Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

LLDP/CDP #196

Closed
brianandcamera opened this issue Jun 12, 2019 · 44 comments
Closed

LLDP/CDP #196

brianandcamera opened this issue Jun 12, 2019 · 44 comments

Comments

@brianandcamera
Copy link

There are a few tools that can pull LLDP/CDP information off the wire so you can find out easily what port/device you're plugged into. Would be handy to have this rolled into the toolkit.

@BornToBeRoot
Copy link
Owner

I like this idea. Can you send me a tool/screenshot how this feature looks in other tools?

@brianandcamera
Copy link
Author

brianandcamera commented Jun 12, 2019 via email

@BornToBeRoot
Copy link
Owner

I did a bit of research...

  1. In Windows 8.1 / 10, you can capture network packages with powershell... that has the adavantage that you don't need an additional driver like pcap or WinPcap (last one looks like it's not supported anymore).
    The PowerShell scripts/command can be embedded in .net/c# with System.Management.Automation
    To capture packages from the network adapter, the application needs to run as administrator.

The only disadvantage I see, the captured packages are written to a file... There is no feedback/output as soon as the package arrived. You always have to wait 31 seconds (lldp default is 30 seconds), until the file can be parsed.

  1. It should be possible to parse the captured lldp packages with PacketDotNet

It don't know if this libary supports CDP. I also have only devices who send lldp-packages...

PacketDotNet usage: https://github.com/chmorgan/packetnet/blob/78d1c7533ee5ecc13ef9354c34e4c0d9c7f1e8b5/Test/PacketType/LldpTest.cs#L203

@RafalNiewinski
Copy link

Sounds great.
I think it should be placed in the Interface detail view with button to restart application with administrator permission in case if it isn't.

@BornToBeRoot BornToBeRoot changed the title LLDP/CDP Information LLDP/CDP Aug 15, 2019
@BornToBeRoot BornToBeRoot pinned this issue Aug 15, 2019
@BornToBeRoot
Copy link
Owner

Finally i found some time for this feature... the app needs to run as administrator to capture network packets. It don't need any special driver like WinPcap. I found a script doing the capturing with PowerShell and NetEventSession and NetEventPacketCaptureProvider. A modified version of this script is compiled into the application.

issue-196

Would be great if you can test the feature agains your network devices. I have only one switch model with LLDP.

The interval for LLDP packages is 30 seconds and for CDP packages 60 seconds.

Download: NETworkManager_2020.1.0_Portable_issue-196.zip

Source: https://github.com/BornToBeRoot/NETworkManager/tree/issue-196

@BornToBeRoot
Copy link
Owner

If for some reason the NetEventSession does not end properly (e.g. if you close the application or when it crashes during capturing)... run the following command...

PowerShell as admin:

~#    Get-NetEventSession |Stop-NetEventSession | Remove-NetEventSession

@BornToBeRoot BornToBeRoot mentioned this issue Jan 4, 2020
@brianandcamera
Copy link
Author

brianandcamera commented Jan 5, 2020 via email

@BornToBeRoot
Copy link
Owner

Freature is merged into the master and will be available in the next release.

@BornToBeRoot BornToBeRoot unpinned this issue Jan 7, 2020
@RafalNiewinski
Copy link

Confirm that it also works for me

@PCAssistSoftware
Copy link

Not working for me, but running another tool (https://github.com/chall32/LDWin) works fine.

Any thoughts?

See image below of results from working tool

Thanks

image

@BornToBeRoot
Copy link
Owner

BornToBeRoot commented Jan 8, 2020

CDP or LLDP?

Currently no error or warnings are displayed...

Edit:
Can you try this powershell module:
https://github.com/lahell/PSDiscoveryProtocol

I use this to capture the packages

@BornToBeRoot BornToBeRoot reopened this Jan 8, 2020
@PCAssistSoftware
Copy link

CDP I assume as it is a Cisco Catalyst 2960S-24TS-L switch

Okay will try that now and report back

@PCAssistSoftware
Copy link

Results below for powershell script which seems to work okay:-

PS C:\WINDOWS\system32> $Packet = Invoke-DiscoveryProtocolCapture -Type cdp
PS C:\WINDOWS\system32> Get-DiscoveryProtocolData -Packet $Packet

Port : GigabitEthernet1/0/12
VLAN : 1
IPAddress : 192.168.20.1
Model : cisco WS-C2960S-24TS-L
Device : NBR-SW-01
Computer : D2.xxx.local
Type : CDP

@BornToBeRoot
Copy link
Owner

Okay. So it's something with the code to control the script/get the result.

