Troubleshooting SSO + WMI, when WMI refuses to return a logged in user.
03/26/2020 17 14368
This article covers troubleshooting SSO + WMI, when WMI refuses to return a logged in user.
- Open the SSO agent, and select “Users and Hosts”. There, check for any IPs listed but which don’t contain the user info. These are the PCs which tried to access the internet but which SSO could not read user information from. Make a note of the problematic IPs
- Select the “Diagnostic Tool” and enter one of the problematic IPs. It can return a variety of errors, many of which have to do with connectivity (solutions to this are generally disabling windows firewall, checking for routers between the SSO server and queried PC, etc).
You can investigate further to get to the bottom of the issue by using the following tool:
This is a standalone tool that can run a variety of WMI queries.For example, you can use the following switches to find the user via WMI:
CLeWMI.exe -c Win32_ComputerSystem -p UserName –s 127.0.0.1
This will query the IP 127.0.0.1 for the logged in user.
Now, try to run the same command but against the problematic IP (10.70.2.248: same IP that gave the ActiveX error above), and we already get a clue as to what is wrong:
This will indicate that the problem is related to the local network like Active Directory user rights or similar.
It is called The WMI Diagnosis Utility -- Version 2.0, and you can download it here:
It will download a self-extracting ZIP file which you can place anywhere on the problematic client PC.
If you see the following error please ignore it:
Please be patient, it may take 5-6 minutes for this to run. It runs a whole set of diagnostic utilities for WMI and eventually a txt file will pop up. Scroll through it and you find exactly what the client needs to fix. In the following example it indicates that you do not have rights to read the user from the remote PC: