We got this error when integration DC, we have followed the mentioned Troubleshooting steps in documentation here.
But still getting error.(sercive Account had required permissions)
I just want to know what are the possible reasons that cause this error?
It’s probably still a WMI issue. Try and use a WMI browsing tool from your collector to the DC and see if it works. Alternatively , check the WMI logs on the DC.
but in my case I have this error, but gettting the DNS service logs trought WMI…
Mine got resolved after changing time zone of collector.
Interesting - do you mean the time zone in the event source collector configuration in the InsightIDR portal, or the system-level time zone?
Do these two settings match in your setup?
Both, I think in portal & system where collector is installed need to be in same timezone synced with the enivronment.
This might be a WMI permissions issue, so ensure the service account has the necessary access to the domain controller. Check Event Viewer > WMI-Activity logs for timeouts in WMI application calls, which could indicate closed ports.
We found that this issue is also related to Connection Refused error, which states that following ports should be opened: 135, 139, 445, TCP 49154 and TCP 49155
However, support also suggests (though it’s undocumented) to open dynamic outbound ports (49152 to 65535) for the collector to domain controller. We encountered the same problem in AWS, and opening additional ports resolved it.