What is a one sentence summary of your feature request?
Add CIM through HTTP/WinRM as an alternative to WMI through RPC/DCOM and optimize timeouts
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
At first: WMI is the MS way of implementing the public standard CIM - as they did it decades ago. Now with Microsoft would like to use CIM with a “modern” transport protocol TCP&HTTP(S) instead of DCOM and PingCastle should do that as well. Both ways are possible and should be tried in PingCastle.
Your WMI queries seems to rely on the “old” WMI through DCOM and in my environment did not even try to do modern CIM connection through http(s).
As described in the following article focuses on PowerShell WMI/CIM commands but the main information is: The big difference between the WMI cmdlets and the CIM cmdlets is that the CIM cmdlets use WSMAN (WinRM) to connect to remote machines and there is more like The big drawback to the WMI cmdlets is that they use DCOM to access remote machines. DCOM isn’t firewall friendly, can be blocked by networking equipment, and gives some arcane errors when things go wrong.
Source: Should I use CIM or WMI with Windows PowerShell? - Scripting Blog [archived]
In customer environments where the computer running pingcastle can’t reach all targets the TCP Timeout for the WMI Query is really high and at least one DC not available with RPC 135 delays the execution by about a minute - 6 DCs = 6 minutes of time wasted.
More about CIM from MS and there are some links to the public specs: CIM Schema Compatibility - Win32 apps | Microsoft Learn
| Technology | Ports | Protocol | Status |
|---|---|---|---|
| Classic “WMI” (DCOM/RPC) | TCP 135 + dynamic 49152–65535 | DCOM / RPC | Old (until now it is not deprecated) |
| CIM “New WMI” (WinRM/HTTP) | TCP 5985 (HTTP), 5986 (HTTPS) | WS-Management | Modern |
ToDo:
- Implement CIM
- Prefer CIM over WMI
- Keep WMI as an alternative method
- Optimize both so that the tcp timeout is reduced
- allow more parallel WMI/CIM queries
How do you currently solve the challenges you have by not having this feature?
In most customer environments the DCs aren’t that separated. Sometimes old orphaned DC objects increase the execution time as well.
Currently waiting longer or ask to open the ports is the way to go.
Just a guess…
I expect that someday the old WMI method will be deprecated and later disabled by default. For now there seems to be nothing official about that.