Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-12788

Use newer protocol versions for remote DCOM WMI

    XMLWordPrintable

    Details

    • Sprint:
      Horizon 2020 - Sept 16-30, Horizon 2020 - Sept 30-Oct 14
    • HB Backlog Status:
      Backlog

      Description

      Yeah I know who in their right mind would care what the remote DCOM WMI code does in the year 2020 but also currently it has two significant deficiencies that are pretty easily rectified:

      As is, it uses NTLMv1 for authentication and NTLMv2 for sessions. I didn't know that was possible either, but I found this document helpful in understanding what the various options for NTLM are. Fortunately, turning on full NTLMv2 support involves adding a single line to WmiClient.

      Additionally, the version of j-interop and jcifs in use utilize SMBv1 which folks are encouraged to disable and which is no longer installed by default in Server 2016. Fortunately somebody else has already patched them to use SMBv2 and it works pretty okay-ish just by swapping out the jars. A small modification to WmiManager makes it work more betterer, as hosts return an error code about a lack of pipes being available (0x000000AC) when they haven't been queried in awhile, but immediately retrying is successful in every instance I've seen thus far. Will be submitting a PR for this shortly.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              fooker Dustin Frisch
              Reporter:
              schlend David Schlenk
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                HB Grooming Date:

                  Git Integration