Thanks

@PCAssistSoftware
Copy link

Anything at all I can do to test just let me know

@BornToBeRoot BornToBeRoot pinned this issue Jan 9, 2020
@BornToBeRoot
Copy link
Owner

@wingers999 Can you build and test the latest commit 20371fc

@PCAssistSoftware
Copy link

Yes no problem, will get on it tomorrow and report back to you

@PCAssistSoftware
Copy link

If I select LLDP / CDP I get error as below image

image

If I select just CDP then I now get results

image

@PCAssistSoftware
Copy link

PCAssistSoftware commented Jan 11, 2020

I then ran it again with LLDP/CDP selected and got

image

@BornToBeRoot
Copy link
Owner

BornToBeRoot commented Jan 18, 2020

@wingers999
Can you try this again without the -type cdp, this is the "LLDP / CDP" in the dropdown.

PS C:\WINDOWS\system32> $Packet = Invoke-DiscoveryProtocolCapture
PS C:\WINDOWS\system32> Get-DiscoveryProtocolData -Packet $Packet

This is the only difference to my code.

I have no cisco switch... it's hard to reproduce/debug the issue

@PCAssistSoftware
Copy link

Output below is what I get if I don't specify type - lots of errors:-

Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

PS C:\WINDOWS\system32> $Packet = Invoke-DiscoveryProtocolCapture
New-NetEventSession : The WS-Management service cannot process the request. The WMI service or the WMI provider
returned an unknown error: HRESULT 0x80080005
At C:\Program Files\WindowsPowerShell\Modules\PSDiscoveryProtocol\1.1.0\PSDiscoveryProtocol.psm1:155 char:28
+ ...  $Session = New-NetEventSession -Name $SessionName -LocalFilePath $ET ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_NetEventSession:root/StandardCimv2/MSFT_NetEventSession) [New-NetEve
   ntSession], CimException
    + FullyQualifiedErrorId : HRESULT 0x80080005,New-NetEventSession
    + PSComputerName        : D20454

Add-NetEventPacketCaptureProvider : The requested object could not be found.
At C:\Program Files\WindowsPowerShell\Modules\PSDiscoveryProtocol\1.1.0\PSDiscoveryProtocol.psm1:171 char:17
+ ...             Add-NetEventPacketCaptureProvider @PacketCaptureParams |  ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (MSFT_NetEventPacketCaptureProvider:root/StandardCi...CaptureProvider) [
   Add-NetEventPacketCaptureProvider], CimException
    + FullyQualifiedErrorId : MI RESULT 6,Add-NetEventPacketCaptureProvider
    + PSComputerName        : D20454

Add-NetEventNetworkAdapter : One or more parameter values passed to the method were invalid.
At C:\Program Files\WindowsPowerShell\Modules\PSDiscoveryProtocol\1.1.0\PSDiscoveryProtocol.psm1:172 char:17
+ ...             Add-NetEventNetworkAdapter -Name $Adapter.Name -Promiscuo ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (MSFT_NetEventNetworkAdapter:root/StandardCi...tNetworkAdapter) [Add-Ne
   tEventNetworkAdapter], CimException
    + FullyQualifiedErrorId : MI RESULT 4,Add-NetEventNetworkAdapter
    + PSComputerName        : D20454

Start-NetEventSession : D20454: No MSFT_NetEventSession objects found with property 'Name' equal to
'Capture-2020-01-18T12:26:26'.  Verify the value of the property and retry.
At C:\Program Files\WindowsPowerShell\Modules\PSDiscoveryProtocol\1.1.0\PSDiscoveryProtocol.psm1:174 char:17
+ ...             Start-NetEventSession -Name $SessionName -CimSession $Cim ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Capture-2020-01-18T12:26:26:String) [Start-NetEventSession], CimJobExce
   ption
    + FullyQualifiedErrorId : CmdletizationQuery_NotFound_Name,Start-NetEventSession
    + PSComputerName        : D20454

