Security

Reply
Contributor I

OnConnect error: "No credentials to probe host."

Hello,

 

I'm trying to use OnConnect to perform a WMI probe of client machines when they connect.  I have the service set up with a Cisco 2960x on Clearpass 6.6.5.  When a client connects, the Access Tracker shows an alert from WebAuthService: "wmi: No credentials to probe host.
Username is empty in the request".  I have authorization set up with an AD source that is successfully processing many other requests.  Any help would be most appreciated.

Guru Elite

Re: OnConnect error: "No credentials to probe host."

Did you define a WMI credential for the subnet?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: OnConnect error: "No credentials to probe host."

Thanks Tim,

 

I revisited that section of the config, and changed the subnet from the user VLAN to the switch VLAN, and that partially fixed the problem.  Now the error I get is : "wmi: Skip probe since required port(s) [135] are not open on host. Username is empty in the request"

 

This persists if windows firewall has been configured to explicitly allow WMI on 135, and even when windows firewall is turned off.  The username for the subnet is definitely not empty.

Contributor I

Re: OnConnect error: "No credentials to probe host."

By the way, I've ensured the username is allowed access to WMI via the wmimgmt utility. 

Guru Elite

Re: OnConnect error: "No credentials to probe host."

Can you test from a remote machine using the same credential?

 

https://www.paessler.com/tools/wmitester


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: OnConnect error: "No credentials to probe host."

Yes, I have succeeded querying WMI on the target host with both the Paessler WMI Test tool, and the NetCrunch WMI Tool.  The error remains when using Clearpass.

Guru Elite

Re: OnConnect error: "No credentials to probe host."

Best to open a TAC case.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: