Posted by Bhargav in Firewall, PowerShell, Windows Server

If you are Microsoft’s volume license customer or an MSDN subscriber, the question of tracking usage of your volume license activation may have surfaced. You may already know what Volume Activation Management Tool (VAMT) is. If you aren’t, you can read more about it here.

Since I often build and rebuild my lab VMs, I keep track of my licenses using VAMT 3.0. Today, I built a new physical server that is going to be a Hyper-V host within my lab infrastructure. I chose to build it with minimal overhead, thus selected option to deploy server core instead of full GUI. After I assigned IP and joined the domain, I was able to connect to it using Server Manager from another Server 2012 server which I routinely use for managing my lab hosts. However, when I tried to refresh it’s licensing data in VAMT, it gave me an error:

unable to connect to wmi service on remote machine

Since I was able to manage the server remotely using server manager, it was clear that firewall rules for remote management were enabled correctly. This was accomplished when I used sconfig to configure my host after it was installed. The screenshot below shows the option:

Looking at VAMT requirements, I figured, it has to be WMI access through firewall which isn’t configured. Here’s how you can check for it:

Get-NetFirewallRule -Enabled False | Where DisplayName -Match “Windows Management I” | FT Name,DisplayName –AutoSize

The result of the above cmdlet showed built-in WMI rules that were disabled in firewall:

Name DisplayName

—- ———–

WMI-RPCSS-In-TCP Windows Management Instrumentation (DCOM-In)

WMI-WINMGMT-In-TCP Windows Management Instrumentation (WMI-In)

WMI-WINMGMT-Out-TCP Windows Management Instrumentation (WMI-Out)

WMI-ASYNC-In-TCP Windows Management Instrumentation (ASync-In)

All I had to do was run the following to enable them:

Enable-NetFirewallRule -Name WMI-RPCSS-In-TCP,WMI-WINMGMT-In-TCP,WMI-WINMGMT-Out-TCP,WMI-ASYNC-In-TCP

Piping results from Get-NetFirewallRule to Enable-NetFirewallRule would have worked too.

After I enabled WMI rules, goes without saying, VAMT was able to connect to the host and verify licensing information.