Notifications

390 views

Description

Some pattern commands require the use of the WMI Collector service, including some process detection steps depending on the target being discovered. The MID Server service communicates to the WMI Collector service via localhost on port 8585 by default. The following error is thrown when communication cannot be established between the MID Server service and the WMI Collector service.

Failed to communicate with the WMI collector service.

Release or Environment

All currently supported versions.

Cause

The following are the most common causes for the communication failure error:

  1. WMI Collector Service is not running or fails to start.
  2. Port 8585 is already in use by another application.

Resolution

Service not running or fails to start:

  1. Start the WMI Collector service.
  2. If starting the service fails, review the collector log "<install_directory>\agent\bin\sw_wmi\log\logfile.txt". The solution to starting the service will depend on the error found in the log.
  3. Review windows system event logs for errors when starting the service.

Port already in use by another application:

  1. Change the configured port for the WMI Collector via configuration file "<install_directory>\agent\bin\sw_wmi\conf\wmi_collector.ini", and parameter "port".
    • port=<available_port>
  2. Restart the service.
  3. "netstat –ano | findstr <port_number>" can be used to find the process currently using the port.

Additional Information

KBs to commonly seen WMICollector errors:

MID Server parameters to connect to WMI Collector service (Can be added via MID server "Configuration Parameters" related list):

  • mid.servicewatch.wmi.port = Port which WMI Collector service is listening on, default 8585.
  • mid.servicewatch.wmi.host = Host where WMI Collector service is running, default localhost.
  • mid.servicewatch.wmi.get_file_on_shared_drive_from_collector = Should file resulting from command be collected on shared drive of target, default true.

WMI Collector startup service parameters, configured via file "<install_directory>\agent\bin\sw_wmi\conf\wmi_collector.ini":

  • localAddress = Address used by server being discovered to communicate back to the WMI Collector service.
  • port = Port used by WMI Collector process.

Article Information

Last Updated:2019-11-19 08:32:07
Published:2019-11-19