I'm using Powershell to query a remote computer in a domain for a wmi object, eg: "gwmi -computer test -class win32_bios". I get this error message:
Value does not fall within the expected range
Executing the query local under the same user works fine. It seems to happen on both windows 2003 and also 2008 systems.
The user that runs the shell has admin rights on the local and remote server. I checked wmi and dcom permissions as far as I know how to do this, they seem to be the same on a server where it works, and another where it does not.
I think it is not a network issue, all ports are open that are needed, and it also happens within the same subnet.
When sniffing the traffic we see the following errors:
RPC: c/o Alter Cont Resp: Call=0x2 Assoc Grp=0x4E4E Xmit=0x16D0 Recv=0x16D0 Warning: GssAPIMechanism is not found, either caused by not reassembled, conversation off or filtering.
And an errormessage from Kerberos:
Kerberos: KRB_ERROR – KDC_ERR_BADOPTION (13)
The option code in the packet is 0x40830000
Any idea what I should look into?
Best Answer
Are you seeing event ID 673 in the security log? I suspect your workstation or your account is somehow not authenticating properly to the domain. I'd try the same query from the 2k8 system to the 2003 system and see if it fails. If it does try it with another account and see if that still fails. The kerberos error is referring to an anonymous login that was denied.