Stop-NetEventSession : D20454: No MSFT_NetEventSession objects found with property 'Name' equal to
'Capture-2020-01-18T12:26:26'.  Verify the value of the property and retry.
At C:\Program Files\WindowsPowerShell\Modules\PSDiscoveryProtocol\1.1.0\PSDiscoveryProtocol.psm1:185 char:17
+ ...             Stop-NetEventSession -Name $SessionName -CimSession $CimS ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Capture-2020-01-18T12:26:26:String) [Stop-NetEventSession], CimJobExcep
   tion
    + FullyQualifiedErrorId : CmdletizationQuery_NotFound_Name,Stop-NetEventSession
    + PSComputerName        : D20454

Cannot bind argument to parameter 'Path' because it is null.
    + CategoryInfo          : InvalidData: (:) [Get-WinEvent], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.GetWinEvent
   Command
    + PSComputerName        : D20454

Remove-NetEventSession : D20454: No MSFT_NetEventSession objects found with property 'Name' equal to
'Capture-2020-01-18T12:26:26'.  Verify the value of the property and retry.
At C:\Program Files\WindowsPowerShell\Modules\PSDiscoveryProtocol\1.1.0\PSDiscoveryProtocol.psm1:223 char:17
+ ...             Remove-NetEventSession -Name $SessionName -CimSession $Ci ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Capture-2020-01-18T12:26:26:String) [Remove-NetEventSession], CimJobExc
   eption
    + FullyQualifiedErrorId : CmdletizationQuery_NotFound_Name,Remove-NetEventSession
    + PSComputerName        : D20454

WARNING: No discovery protocol packets captured on D20454 in 62 seconds.
PS C:\WINDOWS\system32> Get-DiscoveryProtocolData -Packet $Packet
Get-DiscoveryProtocolData : Cannot bind argument to parameter 'Packet' because it is null.
At line:1 char:35
+ Get-DiscoveryProtocolData -Packet $Packet
+                                   ~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Get-DiscoveryProtocolData], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Get-DiscoveryProtocolData

PS C:\WINDOWS\system32>

@PCAssistSoftware
Copy link

If I specify type I get:-

PS C:\WINDOWS\system32> $Packet = Invoke-DiscoveryProtocolCapture -type CDP
PS C:\WINDOWS\system32> Get-DiscoveryProtocolData -Packet $Packet


Port      : GigabitEthernet2/0/12
VLAN      : 1
IPAddress : 192.168.20.1
Model     : cisco WS-C2960S-24TS-L
Device    : NOR-SW-01
Computer  : D20454.lb.local
Type      : CDP


PS C:\WINDOWS\system32>

@PCAssistSoftware
Copy link

My suggestion would be that if user selects LLDP/CDP then it does a scan for each separately and shows results rather than doing it without the type switch? or just have them separate, but I personally would like to do both together as on some networks you don't know what switches you have until you do a scan

@BornToBeRoot BornToBeRoot unpinned this issue May 27, 2020
@BornToBeRoot
Copy link
Owner

May be fixed in the next release.

@BornToBeRoot
Copy link
Owner

Test build

URL: https://cloud.borntoberoot.net/s/xZtPE6dMa4Sac4i
Password: NETworkManager#2021

@PCAssistSoftware
Copy link

Hi, Happy to test, but any chance of a portable build that doesn't require .NET 5 as don't particularly want to install this on my production servers yet

@PCAssistSoftware
Copy link

Okay found a couple of computers and a server with .NET 5 on - on client machines I am not finding any discovery protocol packets, even though I know I have devices on network which support both protocols

And on the server I get:

image

@BornToBeRoot
Copy link
Owner

@wingers999 thanks for trying it.

Does it work with (my fork) of the PSDIscoveryProtocol on the clients? https://github.com/BornToBeRoot/PSDiscoveryProtocol

I can only test LLDP and currently only on ubiquiti devices (UDM, USW-8 - both work). I assume you have Cisco?


