WMI Errors

-

hey guys,

around 1am last night 1 of our servers ran out of disk space. around same time event viewer upon server inundated event 4 wmi errors. our scom server reported server in question has wmi errors. ran command line verifyrepository check upon server , reported wmi consistent. ran microsoft wmidiag utility flagged on 600 wmi errors!

from can see, there 40 wmi connection / namespace errors. 564 wmi operation errors (the majority of i've deleted report below). 6 wmi execqueury errors. can see wmi write, put , delete tests didn't run!!! i'm guessing these once run result in further errors.

my question this... options here , quickest resolve errors?

1. bite bullet , restore backup?

2. understand @ least of errors can fixed command line? each of error types (get, connect , execquery) require different method / approach? command line approach successful? there examples of precisely required each approach / error please provide?

3. understand inplace upgrade option here although i'd need reinstall windows updates bring server speed. seems long winded (although possibly not long-winded repairing 600+ 1 one through cli).

4. there other options open?


sincerely appreciate advice / opinions.

thank takes time read , respond post.


11238 15:02:13 (0) ** ----------------------------------------------------- wmi report: begin ----------------------------------------------------------
11239 15:02:13 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
11240 15:02:13 (0) **
11241 15:02:13 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
11242 15:02:13 (0) ** windows server 2008 r2 - service pack 1 - 64-bit (7601) - user 'corp\matt.tipler' on computer 'lathqlnc01'.
11243 15:02:13 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
11244 15:02:13 (0) ** environment: ........................................................................................................ ok.
11245 15:02:13 (0) ** there no missing wmi system files: .............................................................................. ok.
11246 15:02:13 (0) ** there no missing wmi repository files: .......................................................................... ok.
11247 15:02:13 (0) ** wmi repository state: ............................................................................................... n/a.
11248 15:02:13 (0) ** after running wmidiag:
11249 15:02:13 (0) ** wmi repository has size of: ................................................................................... 4 mb.
11250 15:02:13 (0) ** - disk free space on 'c:': .......................................................................................... 11490 mb.
11251 15:02:13 (0) **   - index.btr,                     1851392 bytes,      12/05/2015 15:01:11
11252 15:02:13 (0) **   - mapping1.map,                  9016 bytes,         12/05/2015 15:01:04
11253 15:02:13 (0) **   - mapping2.map,                  9116 bytes,         12/05/2015 15:01:04
11254 15:02:13 (0) **   - objects.data,                  2269184 bytes,      12/05/2015 15:01:11
11255 15:02:13 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
11256 15:02:13 (2) !! warning: windows firewall: .......................................................................................... disabled.
11257 15:02:13 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
11258 15:02:13 (0) ** dcom status: ........................................................................................................ ok.
11259 15:02:13 (0) ** wmi registry setup: ................................................................................................. ok.
11260 15:02:13 (0) ** info: wmi service has dependents: ................................................................................... 3 service(s)!
11261 15:02:13 (0) ** - internet connection sharing (ics) (sharedaccess, startmode='disabled')
11262 15:02:13 (0) ** - sms agent host (ccmexec, startmode='automatic')
11263 15:02:13 (0) ** - live communication server user service (*) (rtcsrv, startmode='automatic')
11264 15:02:13 (0) ** => if wmi service stopped, listed service(s) have stopped well.
11265 15:02:13 (0) **    note: if service marked (*), means service/application uses wmi but
11266 15:02:13 (0) **          there no hard dependency on wmi. however, if wmi service stopped,
11267 15:02:13 (0) **          can prevent service/application work expected.
11268 15:02:13 (0) **
11269 15:02:13 (0) ** rpcss service: ...................................................................................................... ok (already started).
11270 15:02:13 (0) ** winmgmt service: .................................................................................................... ok (already started).
11271 15:02:13 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
11272 15:02:13 (0) ** wmi service dcom setup: ............................................................................................. ok.
11273 15:02:13 (0) ** wmi components dcom registrations: .................................................................................. ok.
11274 15:02:13 (0) ** wmi progid registrations: ........................................................................................... ok.
11275 15:02:13 (0) ** wmi provider dcom registrations: .................................................................................... ok.
11276 15:02:13 (0) ** wmi provider cim registrations: ..................................................................................... ok.
11277 15:02:13 (0) ** wmi provider clsids: ................................................................................................ ok.
11278 15:02:13 (0) ** wmi providers exe/dll availability: ................................................................................. ok.
11279 15:02:13 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
11280 15:02:13 (0) ** info: user account control (uac): ................................................................................... disabled.
11281 15:02:13 (0) ** info: local account filtering: ...................................................................................... enabled.
11282 15:02:13 (0) ** => wmi tasks remotely accessing wmi information on computer , requiring administrative
