WMI Win32_PerfFormattedData_PerfOS_Processor 0x80041017 error

WMI query when executed remotely reports 0x80041017 intermittently.
select PercentProcessorTime from Win32_PerfFormattedData_PerfOS_Processor where Name like '_Total'
WMI Diagnosis Tool doesn't show any errors in reports.
Thanks,
Sandy
Dev

Hi,
That error indicates an invalid query.
https://support.microsoft.com/en-us/kb/295821?wa=wsignin1.0
I suggest looking at the machines that are returning this error and verifying that you're not running into WMI corruption.
Don't retire TechNet! -
(Don't give up yet - 13,225+ strong and growing)

Similar Messages

WMI Performance Counter Error 20513

We're running SCVMM 2012 SP1 with CU1 on Windows 2008 R2 SP1. A handful of our hosts are showing this error
Error (20513)
The VMM management server cannot retrieve performance data for the computer VHOST1.mydomain.com. This issue may occur if the performance counter provider in the Virtual Machine Manager agent is corrupted.
Recommended Action
Restart the System Center Virtual Machine Manager Agent service on the computer NetVHB001.net.da.ocgov.com. This automatically restarts the performance provider. If the error persists, reinstall the VMM agent on the computer VHOST1.mydomain.com.
I've restarted the VMM service and uninstalled / reinstalled the Agent. Still seeing the errors. Is there another fix for this that someone has been successful with?
Orange County District Attorney

HI Sandy Wood,
I had an issue like this, I was able to resolve it by removing the VMHOST from the database. Maybe this can solve this issue also.
Keep in mind that you must remove the SCVMM agent manually from your VMHOST server.
1. Logon SCVMM server or the SQL server. (Depending the location of the database) 2. Open SQL Server Management Studio. 3. Open the VMM database, default that is virtualManagerDB. Expand tables
> open the table dbo.tbl_adhc_host and choose the option Edit Top 200 rows.
4. Check names, you must find the missing computer name over there. Remember the HostID.
* 5. You can try to remove the row but normally it has some references into the database that has to be removed first.
5.A Remove the rows with the host id that you found in step 4 into the following tables, but this depends on your VMMS configuration.
* All the reference tables can be found at my blog site.
http://hyperv2012.wordpress.com/2013/03/19/how-to-solve-system-center-2012-sp1-issue-eventid-422-source-virtual-machine-manager/
Kind regards,
Tristan

Panasonic Toughbook - Driver Bundle via WMI Query

Per Panasonic, I am trying to install their one click driver bundles via a WMI query. See screenshots for how I have it configured. From what I can tell I have it setup correctly. I'm using the post OS TS just for testing. HELP!
SELECT * FROM Win32_ComputerSystem WHERE Model LIKE “%CF-31W%”
I get several of these errors if I let it error out during the TS:
Error enumerating WMI instances returned from WQL query.
Invalid query (Error: 80041017; Source: WMI)
Failed to evaluate a WMI expression. Error 0x(80041017)
Failed to evaluate an expression. Error 0x(80041017)
Failed to evaluate an AND expression. Error 0x(80041017)
Failed to evaluate an expression. Error 0x(80041017)
Error 0x80041017 in evaluating the condition for the action (31WXY-MK4-7X86 Driver Bundle)
The execution of the group (State Restore) has failed and the execution has been aborted. An action failed.
Operation aborted (Error: 80004004; Source: Windows)
Failed to run the last action: 31WXY-MK4-7X86 Driver Bundle. Execution of task sequence failed.
Invalid query (Error: 80041017; Source: WMI)
Task Sequence Engine failed! Code: enExecutionFail
Task sequence execution failed with error code 80004005
Error Task Sequence Manager failed to execute task sequence. Code 0x80004005
Error enumerating WMI instances returned from WQL query.
Invalid query (Error: 80041017; Source: WMI)

Yes, first thing to do is to double check the "smart quotes". The example from Kevin above contains smart quotes around the Model type, and is an invalid query.
“<something>”
Hex(93) and hex(94)
should be
"<something>"
Hex(22)
This happens when you type in the double quote " mark into some word processors like WinWord or Outlook, and copy into your code.
http://en.wikipedia.org/wiki/Quotation_mark_glyphs
Keith Garner - Principal Consultant [owner] -
http://DeploymentLive.com

Application error happening at least twice a day. Faulting applicaiton name: wmiprvse.exe

