Cannot-connect-to-CIM-server | Nutanix Community
Skip to main content

This article is a guide to resolving a failed Sandbox publish task that results in an error of "Cannot connect to CIM server.Access is denied".

The Sandbox Publish task fails with the following error:

{"reason":"FGA_PLAY_FAILED","description":"\"Play aborted due to failed task 'firewall:add-rules' with error-policy 'abort'. Task failure reason 
\"Adding the rule failed. Get-NetFirewallPortFilter : Cannot connect to CIM server. Access is denied. \r\nAt line:2 char:22\r\n+ $NegativeRuleList = Get-NetFirewallPortFilter 
| Where-Object {$_.Pro ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : ResourceUnavailable: (MSFT_NetProtocolPortFilter:String) [Get-NetFirewallPortFilter], 
Ci \r\n mJobException\r\n + FullyQualifiedErrorId : CimJob_BrokenCimSession,Get-NetFirewallPortFilter\r\n \r\nGet-NetFirewallPortFilter : 
Cannot connect to CIM server. Access is denied. \r\nAt line:7 char:22\r\n+ $PositiveRuleList = Get-NetFirewallPortFilter | Where-Object {$_.Pro ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo 
: ResourceUnavailable: (MSFT_NetProtocolPortFilter:String) [Get-NetFirewallPortFilter], Ci \r\n mJobException\r\n + FullyQualifiedErrorId : CimJob_BrokenCimSession,Get-NetFirewallPortFilter\r\n \r\nNew-NetFirewallRule :
 Cannot connect to CIM server. Access is denied. \r\nAt line:14 char:2\r\n+ New-NetFirewallRule -DisplayName 'Frame Port 88' -Direction Inbound ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : ResourceUnavailable: (MSFT_NetFirewallRule:String) [New-NetFirewallRule], CimJobExceptio \r\n n\r\n + FullyQualifiedErrorId : CimJob_BrokenCimSession,New-NetFirewallRule\r\n \r\n\"\""}

You will see the below error in the Frame Admin portal:


User-added image

Possible causes of such behaviour are:

  1. The Windows OS or Image is locked, PowerShell or scripts will not run under normal operation.
  2. The Execution of the commands is not allowed to run remotely.

Solution

f Windows OS is locked or PowerShell is blocked by any security application or software (for example, Nyotron Paranoid) complete the steps below:

  1. Bypass the security for the Sandbox
  2. Run the publish task
  3. Re-enable the security. 

If the PowerShell execution is not allowed remotely, follow the below steps:

  1. Open Computer Management Console. Right-click WMI Control (under Services and Applications) and click property.
  2. In the newly open Window, click on the Security tab.
  3. Expand Root tree, and then click on the node CIMV2, and click the button Security.
  4. In the newly open Window, click the button Advanced.
  5. In the newly open Window, click the button Add under the permission tab.
  6. In the newly open Window, click on “select a principal”, then search and add the account or group you want to have access as the principal, then click OK.
  7. In the 'Applies to', choose “this namespace and subnamespace”.
  8. For permission, check on “Execute Methods”, “Enable Accounts” and “Remote Enable”.
  9. Click accept on all the open dialogue boxes.
  10. Restart WMI services.
Be the first to reply!

Reply


Terms & Conditions