DCOM errors in event logs from OME

Hi,

Is your OME system up and running or you have any issues discovering devices?

Hello,

The system is up and running. I have quite a few devices listed in Unknown including all of my virtual machines. The hosts are discovered correctly but there are no VMs listed under any of the hosts. That's the only glaring thing that I noticed as not being correct.

Well that cannot be the reason for event logs. Haven't seen this one before. Anything to do with domain users or environment? Does event log show something obvious?

I think I found a pattern in the machines/IP addresses that are being shown with the event. I will do some more research and see if this leads me anywhere.

Thanks

update, please? same issue here.

Hi TQMBILL,

Can you help us with the details regarding the IPs for which you are seeing these messages i.e. to which systems these IP belongs?

Also, if you have any discovery ranges configured using these IPs? If yes, then what are the protocols configured?

Thanks,
Vijay

Well now, VIJAY, that was enlightening!  Thanks for the nudge.  But I still don't know how to make the errors go away.  Here's what I found:

All but one of the DCOM 10028 IPs was something "strange": routers, Linux, printers.  The one exception is my sole Win2008 machine, a Domain Controller (the other DC, a Win2012R2, has no error).

Protocols include "all of the above" since I'm a clueless newbie (root of problem??)... i.e. SNMP, WMI, WSMAN and SSH).

So do I need to exclude all such IPs? Or get rid of a protocol?  Thanks for the help... I really need it!!

Another probably significant tidbit...

The W2k8 DC is returning a Kerberos 4 error:

Log Name:      System
Source:        Microsoft-Windows-Security-Kerberos
Date:          12/21/2016 9:50:38 AM
Event ID:      4
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      FS1.domain.com
Description:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server dc2$. The target name used was RPCSS/dc2.domain.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (domain.COM) is different from the client domain (domain.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

There exists only the one domain.

Hope this sheds more light.

Thanks

Hi,

Thanks for the update with details.

We analyzed this and observed that this errors are logged by WMI Service for those IPs which are pingable but the protocol is not resolved.

If you are using OME 2.2/2.1, there is "Guided Discovery Wizard" which will only enable only those protocols which are required for those devices to be discovered. For ex: if you want to discover iDRAC, then it will guide you to only enter WS-MAN credentials and so on. More details about this is present in the UG under "Device Type Filtering" section.

This will solve the main problem of attempting not applicable protocols on the IPs in your environment.

Let us know if this helps.

Thanks,
Vijay