Windows OS Collections in Database Agents Require WinRM or WMI (4308379)

For Foglight Database Agents to collect operating system (OS) metrics from monitored Windows hosts, either Windows Remote Management (WinRM) or Windows Management Instrumentation (WMI) must be properly configured. These protocols allow remote access to system-level data and are required for monitoring Windows OS performance and health.

Foglight uses either WinRM or WMI to remotely collect OS metrics from Windows-based database servers.

WinRM Overview

WinRM is Microsoft’s implementation of the WS-Management protocol, which communicates over HTTP/HTTPS using SOAP. It supports two authentication types:

• Negotiate (recommended): Uses Kerberos and integrates with Active Directory (AD).

• Basic: Requires credentials in the format domain\user and transmits over HTTP/HTTPS.

⚠️ On Linux-based FglAMs, only Basic authentication is supported. Negotiate authentication is not available due to Kerberos limitations on non-Windows platforms.

WMI Overview

WMI runs over DCOM and requires specific permissions for remote access. The agent OS user must have:

• DCOM and WMI permissions

• Membership in the Local Administrators group on the monitored host (recommended)

If the agent OS user is an Active Directory user not part of the Local Admin group, manual configuration of WMI/DCOM permissions is necessary.

WMI Namespaces Used:

• ROOT\CIMV2

• ROOT\MSCluster

Platform Considerations

🔹 Recommendation: For Linux-based FglAMs monitoring more than 75 agents, configure monitored hosts to use WinRM instead of WMI.

Consult the latest Foglight Agent Manager User Guide for setup instructions.

Enabling WinRM (Recommended)

Foglight supports both Negotiate and Basic WinRM authentication. Negotiate is enabled by default and is preferred in domain environments.

Key Requirements:

• Provide a Windows credential in domain\user format.

• For Basic authentication with a local user account, use the hostname in the "Domain" field.

📘 See:

• KB 4309456 – Full WinRM configuration and firewall details.

• KB 4295397– Quick setup for WinRM without encryption.

WinRM Ports:

• WinRM 1.1 and earlier:

  • HTTP: Port 80

  • HTTPS: Port 443

• WinRM 2.0 and later:

  • HTTP: Port 5985

  • HTTPS: Port 5986

Enabling WMI

To enable WMI access:

1. Use a Local Administrator account on the monitored host (best practice).

2. If using a non-admin domain user, configure DCOM and WMI permissions per KB 4295692.

3. If WMI still fails, temporarily add the user to the Local Admin group to validate access.

4. Apply static port configuration for WMI on firewalls as needed.

WMI Ports:

• Uses TCP port 135 for RPC initiation.

• Allocates dynamic ports unless configured with static RPC ports.

📘 See:

• KB 4309456 – WMI port requirements.

• KB 4289831 – Configure WMI to use static ports.

Additional Notes

• For Linux-based FglAMs, registry changes on the monitored Windows servers may be necessary to allow WMI access.

• Refer to the latest version of the Foglight Agent Manager User Guide for detailed instructions on configuring WinRM and WMI.