0

I have been racking my head over this for a couple days now and I cannot figure out what is going on. My dev box is a Windows 7 64-bit machine and I am trying to connect via WMI to a Windows Server 2008 domain controller.

My code is pretty simple:

ConnectionOptions options = new ConnectionOptions();
options.Username = _username;
options.Password = _password;
options.EnablePrivileges = true; 
options.Impersonation = ImpersonationLevel.Impersonate;
options.Authentication = AuthenticationLevel.Default;           

ManagementScope scope = new ManagementScope(@"\\" + _hostip + @"\root\cimv2", options);

scope.Connect(); // this works!

ManagementEventWatcher watcher = new ManagementEventWatcher();
watcher.Scope = scope;
watcher.Query = new EventQuery(@"SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA 'Win32_NTLogEvent' and TargetInstance.LogFile = 'Security'");

watcher.Start() // throws exception
watcher.WaitForNextEvent(); // works

My knowledge of WMI is limited and I cannot figure out why WaitForNextEvent() works but Start() does not. The exception I keep getting is: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

I've checked multiple times that the domain controller I'm attempting to connect to is set up properly (remoting is on, enabled and has permission) as is the user account I'm using to connect.

Any ideas and insight would be greatly appreciated.

Addy
  • 2,414
  • 1
  • 23
  • 43
  • Well, odd. Have you actually verified that you can get WaitForNextEvent to complete and use the return value without an exception? – Hans Passant Mar 02 '11 at 16:49
  • Yup. I'm able to collect events using WaitForNextEvent() without a problem. A colleague suggested the problem could be that my dev box is Windows 7 and the server I'm talking to is Win2k8. However, I have not been able to find anything online to suggest that would cause a problem. – Addy Mar 02 '11 at 17:31
  • Have you tried a usual select successful? I cannot se, what you specify as a value in "_username". Why do you need to specify credentials? Which role has the impersonated account on the target machine? I personally have no access to DCs - and so no real experience with their special rights. Are both machines member of the same domain?? Try a usual query first and NOT the security log! I am having a similar issue and would like to hear this! – mabra Mar 06 '11 at 20:48
  • see http://stackoverflow.com/questions/2782317/exception-while-managementeventwatcherwmi-to-notify-events-from-remote-machine – Ohad Schneider Dec 07 '11 at 14:44

2 Answers2

1

Try this:

options.Authentication = AuthenticationLevel.PacketPrivacy;
Helen
  • 87,344
  • 17
  • 243
  • 314
Habib3000
  • 11
  • 1
0

I think that you have hot this error because this member cannot be used by partially trusted code as explain in documentation. For more information, see Using Libraries from Partially Trusted Code.

You can receive events without using this member.

JPBlanc
  • 70,406
  • 17
  • 130
  • 175