wmic stopped working on Windows 10 Build 2004

[gary]

A customer recently upgraded a clientpc to Windows 10 build 2004. Since then check_wmi_plus doesn’t work since wmic can no longer connect.
The error message is:
[wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT code 0x80010111 – NT code 0x80010111

No other operating systems or clients seem to be affected and all the wmi permission requirements have been verified.

[admin]

This appears to be some kind of RPC header error. From the Samba source code:
#define WERR_RPC_E_INVALID_HEADER W_ERROR(0x80010111)

It looks like Microsoft have changed something, maybe in the RPC protocol.

I’m not aware of any fix for this at the moment. Post in this thread if you have a fix

[geotek]

The old wmic tool seems to be actively developed further over here:
https://github.com/greenbone/openvas-smb
Would it help if Wmi Plus would switch to these new libraries?

[gary]

Thanks for the tip, but unfortunately their version of wmic is suffering from the same incompatibility issues as it’s the same version as the one I’m currently using.
Version 4.0.0tp4-SVN-build-UNKNOWN

NTSTATUS: NT code 0x80010111 – NT code 0x80010111

[Baldnerd]

Hi there. Sorry for the bump, but just wondering if we can get an update on this? I donated, signed the petition, and haven’t heard or seen any movement at all. I’d greatly appreciate an update. Thanks 🙂

[gary]

After actively searching for a solution for a few weeks and eventually realizing that I was getting nowhere fast, I gave up and deployed nsclient++ on the clients and adapted all the checks to use check_nrpe. Never looked back.

[geotek]

Hi Gary,

there has been some activity in the yet unreleased version of openvas-smb in the last couple days over here: https://github.com/greenbone/openvas-smb/compare/v1.0.5…master

Does this help? If not, shouldn’t the developer of this library be affected by our issue as welll?

[admin]

This problem is fixed as per Fix for Windows 10 v2004

[geotek]

Hello Admin,

it took me a while to get wmic compiled correctly with:

cd /usr/src/wmi-1.4.0/Samba/source
./autogen.sh
./configure
cd /usr/src/wmi-1.4.0/
make "CPP=gcc -E -ffreestanding"

but the new wmic does indeed work now, even with Windows 10 20H2.

Thanks a lot!!!!

[Baldnerd]

I see what you mean about it “taking a while” @geotek – but I’ve yet to get a successful build. Mind sharing any more info about your setup or what you had to do?

I’m on Debian, tested on both AMD64 and ARM64, and the furthest I can get is:

Linking bin/static/libheimdal_roken_getprogname_h.a
/usr/bin/ar: bin/static/libheimdal_roken_getprogname_h.a: No such file or directory
make[1]: *** [Makefile:23787: bin/static/libheimdal_roken_getprogname_h.a] Error 1

The compiler then fails and the wmic binary does not get output due to the previous error.

I’ve tried everything I can think of. Checked and double-checked installed dependencies (did I miss something?) but still no success.

Cheers!

[sywilkin]

We have tried this update/fix – compiled on Centos OK – but does not solve the issue. Still getting issues with NTSTATUS: NT code 0x80010111.

When you diff the directory structure download “fixed files” and the original zenoss files are as below:

Files wmi-1.4.0/Samba/source/ and wmi-1.3.14/Samba/source/ differ
Only in wmi-1.4.0/Samba/source/bin/pkgconfig: cli_cldap-uninstalled.pc
Only in wmi-1.4.0/Samba/source/bin/pkgconfig: cli_smb-uninstalled.pc
Only in wmi-1.4.0/Samba/source/bin/pkgconfig: cli_wrepl-uninstalled.pc
Only in wmi-1.4.0/Samba/source/bin/pkgconfig: dcerpc-uninstalled.pc
Only in wmi-1.4.0/Samba/source/bin/pkgconfig: gensec-uninstalled.pc
Only in wmi-1.4.0/Samba/source/bin/pkgconfig: ldb-uninstalled.pc
Only in wmi-1.4.0/Samba/source/bin/pkgconfig: ndr-uninstalled.pc
Only in wmi-1.4.0/Samba/source/bin/pkgconfig: ndr_compression-uninstalled.pc
Only in wmi-1.4.0/Samba/source/bin/pkgconfig: ntvfs-uninstalled.pc
Only in wmi-1.4.0/Samba/source/bin/pkgconfig: registry-uninstalled.pc
Only in wmi-1.4.0/Samba/source/bin/pkgconfig: samba-config-uninstalled.pc
Only in wmi-1.4.0/Samba/source/bin/pkgconfig: samba-net-uninstalled.pc
Only in wmi-1.4.0/Samba/source/bin/pkgconfig: samba3-uninstalled.pc
Only in wmi-1.4.0/Samba/source/bin/pkgconfig: share-uninstalled.pc
Only in wmi-1.4.0/Samba/source/bin/pkgconfig: socket_wrapper-uninstalled.pc
Only in wmi-1.4.0/Samba/source/bin/pkgconfig: talloc-uninstalled.pc
Only in wmi-1.4.0/Samba/source/bin/pkgconfig: tdb-uninstalled.pc
Only in wmi-1.4.0/Samba/source/bin/pkgconfig: tdr-uninstalled.pc
Only in wmi-1.4.0/Samba/source/bin/pkgconfig: torture-uninstalled.pc
Only in wmi-1.4.0/Samba/source/bin/pkgconfig: winbind-client-uninstalled.pc
Only in wmi-1.4.0/Samba/source/build/smb_build: config.pm
Only in wmi-1.4.0/Samba/source: configure
Only in wmi-1.4.0/Samba/source: extra_cflags.txt
Only in wmi-1.4.0/Samba/source/heimdal/lib/gssapi: gkrb5_err.c
Only in wmi-1.4.0/Samba/source/heimdal/lib/gssapi: gkrb5_err.h
Only in wmi-1.4.0/Samba/source/include: config_tmp.h.in
Files wmi-1.4.0/Samba/source/librpc/idl/orpc.idl and wmi-1.3.14/Samba/source/librpc/idl/orpc.idl differ
Files wmi-1.4.0/Samba/source/pidl/pidl and wmi-1.3.14/Samba/source/pidl/pidl differ
Only in wmi-1.4.0/Samba/source: pywmi-build
Only in wmi-1.4.0/Samba/source: version.h

The librpc file has only one line different (line 33)

const uint16 COM_MINOR_VERSION changes from 1 -> 7;

the pidl file line 583:

“@$pidl || die “Failed to parse $idl_file”;” -> “defined @$pidl || die “Failed to parse $idl_file”;”

Has anyone else had any success?

[geotek]

@baldnerd: I am afraid I can`t reproduce what else I had done (and may have been necessary) before being able to successfully compile wmic with the steps shown in my post.

As a quick and dirty workaround I have posted the working wmic binary for Debian 10 here.

[Baldnerd]

That is very kind @geotek – thank you. Sadly since I’m on an ARM-based server, the amd64 binary won’t work for me.

A history dump? LOL

There must be something missing on my server that it needs. I just can’t figure out what, and there seems to be absolutely zero documentation or support surrounding this version.

Anything anyone can do to help… would be hugely appreciated.

Cheers,
Robbie

[admin]

I have shown how I compile it using Fedora 33 on this page:
Installation Terminal Session Fedora 33

[Baldnerd]

Thank you @admin – though sadly this still doesn’t help.

Where in your log you get to this:

Compiling heimdal/lib/roken/getprogname.c with host compiler
Use of uninitialized value in pattern match (m//) at ./script/cflags.pl line 15, <IN> line 1212.
Linking bin/static/libheimdal_roken_getprogname_h.a
Compiling heimdal/lib/asn1/lex.c with host compiler
Use of uninitialized value in pattern match (m//) at ./script/cflags.pl line 15, <IN> line 1212.
Linking bin/static/libheimdal_asn1_compile_lex.a
Compiling lib/replace/replace.c

On Debian amd64 (versions 10 and 11) it fails at that point, and since libheimdal_roken_getprogname_h.a doesn’t exist, none of the further compiling (eg., wmic) work.

Google has been no help.

Who maintains the wmi package? There are references that it is based on zenoss, but I can’t find a zenoss source to see if there is help.

Thanks in advance… hopefully we can get this working soon.

[Author]

Posts