What versions are you running on the server?

  • Windows
  • NET-Framework / Core
  • PowerShell / Core

After some research:
The error happens because i use PowerShell 7 (Microsoft.PowerShell.SDK) and the module netadaper (the version on your server) is not compatible with it . PowerShell 7 will then create an local pssession to Windows PowerShell 5.1

The second message "Unable to find a connected wired adapter on ..." is thrown by PSDiscoveryProtocol after executing this command

Get-NetAdapter -Physical |  Where-Object { $_.Status -eq 'Up' -and $_.InterfaceType -eq 6 } |  Select-Object -First 1 Name, MacAddress

Maybe you can test this also

@PCAssistSoftware
Copy link

PCAssistSoftware commented May 2, 2021

Windows Server 2016
.NET 4.8 and 5.0.5
PowerShell 7.1.3.0

I have both Cisco and HP

Running the Get-NetAdapter command in Powershell 7 on the server returns nothing at all, see results below:

PS C:\Windows\System32> Get-NetAdapter -Physical | Where-Object { $.Status -eq 'Up' -and $.InterfaceType -eq 6 } | Select-Object -First 1 Name, MacAddress
PS C:\Windows\System32> Get-NetAdapter

Name InterfaceDescription ifIndex Status MacAddress LinkSpeed


                                                                    6              D0-94-66-17-E0-67
                                                                    4              D0-94-66-17-E0-66

PS C:\Windows\System32>

Very odd as definitely has a physical network adapter which is working fine...

Running PSDiscoveryProtocol on the server also gives me "WARNING: Unable to find a connected wired adapter on xxx1."

Running PSDiscoveryProtocol on client gives me "no discovery protocol packets captured" for both LLDP and CDP

Running PSDiscoveryProtocol on client but capturing on remote server e.g.

'xxx1', 'xxx2' | Invoke-DiscoveryProtocolCapture -Type CDP | Get-DiscoveryProtocolData

Returns

Port : GigabitEthernet1/0/12 VLAN : 1 Management : {192.168.20.1} IPAddress : {192.168.20.1} Device : SW-01 Model : cisco WS-C2960X-24TD-L Computer : xxx1.lb.local Type : CDP

Remove-Item: Cannot remove item C:\Users\administrator.LB\AppData\Local\Temp\tmp2F87.etl: The process cannot access the file 'C:\Users\administrator.LB\AppData\Local\Temp\tmp2F87.etl' because it is being used by another process.
Port : GigabitEthernet1/0/12
VLAN : 1
Management : {192.168.20.1}
IPAddress : {192.168.20.1}
Device : SW-01
Model : cisco WS-C2960X-24TD-L
Computer : xxx2.lb.local
Type : CDP

Happy to do any other testing needed

@BornToBeRoot
Copy link
Owner

This is the function my Tool uses: Running PSDiscoveryProtocol on client gives me "no discovery protocol packets captured" for both LLDP and CDP

Did you use the my fork (https://github.com/BornToBeRoot/PSDiscoveryProtocol/) which doesn't require WinRM on the local client?

