WMI error after DCOM hardening patch

 

The problem: You begin to see WMI permissions error 0x80070005 for the entities you have updated with the DCOM Hardening Patch and an accompanying message in the event viewer mentioning RPC_C_AUTHN_LEVEL_PKT_INTEGRITY (as seen in ‘New DCOM error events’ in Microsoft’s KB5004442). 

This error message may have come about after 1) specifically enabling the DCOM hardening changes or 2) after applying the June 2022 (or later) Windows monthly update whereby the change is enabled by default.  

How to fix the issue: You will need to apply the June 2022 (or later) monthly patch to the server where the SQL Monitor Base Monitor service is installed.  Alternatively, you can change the WMI sampling method from ‘WMI over DCOM’ to ‘WMI over WinRM HTTP or HTTPS’ as WinRM is not affected by this change (see this page for further information).  

Why this has happened: Microsoft broke forward compatibility: older versions of Windows cannot query WMI over DCOM to later ones that have received the DCOM hardening patch. (This does not affect later versions being able to query earlier ones).  This issue is currently not detectable, even when testing using Microsoft's WBEMTEST utility.  

Was this article helpful?

1 out of 4 found this helpful
Have more questions? Submit a request