 

- The result of command: netstat -a     no port 5985 on litening

==> solution: Create GPO in DC to force listening on all interfaces in WinRM Service.

Amir
Amir
848
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.