How to Troubleshoot “Access Denied” Errors When Monitoring Windows Servers using WMI

Applies To

  • Zenoss Resource Manager 4.x
  • Microsoft Windows ZenPack (Legacy)


When attempting to monitor Windows servers using the legacy Microsoft Windows ZenPack, administrators may encounter “Access Denied” errors from certain servers and Zenoss Resource Manager may be unable to model or monitor those systems. This KB article details troubleshooting steps for when these conditions are encountered.

Note: Zenoss strongly recommends that Windows servers be monitored with the current Microsoft Windows ZenPack, which uses WinRM instead of WMI. Complete documentation for using the ZenPack can be found here.


  1. Verify that the credentials specified in the servers' Configuration Properties are correct. Log on to the target server using the service account specified in Resource Manager.
  2. Verify that the service account’s permissions are adequate by opening a command prompt and running the typeperf command with the -qx flags set:
    typeperf -qx   

    NOTE: The typeperf command writes performance data directly to the command window. If the command completes successfully with no errors and outputs a large number of performance counters, the service account’s permissions are sufficient. Insufficient permissions result in an error.

  3. If the service account’s permissions are confirmed to be sufficient but errors continue to be encountered, determine if the target servers require NTLMv2.
    If NTLMv2 is required:
    1. Edit the following Resource Manager configuration files, located in the /opt/zenoss/etc/ directory:
      • zeneventlog.conf
      • zenmodeler.conf
      • zenwin.conf
      • zenwinperf.conf
    2. Make the following changes in each file:
      • Remove the hash sign (#) in front of “ntlmv2auth
      • Set the value for this variable to True
      • Save and exit the file
  4. Restart Zenoss:
    zenoss restart
Was this article helpful?
0 out of 0 found this helpful


Powered by Zendesk