Problem

Pushing an Agent with eDiscovery fails, and the Site Server log contains the error "AgentPush::Connect(): Init failed for machine: XXXX, reason: WMI error: 800706ba".

 

Resolution

  1. On the target machine, open Windows Firewall Advanced Settings
  2. On the left, click Inbound Rules
  3. Find and right-click the rule "Window Management Instrumentation (DCOM-In)" (over TCP port 135), for the Firewall Profile you are currently in, and choose "Enable Rule"
  4. Find and right-click the rule "Window Management Instrumentation (WMI-In)", for the Firewall Profile you are currently in, and choose "Enable Rule"

 

Test

You can test WMI communication to verify proper connectivity with the following steps:

  1. On the Site Server machine, open the WMI Management Console (wmimgmt.msc)
  2. Go to Action > Connect To Another Computer
  3. Select "Another Computer" and enter the IP of the target machine (where you wish to deploy the Agent), and click "OK"
  4. On the left, right-click the "WMI Control" entry for the desired machine and click "Properties"

If the "General" tab return the message "Successfully Connected to XXX" and information about the target machine, WMI Communication is working correctly.

If the "General" tab contains the message "Failed to connect to XXX because 'Win32: The RPC server is unavailable'", then WMI Communication is still blocked.

 

Notes

  • While WMI is initiated over port 135, WMI communication uses ephemeral ports
  • WMI rules can also be changed via Domain Policies
  • If you wish to use the target's machine name rather than IP, you must also enable the Firewall rule "Network Discovery (NB-Name-In)" over UDP port 137
  • For additional detail about WMI error codes, see this link from Microsoft. https://msdn.microsoft.com/en-us/library/aa394603(v=vs.85).aspx

 

Cause

WMI communication is blocked on the target.