If this fails, your WMI is corrupted. Repair with DISM /Online /Cleanup-Image /RestoreHealth .
Then reboot and reinstall OMI if necessary.
Open PowerShell on the affected Windows machine and run:
If the manual query fails with a WMI-specific error, the repository on the Windows host may be corrupted. Run these commands in an on the target Windows machine: win32operatingsystem result not found via omi new
—often specifically noted as "NEW" in logs—it usually indicates a breakdown in communication between an Open Management Infrastructure (OMI) collector (like FortiSIEM or SCOM) and the target Windows machine.
Occasionally, the fault lies entirely within the target Windows machine. If the internal Windows Management Instrumentation repository becomes unstable or drops its registration schemas, remote queries for standard classes like Win32_OperatingSystem return empty objects. 📋 Comprehensive Troubleshooting Workflow
Before you start rebuilding repositories, check these common culprits: Authentication Snags : If you're using NTLM, try switching to Kerberos-auth . NTLM is notorious for causing cryptic OMI failures. Port Permissions If this fails, your WMI is corrupted
:
To verify if OMI can communicate independently of your monitoring software, use the omic tool directly from your collector’s CLI: /opt/phoenix/bin/omic -U DOMAIN/USER%PASSWORD // 'SELECT * FROM Win32_OperatingSystem' . FortiSIEM AIO - Collector questions and WMI/OMI issues
OMI communicates via WinRM (Windows Remote Management). If the listener is restricted to specific IP addresses or if the authentication headers (Basic vs. Kerberos) are mismatched, the handshake may fail before the query executes. 🔧 How to Resolve the Issue Explicitly Define the Namespace Open PowerShell on the affected Windows machine and
Get-CimInstance Win32OperatingSystem
When facing this issue, the troubleshooting approach should cover networking, permissions, and WMI health. 1. Validate Network and Port Connectivity
: Try switching from NTLM to Kerberos authentication. Users often find that NTLM fails to return results even when credentials are correct.