The problem: You begin to see WMI permissions error 0x80070005 for the entities you have updated with the DCOM Hardening Patch and an accompanying message in the event viewer mentioning RPC_C_AUTHN_LEVEL_PKT_INTEGRITY (as seen in ‘New DCOM error events’ in Microsoft’s KB5004442).
This error message may have come about after 1) specifically enabling the DCOM hardening changes or 2) after applying the June 2022 (or later) Windows monthly update whereby the change is enabled by default.
How to fix the issue: You will need to apply the June 2022 (or later) monthly patch to the server where the Redgate Monitor Base Monitor service is installed. Alternatively, you can change the WMI sampling method from ‘WMI over DCOM’ to ‘WMI over WinRM HTTP or HTTPS’ as WinRM is not affected by this change (see this page for further information).
Why this has happened: Microsoft broke forward compatibility: older versions of Windows cannot query WMI over DCOM to later ones that have received the DCOM hardening patch. (This does not affect later versions being able to query earlier ones). This issue is currently not detectable, even when testing using Microsoft's WBEMTEST utility.
Was this article helpful?
Articles in this section
- Redgate Monitor migration guide to version 14
- "Your browser does not seem to be accepting cookies." error message
- Setting up OpenID Connect (OIDC) with Entra ID in Redgate Monitor
- Proxy Configuration in Redgate Monitor
- WMI error after DCOM hardening patch
- Redgate Monitor alert tuning
- Redgate Monitor set up for optimal performance
- Redgate Monitor Base Monitor Service Account
- Configuring Metrics and Alerts in Redgate Monitor
- Getting started with Redgate Monitor