Possible Impersonation Issue?

I seem to have several issues with a Server 2003 domain, they cropped up
because of *something* I changed.
I have 2 DCs in a central site, and 5 distributed in 5 sites. All are
Server 2003 except one of the remote sites. No SP1.
Symptoms:
1. when connecting to DC through compmgmt.msc, connection succeeds, but
there is an error on opening the Event Viewer "Either a required
impersonation level was not provided, or the provided impersonation level is
invalid." This is done when logged in/connecting as a Domain Admin. But
this happens on only two of the DCs. I can open the Event Viewer on all the
others.
2. WMI scripts that I have used for months started failing on all DCs. I
have done extensive troubleshooting, from the technet WMI faq. I am
connecting through DCOM, but all scripted WQL queries fail. Using
WBEMtest.exe, I can connect remotely, and enumerate classes. I went into WMI
Security, and gave both the Domain Admins and even myself explicit "full
control" permissions, and restarted the WMI service, scripts still fail.
Makes no difference if I run scripts from admin workstation, termed into the
DC, or logged in to the DC console. Opening WMI control (from the WMI
Control properties in the MMC) gives Access Denied errors for the
Win32_Processor and Win32_OperatingSystem. I can configure security locally,
but not remotely (this is by design ?) I have rebuilt WMI by deleting the
repository directory, and re-registered the executables and the dlls. No
help.
3. I can no longer connect remotely to the registries on the same 2 DCs as
in #1 above. Remote Registry service running on both the admin workstation
and servers.

I _think_ this may be because I added an Impersonation config to the domain
GPO. But I have since undone it, and returned it to Not Configured.

Any troubleshooting suggestions?

If the "nuclear option" becomes necessary, can I do an unattended install of
Server 2003 (<cd drive>:i386\winnt32.exe /unattend) and not kill the domain?

Thanks in advance!
Regards,
nos
.

Relevant Pages

  • FlexWATCH-Webs 2.2 (NTSC) Authorization Bypass
    ... Exploitation: Remote with browser ... as their security surveillance server, it is ridiculous that a company ... XSS appears and the server allows an attacker to inject & execute scripts. ...
    (Bugtraq)
  • Re: newbie: connect to wmi remotely
    ... can you please help me with the remote access via wmi. ... acl on a share on a server in the same w2k3 domain. ...
    (microsoft.public.scripting.wsh)
  • remote connecttion failed based on the wmi??
    ... A application of basing on the WMI of pragrammed in the CSharp,always can not ... connect the remote machine.This problem happened in "WMI SDK CIM STUDIO" ... also.The hint of "access denied" appeared the screen even if all server are ... Event watcher try run ...
    (microsoft.public.dotnet.framework)
  • Re: WMI and MAX_PATH limitation?
    ... I'd be happy to use this, but it's not compatible with WMI and it's not a WMI solution. ... WMI is a client/server technology; when you enum files on a remote server, the handle to the enumeration is communicated back to the client. ...
    (microsoft.public.win32.programmer.wmi)
  • RE: Connecting to remote servers with scripting object
    ... > Prerequisite to running remote scripts. ... > Remote WSH, which is a new technology included in WSH 5.6, provides the ... use Poledit.exe on the server. ...
    (microsoft.public.windows.server.scripting)
Loading