VAMT unable to connect to wmi service on remote machine

January 28, 2013

If you are Microsoft’s volume license customer or an MSDN subscriber, the question of tracking usage of your volume license activation may have surfaced. You may already know what Volume Activation Management Tool (VAMT) is. If you aren’t, you can read more about it here.

Since I often build and rebuild my lab VMs, I keep track of my licenses using VAMT 3.0. Today, I built a new physical server that is going to be a Hyper-V host within my lab infrastructure. I chose to build it with minimal overhead, thus selected option to deploy server core instead of full GUI. After I assigned IP and joined the domain, I was able to connect to it using Server Manager from another Server 2012 server which I routinely use for managing my lab hosts. However, when I tried to refresh it’s licensing data in VAMT, it gave me an error:

unable to connect to wmi service on remote machine

Since I was able to manage the server remotely using server manager, it was clear that firewall rules for remote management were enabled correctly. This was accomplished when I used sconfig to configure my host after it was installed. The screenshot below shows the option:

Looking at VAMT requirements, I figured, it has to be WMI access through firewall which isn’t configured. Here’s how you can check for it:

Get-NetFirewallRule -Enabled False | Where DisplayName -Match “Windows Management I” | FT Name,DisplayName –AutoSize

The result of the above cmdlet showed built-in WMI rules that were disabled in firewall:

Name                                         DisplayName
—-                                              ———–
WMI-RPCSS-In-TCP                Windows Management Instrumentation (DCOM-In)
WMI-WINMGMT-In-TCP      Windows Management Instrumentation (WMI-In)
WMI-WINMGMT-Out-TCP   Windows Management Instrumentation (WMI-Out)
WMI-ASYNC-In-TCP               Windows Management Instrumentation (ASync-In)

All I had to do was run the following to enable them:

Enable-NetFirewallRule -Name WMI-RPCSS-In-TCP,WMI-WINMGMT-In-TCP,WMI-WINMGMT-Out-TCP,WMI-ASYNC-In-TCP

Piping results from Get-NetFirewallRule to Enable-NetFirewallRule would have worked too.

After I enabled WMI rules, goes without saying, VAMT was able to connect to the host and verify licensing information.

Like this:

Like Loading...

CATEGORY: Firewall PowerShell Windows Server

Tags:
Server Core
VAMT
Windows Server 2012
WMI

Karthick says:
April 4, 2017 at 3:17 pm

Thanks for your info. Could you please let us know the port required to open in firewall if the client is within a DMZ zone.

Loading...

Reply
- Bhargav says:
  April 24, 2017 at 6:50 pm
  
  I am sorry, I am not sure which VAMT ports are required from DMZ. I would assume it uses HTTP/HTTPS to communicate with Microsoft servers when checking license status.
  
  Loading...
  
  Reply
Jonathan says:
August 13, 2018 at 10:42 am

Karthick, Did you figure out the required ports ? Thanks

Loading...

Reply

VAMT unable to connect to wmi service on remote machine

Recent Posts

Recent Comments