Skip to content
DataMiner DoJo

More results...

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Search in posts
Search in pages
Search in posts
Search in pages
Log in
Menu
  • Updates & Insights
  • Questions
  • Learning
    • E-learning Courses
    • Empower Replay: Limited Edition
    • Tutorials
    • Open Classroom Training
    • Certification
      • DataMiner Fundamentals
      • DataMiner Configurator
      • DataMiner Automation
      • Scripts & Connectors Developer: HTTP Basics
      • Scripts & Connectors Developer: SNMP Basics
      • Visual Overview – Level 1
      • Verify a certificate
    • Video Library
    • Books We Like
    • >> Go to DataMiner Docs
  • Expert Center
    • Solutions & Use Cases
      • Solutions
      • Use Case Library
    • Markets & Industries
      • Media production
      • Government & defense
      • Content distribution
      • Service providers
      • Partners
      • OSS/BSS
    • Agile
      • Agile Webspace
      • Everything Agile
        • The Agile Manifesto
        • Best Practices
        • Retro Recipes
      • Methodologies
        • The Scrum Framework
        • Kanban
        • Extreme Programming
      • Roles
        • The Product Owner
        • The Agile Coach
        • The Quality & UX Coach (QX)
    • DataMiner DevOps Professional Program
      • About the DevOps Program
      • DataMiner DevOps Support
  • Downloads
  • More
    • DataMiner Releases & Updates
    • Feature Suggestions
    • Climb the leaderboard!
    • Swag Shop
    • Contact
    • Global Feedback Survey
  • PARTNERS
    • All Partners
    • Technology Partners
    • Strategic Partner Program
    • Deal Registration
  • >> Go to dataminer.services

WMI vs WinRM fpr Windows Monitoring

Solved654 views16th September 2024Windows WinRM WMI
5
André Kaiser [DevOps Advocate]532 5th September 2024 0 Comments

Hi Dojo,

I recently read an article about a comparison of WMI API vs. WinRM for Windows system management and monitoring. There is the main difference between both methods to monitor a Windows OS as per https://support.quest.com/kb/4311903/comparison-between-dcom-wmi-and-winrm-technologies

“Both DCOM and WinRM use WMI to collect data about resources or to manage resources on a Windows OS.

DCOM

  • DCOM is older technology introduced with Windows NT.
  • It is enabled by default on many Windows server for historic reasons
  • It is considered obsolete and out of date by Microsoft. It is not recommended to use this protocol.
  • DCOM remains integrated into the Windows OS and is how many Windows services communicate – like Microsoft Management Console (MMC).
  • Since DCOM can run programs on other computers, hackers can leverage it for lateral movement attacks through your network, gaining access to more data. This activity can be difficult to detect because it’s not malware or hacker tools: all it takes to access DCOM is PowerShell. 

WinRM

  • WinRM is the more modern protocol and is recommended by Microsoft.
  • It is the protocol allowing for remote management of machines over http(s) using SOAP.
  • It can use port 80 and 443 for communication, a port that is usually always open by firewalls and client machines on a network. Ports 5985 and 5986 (SSL) are used in WinRM v2.
  • WinRM is more basically an HTTP based API for WMI. Data is returned formatted in XML rather than objects. Because WinRM is XML based, it will also pass through firewalls that performance packet inspection on port 80.
  • WinRM 1.1 had some smart code which allowed port 80/443 to be shared with IIS web servers. However when implementing network load balancing, as NLB takes control over the network stack it breaks this smart code. As a result MS had to move the WinRM ports to 5985 and 5986 for SSL in version 2.0
  • The ports must be open along with WinRM listener on the server which you want to manage remotely. Both Listener and port can be configured using WinRM command.
  • All WinRM data is encrypted using whatever the “Integrated Windows Authentication” is set to on the host machine (Either NTLM or Kerberos). Alternatively if you have a PKI setup you can setup SSL for use with WinRM on your internal network. If SSL is in use NTLM and Kerberos get ignored.
     

“Range of ports” 

  • Standard remote WMI queries use RPC to connect and RPC uses a mess of ports. First, the Collector would connect to the remote system over TCP 135. The remote system would then pick a high port and ask the Collector to use this new high port for future communications. The high port depends on the OS but current Windows uses ports 49152 thru 65535. If there is a firewall/router between the Collector the remote system and it’s not RPC/WMI-aware (being stateful is not enough), you need to open all of those ports between the two or modify Windows to limit the IP range but it would be global on that server.
  • Support recommends using a static port instead of a range of port for easier configuration: https://support.quest.com/kb/4289831″

There are quite some downsides with WMI, which we partially already faced in implementing WMI monitoring in large IT infrastructures. As per my knowledge the Microsoft Platform uses WMI as of today. Alternatively SNMP can be used for Microsoft monitoring. Is there any alternative integration using WinRM available already? If not, are there specific reasons against using WinRM for monitoring applications?

André Kaiser [DevOps Advocate] Selected answer as best 16th September 2024

1 Answer

  • Active
  • Voted
  • Newest
  • Oldest
1
Miguel Obregon [SLC] [DevOps Catalyst]19.12K Posted 8th September 2024 0 Comments

Hi Andre,

Thanks for your question. We do have plans in place to transition from WMI to WinRM.
At this moment, our primary focus is on integrating the two main ranges of the Microsoft Platform connector. As part of these efforts, we have established the following:

  • Features to be included: We have reviewed all the features present in the existing connector ranges and identified which ones will be included in the new merged version.
  • Performance: We have revised how the connector retrieves data from the Windows OS instance to enhance its performance.

The primary focus of these efforts is to have a single connector that can be used as starting point for the transition towards WinRM.

Regards,

André Kaiser [DevOps Advocate] Selected answer as best 16th September 2024
Please login to be able to comment or post an answer.

My DevOps rank

DevOps Members get more insights on their profile page.

My user earnings

0 Dojo credits

Spend your credits in our swag shop.

0 Reputation points

Boost your reputation, climb the leaderboard.

Promo banner DataMiner DevOps Professiona Program
DataMiner Integration Studio (DIS)
Empower Katas
Privacy Policy • Terms & Conditions • Contact

© 2025 Skyline Communications. All rights reserved.

DOJO Q&A widget

Can't find what you need?

? Explore the Q&A DataMiner Docs