Log Name: Application
Event ID: 5605
The Root\MSCluster namespace is marked with the RequiresEncryption flag. Access to this namespace might be denied if the script or application does not have the appropriate authentication level. Change the authentication level to Pkt_Privacy and run the script or application again.
Note This is not specific to the Root\MSCluster namespace only, and the event may be logged with any namespace which is marked with RequiresEncryption flag (like root\cimv2\TerminalServices).
Note This warning can be logged even when the Authentication is set to PacketPrivacy and can be safely ignored as long as the queries work as expected.
a) Modify the ClusWMI.mof
For this, follow the steps:
- open C:\Windows\system32\wbem\ClusWMI.mof for editing and set [RequiresEncryption(FALSE)]
- recompile the ClusWMI.mof file by running "mofcomp C:\Windows\system32\wbem\ClusWMI.mof"
- restart the winmgmt service
Note This workaround has not been tested and confirmed by Microsoft for any security/supportability implications
b) Modify the authenticationLevel of the application doing the query
For this, Modify the registry with the following script on the System, from which the query is done/started:
Windows Registry Editor Version 5.00
Where <Guid> is an AppID Guid and the Applicationname.exe is the name of the application doing the WMI query.
For example wbemtest.exe in case you do the connection with the BuildIn WMI Test utility.
By applying the Workaround mentioned under b), the connect call to the namespace is already done with packet privacy and thus as a result, the event 5605 is not logged.
Setting the Default Process Security Level Using VBScript: http://msdn.microsoft.com/en-us/library/aa393618(VS.85).aspx
Securing Remote WMI connection: http://msdn.microsoft.com/en-us/library/aa393266.aspx
Requiring an Encrypted Connection to a Namespace : http://msdn.microsoft.com/en-us/library/aa393068(VS.85).aspx
Article ID: 2590230 - Last Review: Feb 18, 2014 - Revision: 1