We need to get this to work 😄

@PCAssistSoftware
Copy link

Yes I downloaded and used your fork

@PCAssistSoftware
Copy link

Just tried again on another computer - client running Windows 10

Command run and output below:-

PS C:\Windows\System32> $Packet = Invoke-DiscoveryProtocolCapture
Write-Error: C:\Users\administrator.LB\Documents\PowerShell\Modules\PSDiscoveryProtocol\1.2.0\PSDiscoveryProtocol.psm1:223
Line |
223 | Write-Error -Exception $_
| ~~
| Cannot bind parameter 'Exception'. Cannot convert the "The WS-Management service cannot process the
| request. The WMI service or the WMI provider returned an unknown error: HRESULT 0x80080005 " value of | type "System.Management.Automation.ErrorRecord" to type "System.Exception". Add-NetEventPacketCaptureProvider: C:\Users\administrator.LB\Documents\PowerShell\Modules\PSDiscoveryProtocol\1.2.0\PSDiscoveryProtocol.psm1:241 Line | 241 | … Add-NetEventPacketCaptureProvider @PacketCaptureParams | … | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | The WS-Management service cannot process the request. The WMI service or the WMI provider returned an | unknown error: HRESULT 0x80080005 Add-NetEventNetworkAdapter: C:\Users\administrator.LB\Documents\PowerShell\Modules\PSDiscoveryProtocol\1.2.0\PSDiscoveryProtocol.psm1:242 Line | 242 | … Add-NetEventNetworkAdapter -Name $Adapter.Name -Promiscuo … | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | The WS-Management service cannot process the request. The WMI service or the WMI provider returned an | unknown error: HRESULT 0x80080005 Start-NetEventSession: C:\Users\administrator.LB\Documents\PowerShell\Modules\PSDiscoveryProtocol\1.2.0\PSDiscoveryProtocol.psm1:244 Line | 244 | … Start-NetEventSession -Name $SessionName -CimSession $Cim … | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | The WS-Management service cannot process the request. The WMI service or the WMI provider returned an | unknown error: HRESULT 0x80080005

Stop-NetEventSession: C:\Users\administrator.LB\Documents\PowerShell\Modules\PSDiscoveryProtocol\1.2.0\PSDiscoveryProtocol.psm1:255
Line |
255 | … Stop-NetEventSession -Name $SessionName -CimSession $CimS …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| The WS-Management service cannot process the request. The WMI service or the WMI provider returned an
| unknown error: HRESULT 0x80080005

Write-Error: Cannot bind parameter 'Exception'. Cannot convert the "Insufficient information exists to identify the cause of failure" value of type "System.Management.Automation.ErrorRecord" to type "System.Exception".
Remove-NetEventSession: C:\Users\administrator.LB\Documents\PowerShell\Modules\PSDiscoveryProtocol\1.2.0\PSDiscoveryProtocol.psm1:298
Line |
298 | … Remove-NetEventSession -Name $SessionName -CimSession $Ci …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| The WS-Management service cannot process the request. The WMI service or the WMI provider returned an
| unknown error: HRESULT 0x80080005

WARNING: No discovery protocol packets captured on D20454 in 62 seconds.

@PCAssistSoftware
Copy link

As I say happy to do any testing needed, just tell me what you want run and where

@BornToBeRoot
Copy link
Owner

This is a WinRM error message (which shouldn't be used in this case): The WMI service or the WMI provider returned an | unknown error: HRESULT 0x80080005

I think it's still loading the original module (maybe installed via PSGalery).

The commands (in the error message) have a "-CimSession" parameter... I replaced them in the fork with powershell "splatting" and the command should look like this Start-NetEventSession -Name $SessionName @CimSession.

Maybe remove the module first and then load it with:

Remove-Module PSDiscoveryProtocol
Import-Module .\PSDiscoveryProtocol\PSDiscoveryProtocol.psm1

You could also try if it makes a difference in Windows PowerShell (5) and PowerShell Core 7.

If this works, then we can continue testing with the NETworkManager.

@PCAssistSoftware
Copy link

Tried remove but said didn't exist, but then installed your version again as per your reply and re-ran some tests

Remove-Module PSDiscoveryProtocol
Remove-Module: No modules were removed. Verify that the specification of modules to remove is correct and those modules exist in the runspace.

Running from a Windows 10 Client specifying server I know is connected to Cisco switch - using PowerShell Core 7:

PS C:\Users\administrator.LB\Documents\WindowsPowerShell\Modules> $Packet = Invoke-DiscoveryProtocolCapture -ComputerName xxxxx
Stop-NetEventSession: C:\Users\administrator.LB\Documents\WindowsPowerShell\Modules\PSDiscoveryProtocol\PSDiscoveryProtocol.psm1:270 Line | 270 | Stop-NetEventSession -Name $SessionName @CimSession | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | LB-ITSEC: No MSFT_NetEventSession objects found with property 'Name' equal to | 'Capture-2021-05-04T21:00:00'. Verify the value of the property and retry.

