IC agent via WinRM using non-administrator user fails to query Win32_Service. The following is found in the agent debug logs:
DEBUG [Quartz-3008] com.quest.glue.core.remoteconnection.windows.wmi.WMIUtils - The remote system has indicated that the query "SELECT Name,DisplayName,ProcessId,State FROM Win32_Service" has failed, no results will be returned.
com.quest.glue.api.services.QueryFailedException: WinRM request to https://hostname:5986/wsman failed: The WS-Management service cannot process the request. The WMI service returned an 'access denied' error.
The rest of the metrics are showing up fine.
STATUS: FDOC-7673 was implemented in the 22.214.171.124 IC User Guide listing the minimum requirements needed for using a non-administrator user in section "Adding a non-administrative user to user groups".
1. Ensure that the Foglight user account is a member of the "Performance Monitor Users" group on the target host.
2. Run "sc sdshow SCMANAGER" on target host cmd, the output should be like "D:
C:\Users\administrator.SG>sc sdshow SCMANAGER
3. Run the following command after substituting the bracketed string based on the result in the previous step.
sc sdset SCMANAGER D:(A;;CCLCRPRC;;;S-1-5-32-558)
e.g. (example only do not copy exact text)
sc sdset SCMANAGER D:(A;;CCLCRPRC;;;S-1-5-32-558)(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)
d. At this point, most services data can be collected if the "Performance Monitor Users" group have permission to access the service. Now try running the below winrm from the Fglam and see if it succeeds:
winrm enumerate wmicimv2/* -dialect:wql -filter:"SELECT Name,DisplayName,ProcessId,State FROM Win32_Service" -r:https://hostname:5986/wsman -u:your_username