We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Security Gateway

How can I verify that the WMI is working properly on my domain controller to troubleshoot DC Agent related issues?

  • Type: Knowledgebase
  • Date changed: 5 years ago
Solution #00006413

Scope:
Applies to all Barracuda Web Filter appliances on all versions of firmware, and the Web Security Flex Service when using a Web Security Gateway.

Answer:
Barracuda developers strive to make the authentication process as seamless as possible. However, there are still many variables on the domain controller that can prevent the proper functionality of the DC Agent service. The DC Agent relies on the Windows WMI interface to pull login events from the Windows event logs. Any interruption or malfunction of the WMI will prevent Barracuda web filtering products from being able to properly authenticate users on the domain. To troubleshoot this possibility, Windows provides a tool that’s integrated on all versions of Windows called the WBEMTEST. This is a useful utility for finding out if the DC is generating the proper logon events for the DC agent. The procedures for using this tool are listed below.

1. Enter the Run console by pressing Start+R. Then enter wbemtest and click OK.
2. Click Connect.
3. Enter root\cimv2 in the Namespace.
4. Click Connect.
5. Click Notification Query…
6. Enter the following into the Enter Query textbox:

 SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_NTLogEvent' and TargetInstance.EventCode = '4624'

7. Click Apply.
8. You should see a dialog titled "Query Result" that displays "operation in progress". Whenever someone authenticates against the DC, you will see data records in the listbox similar to “__InstanceCreationEvent=<no key>”. You can double click these entries, then click Show MOF, to see the actual event in Windows Event Viewer.

If no entries are listed on the “Query Result” window when a user authenticates to the DC, this indicates a serious problem with the WMI that will need to be resolved prior to using the DC Agent service. More detailed information on WMI troubleshooting and WBEMTEST can be found here.

Link to this page:
https://campus.barracuda.com/solution/501600000013TZ4AAM