Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-11621

Zabbix Agent >3.0.0 wmi.get commands return EventID 5858 Error

    Details

    • Type: Incident report
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.0.5, 3.2.1
    • Fix Version/s: 3.0.8rc1, 3.2.4rc1, 3.4.0alpha1
    • Component/s: Agent (G)
    • Labels:
    • Environment:
      Windows 2012 R2

      Description

      When running wmi.get from the zabbix host as seen below:

      [root@lpzabbix01 ~]# zabbix_get -s XXXXXXXX -p 10050 -k wmi.get["root\cimv2","Select serialnumber from win32_bios"]
      VMware-XX 09 41 fa 13 df XX de-86 01 95 XX 72 79 e5 XX
      

      While the command finishes successfully every time, we receive these EventID 5858's as ERROR in Windows EventLog.

      Id = {A010B855-20E6-0001-CCD5-2CA0E620D201}; ClientMachine = XXXXXXXX; User = NT AUTHORITY\SYSTEM; ClientProcessId = 704; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : Select serialnumber from win32_bios; ResultCode = 0x80041032; PossibleCause = Unknown

      To make matter worse, which is why I started digging into the issue, Zabbix is polling windows at least every 2 minutes via wmi.get for certain values. So with around 100 windows servers in our environment, this is generating a whole lot of logging that is going into our central logging repository.

      Id = {B9AFD564-20E4-0001-EB6A-DBB9E420D201}; ClientMachine = XXXXXXXX; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1540; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : select CSDVersion from Win32_OperatingSystem; ResultCode = 0x80041032; PossibleCause = Unknown

      Id = {C9C8B17D-20E2-0000-3112-E2C9E220D201}; ClientMachine = XXXXXXXX; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1376; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : select CSDVersion from Win32_OperatingSystem; ResultCode = 0x80041032; PossibleCause = Unknown

      Id = {B9AFD564-20E4-0001-EB6A-DBB9E420D201}; ClientMachine = XXXXXXXX; User = NT AUTHORITY\SYSTEM; ClientProcessId = 1540; Component = Unknown; Operation = Start IWbemServices::ExecQuery - root\cimv2 : select Version from Win32_OperatingSystem; ResultCode = 0x80041032; PossibleCause = Unknown

      I'm not sure the reason for this, other than a KB article that claims the connection isn't closed properly.

      https://support.microsoft.com/en-us/kb/3124914

      RESOLUTION: The WMI client application should be modified to issue calls to IEnumWbemClassObject::Next to retrieve the full result set, before releasing the IWbemContext object. If no objects are received, make sure that the timeout value (lTimeout) is greater than 0 and that WBEM_S_TIMEDOUT (0x40004) is not being returned.```

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              timwelch Tim Welch
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: