We got this error when integration DC, we have followed the mentioned Troubleshooting steps in documentation here.
But still getting error.(sercive Account had required permissions)
I just want to know what are the possible reasons that cause this error?
It’s probably still a WMI issue. Try and use a WMI browsing tool from your collector to the DC and see if it works. Alternatively , check the WMI logs on the DC.
but in my case I have this error, but gettting the DNS service logs trought WMI… 
Mine got resolved after changing time zone of collector.
1 Like
Interesting - do you mean the time zone in the event source collector configuration in the InsightIDR portal, or the system-level time zone?
Do these two settings match in your setup?
Both, I think in portal & system where collector is installed need to be in same timezone synced with the enivronment.
This might be a WMI permissions issue, so ensure the service account has the necessary access to the domain controller. Check Event Viewer > WMI-Activity logs for timeouts in WMI application calls, which could indicate closed ports.
We found that this issue is also related to Connection Refused error, which states that following ports should be opened: 135, 139, 445, TCP 49154 and TCP 49155
However, support also suggests (though it’s undocumented) to open dynamic outbound ports (49152 to 65535) for the collector to domain controller. We encountered the same problem in AWS, and opening additional ports resolved it.
Some additional information here in case it helps someone else in the future: I had the case of WMI collection working on some DCs and some did not. On setup I received the time zone error message, but confirmed that all the DCs and the configuration in Rapid7 reflected the same time zone. So it is definitely not a time zone issue, even though the error seems to indicate that.
I tried using a WMI tool from the collector to retrieve info from the DCs (SimpleWMIview by Nirsoft) . It worked for some , but for several DCs it did not (the ones giving the time zone error).
Long story short - it turns out that I had to set a fixed port for WMI on the DCs and then make some firewall changes to allow the fixed port. Collection now working.