Forum Discussion

ldoodle's avatar
ldoodle
Icon for Advisor rankAdvisor
10 months ago

Domain joined collector polling non-domain joined device

Hi,

I’ve been trying to resolve this for a few days now but no luck from an LM pov.

Collector is domain joined
Veeam server not domain joined

I’ve been through all the config. guides for WMI, DCOM, PSRemoting etc., AND from the collector itself I can now successfully get to the Veeam host using wbemtest with recurse option, and Enter-PSSession. However LM reports:

I’ve run the commands to check the WMI repository state and that comes back as OK. The Add Device Wizard did initially prompt for creds (but that’s because of my overall hierarchy setup so is expected), but on providing the creds for the local account it then succeeded with no other errors.

Then when it tries Active Discovery that error pops up.

What else am I missing? This specific code doesn’t have much info available from a Google; if I include LogicMonitor in the search I get 1 result, and that’s the general LM home page “get started” result.

Thanks

  • I have a forum post on various issues with non-domain joined and/or non-admin monitoring users at

    https://community.logicmonitor.com/product-discussions-22/how-wmi-dcom-rpc-and-uac-effect-access-to-remote-window-systems-for-monitoring-2841

    Okay, so after a lot of trial and error I just could not get it working without local admin rights. I followed all the guides, including the LocalAccountTokenFilterPolicy reg change in your post. Without local admin some of the classes were access denied. Now with local admin rights the only class with access in win32_service.

    I still haven’t tried with UAC completely disabled and non-admin rights since that requires a reboot which I can’t just do.

    Veeam server is 2022 OS so don’t know if anything has changed there.

  • @ldoodle I have had to wrestle with Veeam monitoring on a lot of diverse servers.

    One step I’ve taken when the wmi properties are not aligned with a local admin is to add the local account as an Administrator within the Veeam console itself.

    The other is to allow RemotePS between the collector and the Veeam server.

  • @ldoodle I have had to wrestle with Veeam monitoring on a lot of diverse servers.

    One step I’ve taken when the wmi properties are not aligned with a local admin is to add the local account as an Administrator within the Veeam console itself.

    The other is to allow RemotePS between the collector and the Veeam server.

    Yeah that’s basically how I have it now:

    local account added to local admins group
    local admins group is a Veeam Administrator role in Veeam itself