11283 15:02:13 (0) **    privileges must use domain account part of local administrators group of computer
11284 15:02:13 (0) **    ensure administrative privileges granted. if local user account used remote
11285 15:02:13 (0) **    accesses, reduced plain user (filtered token), if part of local administrators group.
11286 15:02:13 (0) **
11287 15:02:13 (0) ** overall dcom security status: ....................................................................................... ok.
11288 15:02:13 (0) ** overall wmi security status: ........................................................................................ ok.
11289 15:02:13 (0) ** - started @ 'root' --------------------------------------------------------------------------------------------------------------
11290 15:02:13 (0) ** info: wmi permanent subscription(s): ................................................................................ 1.
11291 15:02:13 (0) ** - root/subscription, nteventlogeventconsumer.name="scm event log consumer".
11292 15:02:13 (0) **   'select * msft_scmeventlogevent'
11293 15:02:13 (0) **
11294 15:02:13 (0) ** wmi timer instruction(s): ........................................................................................... none.
11295 15:02:13 (0) ** wmi moniker connections: ............................................................................................ ok.
11296 15:02:13 (1) !! error: wmi connection errors occured following namespaces: .................................................. 40 error(s)!
11334 15:02:13 (0) ** - root/ccm/softwareupdates/updatesstore, 0x8004100e - (wbem_e_invalid_namespace) namespace specified cannot found.
11335 15:02:13 (0) ** - root/ccm/peerdpagent, 0x8004100e - (wbem_e_invalid_namespace) namespace specified cannot found.
11336 15:02:13 (0) ** - root/ccm/xmlstore, 0x8004100e - (wbem_e_invalid_namespace) namespace specified cannot found.
11337 15:02:13 (0) **
11338 15:02:13 (1) !! error: wmi operation errors reported: ........................................................................... 564 error(s)!
11339 15:02:13 (0) ** - root/cimv2, win32_process.handle=912, 0x80041010 - (wbem_e_invalid_class) specified class not valid.
11619 15:02:13 (0) ** - root/cimv2, win32_sharetodirectory, 0x80041002 - (wbem_e_not_found) object cannot found.
11620 15:02:13 (0) **   mof registration: 'wmi information not available (this case external application or third party wmi provider)'
11621 15:02:13 (0) ** - root/cimv2, win32_settingcheck, 0x80041002 - (wbem_e_not_found) object cannot found.
11622 15:02:13 (0) **   mof registration: 'wmi information not available (this case external application or third party wmi provider)'
11623 15:02:13 (0) ** - root/cimv2, win32_patchfile, 0x80041002 - (wbem_e_not_found) object cannot found.
11624 15:02:13 (0) **   mof registration: 'wmi information not available (this case external application or third party wmi provider)'
12454 15:02:14 (0) **   mof registration: 'wmi information not available (this case external application or third party wmi provider)'
12455 15:02:14 (0) ** - root/cimv2, win32reg_smsadvancedclientsslconfiguration, 0x80041002 - (wbem_e_not_found) object cannot found.
12456 15:02:14 (0) **   mof registration: 'wmi information not available (this case external application or third party wmi provider)'
12457 15:02:14 (0) ** - root/cimv2, sms_ai_installedsoftwaredupdetect, 0x80041002 - (wbem_e_not_found) object cannot found.
12458 15:02:14 (0) **   mof registration: 'wmi information not available (this case external application or third party wmi provider)'
12459 15:02:14 (0) ** - root/cimv2, sms_ai_installedsoftwaresetpropertyvalue, 0x80041002 - (wbem_e_not_found) object cannot found.
12460 15:02:14 (0) **   mof registration: 'wmi information not available (this case external application or third party wmi provider)'
12461 15:02:14 (0) ** - root/cimv2, win32_process.handle=912, 0x80041010 - (wbem_e_invalid_class) specified class not valid.
12462 15:02:14 (0) **   mof registration: 'wmi information not available (this case external application or third party wmi provider)'
12463 15:02:14 (0) ** - root/cimv2, win32_process.handle=912, 0x80041010 - (wbem_e_invalid_class) specified class not valid.
12464 15:02:14 (0) **   mof registration: 'wmi information not available (this case external application or third party wmi provider)'
12465 15:02:14 (0) ** - root/cimv2, win32_process.handle=31284, 0x80041010 - (wbem_e_invalid_class) specified class not valid.
12466 15:02:14 (0) **   mof registration: 'wmi information not available (this case external application or third party wmi provider)'
12467 15:02:14 (0) **
12468 15:02:14 (0) ** wmi mof representations: ............................................................................................ ok.
12469 15:02:14 (0) ** wmi qualifier access operations: .................................................................................... ok.
12470 15:02:14 (0) ** wmi enumeration operations: ......................................................................................... ok.
12471 15:02:14 (1) !! error: wmi execquery operation errors reported: ..................................................................... 6 error(s)!
12472 15:02:14 (0) ** - root/cimv2, 'select * __win32provider name = "ms_view_instance_provider" , clsid = "{aa70ddf4-e11c-11d1-abb0-00c04fd9159e}"' did not return instance while @ least 1 instance expected.
12473 15:02:14 (0) ** - root/cimv2, 'select * __win32provider name = "regprov" , clsid = "{fe9af5c0-d3b6-11ce-a5b6-00aa00680c3f}"' did not return instance while @ least 1 instance expected.
12474 15:02:14 (0) ** - root/cimv2, 'select * __win32provider name = "regpropprov" , clsid = "{72967901-68ec-11d0-b729-00aa0062cbb7}"' did not return instance while @ least 1 instance expected.
12475 15:02:14 (0) ** - root/cimv2, 'select * __instanceproviderregistration provider = "\\\\.\\root\\cimv2:__win32provider.name='ms_view_instance_provider'"' did not return instance while @ least 1 instance expected.
12476 15:02:14 (0) ** - root/cimv2, 'select * __instanceproviderregistration provider = "\\\\.\\root\\cimv2:__win32provider.name='regprov'"' did not return instance while @ least 1 instance expected.
