Jump to content

Marcos

Administrators
  • Content Count

    22,669
  • Joined

  • Last visited

  • Days Won

    952

Posts posted by Marcos

  1. Basically WMI is fully scanned only if you run "Scan your computer" or if you run a custom scan and select WMI as a target.

    According to MS the code means:

    WMI-Activity Error 5858 with ResultCode = 0x80041032 (WBEM_E_CALL_CANCELLED) indicates that the WMI caller has successfully issued IWbemServices:ExecQuery, but has released the IWbemContext object before retrieving the full result set using the IEnumWbemClassObject::Next method. If the WMI service is still holding data for the client when the client terminates the link (by releasing the IWbemContext object), this event will be logged.

    This error can happen if the WMI application calls IEnumWbemClassObject::Next with a timeout value (lTimeout) that is not long enough to retrieve the object being queried, and is not checking for a return code of WBEM_S_TIMEDOUT (0x40004) in order to issue the request again.

    I assume that during a WMI scan it took long for the system to provide the scanner with the requested data. Just ignore the error. Also don't run WMI scans if you need to run just a quick disk scan.

  2. According to the logs you have a backup software installed. Couldn't it be that a backup is running when the issue occurs?

    Please enable advanced operating system logging in the adv. setup -> tools -> diagnostics when the issue is manifesting. Disable logging after 30-60s to prevent the log from growing too much. Then compress the log C:\ProgramData\ESET\ESET Security\Diagnostics\EsetPerf.etl, upload it to a safe location and drop me a message with a download link.

  3. No special rule to allow specifically IPv6 communication is needed.  You can:

    - temporarily use learning mode to create permissive rules automatically
    - on a client run the firewall troubleshooting wizard to view a list of recently blocked communications and unblock the desired one(s). You can then check the created rule and apply the same rule via a policy.

  4. I've found a similar ticket with this resolution:

    Windows ESMC 7.2 server uses by default LDAPS protocol. By selecting check box LDAP fallback, standard LDAP protocol is used.

    For successful connection to Active Directory with LDAPS protocol it is necessary to meet this requirements:
    1. FQDN of a domain controller must be used. IP address is no longer enough.
    2. Domain controller must have installed issued machine certificate. This can be checked by opening mmc -> Certificates (Local machine) -> Personal certificates -> a certificate with FQDN of the domain controller must be present there.

    It is possible to use for testing LDP tool that is part of Remote Server Administration Tools (RSAT). It is a Windows feature that must be added. After the tool is installed, execute it and from the menu select Connect, fill in DC's FQDN, port 636 and select checkbox SSL. A connection must succeed. Otherwise machines are not configured properly.

    To issue a certificate for your domain controller, you must do following:
    1. Install Active Directory Certification Authority (AD CA) role and finish the configuration. At the end a new certification authority would be present in Trusted Root Certificates.
    2. Navigate to mmc -> Certificates (Local machine) -> Personal certificates -> right click into the empty pane -> All tasks -> New certificate -> Enroll Domain Controller role. This should produce a new certificate with DC's FQDN and place it into Personal certificates.

×
×
  • Create New...