Remove-NetEventSession: C:\Users\administrator.LB\Documents\WindowsPowerShell\Modules\PSDiscoveryProtocol\PSDiscoveryProtocol.psm1:318
Line |
318 | Remove-NetEventSession -Name $SessionName @CimSession
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| LB-ITSEC: No MSFT_NetEventSession objects found with property 'Name' equal to
| 'Capture-2021-05-04T21:00:00'. Verify the value of the property and retry.

PS C:\Users\administrator.LB\Documents\WindowsPowerShell\Modules>

Running from a Windows 10 client just using Invoke-DiscoveryProtocolCapture get several errors with both PS5 and PS7 before it then shows progress bar of capture running for 60 seconds, and then more errors after wards - PS7 results below:

image

Running directly on server using PowerShell 5 - it works:

PS C:\Users\administrator.LB\Documents\WindowsPowerShell\Modules> Invoke-DiscoveryProtocolCapture

IsDiscoveryProtocolPacket : True
DiscoveryProtocolType : CDP
SourceAddress : C47295FA720C
MachineName : xxxxx.lb.local
TimeCreated : 04/05/2021 21:02:42
FragmentSize : 478
Fragment : {1, 0, 12, 204...}

Running directly on server using Powershell 7 - I get error:

PS C:\Users\administrator.LB\Documents\WindowsPowerShell\Modules> Invoke-DiscoveryProtocolCapture
WARNING: Unable to find a connected wired adapter on xxxxx.

@BornToBeRoot
Copy link
Owner

I have no idea why it fails on your systems. I try to test it on some different systems and may setup some vms/server to test it.

Maybe @lahell has an idea.

Do you use virtualisation (if yes which one?).

image

image

@PCAssistSoftware
Copy link

Get same results from other Windows 10 clients I have tried as well

No I don't use virtualization

Anything you want me to try just let me know

BornToBeRoot added a commit that referenced this issue May 4, 2021
Co-authored-by: BornToBeRoot <BornToBeRoot@users.noreply.github.com>
@BornToBeRoot
Copy link
Owner

Can you check if you have already a NetEventSession with Get-NetEventSession. If yes, try to stop it with Get-NetEventSession | Stop-NetEventSession or use the "-force" switch on Invoke-DiscoveryProtocolCapture.

Then try again :)

image

@PCAssistSoftware
Copy link

Running Get-NetEventSession gives me error

PS5

PS C:\WINDOWS\system32> Get-NetEventSession
Get-NetEventSession : Server execution failed
At line:1 char:1

  • Get-NetEventSession
  •   + CategoryInfo          : NotSpecified: (MSFT_NetEventSession:root/StandardCimv2/MSFT_NetEventSession) [Get-NetEve
     ntSession], CimException
      + FullyQualifiedErrorId : HRESULT 0x80080005,Get-NetEventSession
    

PS7

PS C:\Windows\System32> Get-NetEventSession
Get-NetEventSession: Server execution failed

@lahell
Copy link

lahell commented May 5, 2021

@wingers999 and @BornToBeRoot
Sorry, I have not seen the error Server execution failed before. Any errors in Event Viewer when you run Get-NetEventSession? Are all of the Windows 10 clients built from the same master image? Did you test on a fresh install from Windows 10 ISO?

@PCAssistSoftware
Copy link

Hi @lahell, nothing in the event log, tried on multiple Windows 10 clients, one a clean install from 20H2 master image, the others from an earlier master image based on 1903 and upgraded to 2004

@lahell
Copy link

lahell commented May 6, 2021

I would grab a Windows 10 ISO from Microsoft without any modifications and install on a computer, then test Get-NetEventSession or PSDiscoveryProtocol before joining domain and before installing any other software.

@PCAssistSoftware
Copy link

Unfortunately not my domain I am testing on, it is a clients, so that is not going to be practical as everything else works with their Windows 10 images, and it was only an offer to help test LLDP/CDP for @BornToBeRoot

@BornToBeRoot
Copy link
Owner

I will close this for now because i cannot reproduce your @wingers999 issue and the initial feature (#196 (comment)) is implemented. Using a clean windows 10 image without GPOs and third party antivirus scanners as @lahell suggested would be a good test. Feel free to open a new issue if you have more informations about this bug.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

5 participants