12477 15:02:14 (0) ** - root/cimv2, 'select * __propertyproviderregistration provider = "\\\\.\\root\\cimv2:__win32provider.name='regpropprov'"' did not return instance while @ least 1 instance expected.
12478 15:02:14 (0) **
12479 15:02:14 (0) ** wmi value operations: ........................................................................................... ok.
12480 15:02:14 (0) ** wmi write operations: ............................................................................................... not tested.
12481 15:02:14 (0) ** wmi put operations: ................................................................................................. not tested.
12482 15:02:14 (0) ** wmi delete operations: .............................................................................................. not tested.
12483 15:02:14 (0) ** wmi static instances retrieved: ..................................................................................... 1360.
12484 15:02:14 (0) ** wmi dynamic instances retrieved: .................................................................................... 0.
12485 15:02:14 (0) ** wmi instance request cancellations (to limit performance impact): ................................................... 1.
12486 15:02:14 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
12487 15:02:14 (0) ** # of event log events before wmidiag execution since last 20 day(s):
12488 15:02:14 (0) **   dcom: ............................................................................................................. error!
12489 15:02:14 (0) **   winmgmt: .......................................................................................................... error!
12490 15:02:14 (0) **   wmiadapter: ....................................................................................................... error!
12491 15:02:14 (0) **
12492 15:02:14 (0) ** # of additional event log events after wmidiag execution:
12493 15:02:14 (0) **   dcom: ............................................................................................................. error!
12494 15:02:14 (0) **   winmgmt: .......................................................................................................... error!
12495 15:02:14 (0) **   wmiadapter: ....................................................................................................... error!
12496 15:02:14 (0) **
12497 15:02:14 (0) ** 40 error(s) 0x8004100e - (wbem_e_invalid_namespace) namespace specified cannot found
12498 15:02:14 (0) **
12499 15:02:14 (0) ** 5 error(s) 0x80041010 - (wbem_e_invalid_class) specified class not valid
12500 15:02:14 (0) ** => error typically due missing or invalid wmi classes in repository.
12501 15:02:14 (0) **    - verify get, enumeration, execquery , value operation failures.
12502 15:02:14 (0) ** => can correct missing class definitions by:
12503 15:02:14 (0) **    - manually recompiling mof file(s) 'mofcomp <filename.mof>' command.
12504 15:02:14 (0) **    note: can build list of classes in relation wmi provider , mof file wmidiag.
12505 15:02:14 (0) **          (this list can built on similar , working wmi windows installation)
12506 15:02:14 (0) **          following command line must used:
12507 15:02:14 (0) **          i.e. 'wmidiag correlateclassandprovider'
12508 15:02:14 (0) **
12509 15:02:14 (0) **
12510 15:02:14 (0) ** 559 error(s) 0x80041002 - (wbem_e_not_found) object cannot found
12511 15:02:14 (0) ** => error typically wmi error. wmi error due to:
12512 15:02:14 (0) **    - missing wmi class definition or object.
12513 15:02:14 (0) **      (see get, enumeration, execquery , value operation failures).
12514 15:02:14 (0) **      can correct missing class definitions by:
12515 15:02:14 (0) **      - manually recompiling mof file(s) 'mofcomp <filename.mof>' command.
12516 15:02:14 (0) **      note: can build list of classes in relation wmi provider , mof file wmidiag.
12517 15:02:14 (0) **            (this list can built on similar , working wmi windows installation)
12518 15:02:14 (0) **            following command line must used:
12519 15:02:14 (0) **            i.e. 'wmidiag correlateclassandprovider'
12520 15:02:14 (0) **      note: when wmi performance class missing, can manually resynchronize performance counters
12521 15:02:14 (0) **            wmi starting adap process.
12522 15:02:14 (0) **    - wmi repository corruption.
12523 15:02:14 (0) **      in such case, must rerun wmidiag 'writeinrepository' parameter
12524 15:02:14 (0) **      validate wmi repository operations.
12525 15:02:14 (0) **    note: ensure administrator full access wmi every namespaces of computer before
12526 15:02:14 (0) **          executing writeinrepository command. write temporary data root namespace, use:
12527 15:02:14 (0) **          i.e. 'wmidiag writeinrepository=root'
12528 15:02:14 (0) **    - if writeinrepository command fails, while being administrator accesses namespaces
12529 15:02:14 (0) **      wmi repository must reconstructed.
12530 15:02:14 (0) **    note: wmi repository reconstruction requires locate mof files needed rebuild repository,
12531 15:02:14 (0) **          otherwise applications may fail after reconstruction.
12532 15:02:14 (0) **          can achieved following command:
12533 15:02:14 (0) **          i.e. 'wmidiag showmoferrors'
12534 15:02:14 (0) **    note: repository reconstruction must last resort solution , after executing
12535 15:02:14 (0) **          fixes mentioned.
12536 15:02:14 (2) !! warning: static information stored external applications in repository lost! (i.e. sms inventory)
12537 15:02:14 (0) **
12538 15:02:14 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
12539 15:02:14 (0) ** wmi registry key setup: ............................................................................................. ok.
12540 15:02:14 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
12541 15:02:14 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
12542 15:02:14 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
12543 15:02:14 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
12544 15:02:14 (0) **
12545 15:02:14 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
12546 15:02:14 (0) ** ------------------------------------------------------ wmi report: end -----------------------------------------------------------

