Every 5 minutes I have a couple of failed login attempts from a Biztalk server to the SQL server.
Login failed for user 'DOMAIN\SERVER01$'. Reason: Token-based
server access validation failed with an infrastructure error. Check
for previous errors
I traced the failed logins to back to a service on the Biztalk server. The failed PIDs were pointing to a wmiprvse.exe that was using a LOCAL SERVICE.
I know I could either grant the Biztalk server access to the SQL server or I could change that service to run with a different account BUT I'd like to know what is using the WMI service before doing this.
How can you tell what is using the WMI service?
Best Answer
tracing WMI activity
http://msdn.microsoft.com/en-us/library/windows/desktop/aa826686%28v=vs.85%29.aspx
Logging WMI activity
http://msdn.microsoft.com/en-us/library/windows/desktop/aa392285%28v=vs.85%29.aspx