m tipler


hey anna,

apologies has taken long respond you. thank input on issue.

the issue resolved following steps below on server concerned...

the steps taken resolve wmi issues follows…

  1. installed http://catalog.update.microsoft.com/v7/site/search.aspx?q=2775511%20  to update wmi binaries.
  2. recompiled .mof files using following script :

@echo off

sc config winmgmt start= disabled

net stop winmgmt /y

%systemdrive%

cd %windir%\system32\wbem

for /f %s in ('dir /b *.dll') regsvr32 /s %s

wmiprvse /regserver

winmgmt /regserver

sc config winmgmt start= auto

net start winmgmt

for /f %s in ('dir /s /b *.mof *.mfl') mofcomp %s

m tipler



Windows Server  >  Windows Server General Forum



Comments

Post a Comment

Popular posts from this blog

Group Policy Event ID 1058 Error Code 1326 (The user name or password is incorrect)

-
i seeing odd error on 1 of our domain controllers. have dealt event id 1058 errors whereby policy (or policies) not replicating, receiving error along error code 1326 on server, , apparently happening default domain policy: log name:      system source:        microsoft-windows-grouppolicy date:          8/10/2015 3:09:54 pm event id:      1058 task category: none level:         error keywords:      user:          s-1-5-21-1484152634-2550175353-3916092219-3287 computer:      <dc name>.<domainname> description: processing of group policy failed. windows attempted read file http://schemas.microsoft.com/win/2004/08/events/event ">   <system>     <provi...
Read more

Suspicious event log Event ID: 4905

-
hi thr, could please me understand causing such event logs generate ? as  i understand, vssvc.exe pertains volume shadow copy used backup purpose.  we have third party application used taking backup of servers. the event longs generated following messages: 1) attempt made unregister security event source. 2) attempt made register security event source. these events not regular generated on random days. standard fields: date:               2013/10/19 time:               02:32:19 importance:         critical rule name:          security event monitored machine:  <domain controller> log format:         windows log name:           security event id:           4905 in work hours:      yes dynamic fields: internal timestamp: 2013/10/19 ...
Read more

DCOM received error "2147746132" from...

-
hi everybody, i have dc (my windows essentials 2012 server) , windows 2012 server in network.  the windows server 2012 inside domain. on server, got "non stopping" error says in event logs : ===> dcom received error "2147746132" fromd computer xxxx(my dc computer) while server trying activation : {6df8cb71-153b-4c66-8fc4-e59301b8011b} it never stops, got 11000+ new events :s i found : http://support.microsoft.com/kb/971153/fr i'm not sure should ? does got idea ? matthieu. hi, please try solution mentioned in below link: http://www.eventid.net/display-eventid-10006-source-dcom-eventno-272-phase-1.htm regards, cicely Windows Server  >  Windows Server 2012 General ...
Read more