We're experiencing an issue with one of our Windows Server 2008R2 Standard Edition SP1 servers where an Application error occurs at least twice, and sometimes up to 5 or 6 times per day. The following error is what we see. Any help would be greatly
appreciated, and I'll be checking back frequently to check for updates and provide more info whenever needed. Thanks!
General:
Faulting application name: wmiprvse.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d42
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c8f9
Exception code: 0xc0000374
Fault offset: 0x00000000000c40f2
Faulting process id: 0x1bbc
Faulting application start time: 0x01cd5d65dbeb2e7c
Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Details:
System
Provider
[ Name]
Application Error
EventID
1000
[ Qualifiers]
0
Level
2
Task
100
Keywords
0x80000000000000
TimeCreated
[ SystemTime]
2012-07-09T08:34:39.000000000Z
EventRecordID
6812
Channel
Application
Computer
{FQDN}
Security
EventData
wmiprvse.exe
6.1.7601.17514
4ce79d42
ntdll.dll
6.1.7601.17514
4ce7c8f9
c0000374
00000000000c40f2
1bbc
01cd5d65dbeb2e7c
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SYSTEM32\ntdll.dll
ebe1621c-c9a0-11e1-a1d4-5cf3fce8cef6
ETA: I also ran the wmidiag.exe tool from Microsoft. I saw it as a suggestion on another forum and ran it. I don't know if it has any bearing here, but this is the log in case it's helpful
show
06604 14:51:25 (0) ** WMIDiag v2.1 started on Tuesday, July 10, 2012 at 14:40.
06605 14:51:25 (0) **
06606 14:51:25 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - July 2007.
06607 14:51:25 (0) **
06608 14:51:25 (0) ** This script is not supported under any Microsoft standard support program or service.
06609 14:51:25 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
06610 14:51:25 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
06611 14:51:25 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
06612 14:51:25 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
06613 14:51:25 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
06614 14:51:25 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
06615 14:51:25 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
06616 14:51:25 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
06617 14:51:25 (0) ** of the possibility of such damages.
06618 14:51:25 (0) **
06619 14:51:25 (0) **
06620 14:51:25 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
06621 14:51:25 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
06622 14:51:25 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
06623 14:51:25 (0) **
06624 14:51:25 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
06625 14:51:25 (0) ** Windows Server 2008 R2 - Service pack 1 - 64-bit (7601) - User {Username} on computer {ComputerName}.
06626 14:51:25 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
06627 14:51:25 (0) ** Environment: ........................................................................................................ OK.
06628 14:51:25 (0) ** System drive: ....................................................................................................... C: (Disk #0 Partition #1).
06629 14:51:25 (0) ** Drive type: ......................................................................................................... SCSI (IBM ServeRAID M5015 SCSI Disk Device).
06630 14:51:25 (0) ** There are no missing WMI system files: .............................................................................. OK.
06631 14:51:25 (0) ** There are no missing WMI repository files: .......................................................................... OK.
06632 14:51:25 (0) ** WMI repository state: ............................................................................................... CONSISTENT.
06633 14:51:25 (0) ** AFTER running WMIDiag:
06634 14:51:25 (0) ** The WMI repository has a size of: ................................................................................... 90 MB.
06635 14:51:25 (0) ** - Disk free space on 'C:': .......................................................................................... 75295 MB.
06636 14:51:25 (0) ** - INDEX.BTR, 15818752 bytes, 7/10/2012 2:38:58 PM
06637 14:51:25 (0) ** - MAPPING1.MAP, 242388 bytes, 7/10/2012 2:33:33 PM
06638 14:51:25 (0) ** - MAPPING2.MAP, 242388 bytes, 7/10/2012 2:38:58 PM
06639 14:51:25 (0) ** - OBJECTS.DATA, 77570048 bytes, 7/10/2012 2:38:58 PM
06640 14:51:25 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
06641 14:51:25 (2) !! WARNING: Windows Firewall: .......................................................................................... DISABLED.
06642 14:51:25 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
06643 14:51:25 (0) ** DCOM Status: ........................................................................................................ OK.
06644 14:51:25 (0) ** WMI registry setup: ................................................................................................. OK.
06645 14:51:25 (0) ** INFO: WMI service has dependents: ................................................................................... 1 SERVICE(S)!
06646 14:51:25 (0) ** - Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Disabled')
06647 14:51:25 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
06648 14:51:25 (0) ** Note: If the service is marked with (*), it means that the service/application uses WMI but
06649 14:51:25 (0) ** there is no hard dependency on WMI. However, if the WMI service is stopped,
06650 14:51:25 (0) ** this can prevent the service/application to work as expected.
06651 14:51:25 (0) **
06652 14:51:25 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
06653 14:51:25 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
06654 14:51:25 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
06655 14:51:25 (0) ** WMI service DCOM setup: ............................................................................................. OK.
06656 14:51:25 (0) ** WMI components DCOM registrations: .................................................................................. OK.
06657 14:51:25 (0) ** WMI ProgID registrations: ........................................................................................... OK.
06658 14:51:25 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
06659 14:51:25 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
06660 14:51:25 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
06661 14:51:25 (2) !! WARNING: Some WMI providers EXE/DLL file(s) are missing: ............................................................ 18 WARNING(S)!
06662 14:51:25 (0) ** - ROOT/QLOGIC_CMPI, QLogic_NIC_Provider, C:\Program Files (x86)\Common Files\IBM\icc\cimom\bin\wmicpa.exe /G{28A5F598-F699-4A6B-B9F9-8C7EB9B7359F}:QLogic_NIC_Provider
06663 14:51:25 (0) ** - ROOT/QLOGIC_CMPI, QLogic_FCHBA_Provider, C:\Program Files (x86)\Common Files\IBM\icc\cimom\bin\wmicpa.exe /G{0AE588DD-D2E9-41EB-BCD1-8BF474187EC5}:QLogic_FCHBA_Provider
06664 14:51:25 (0) ** - ROOT/IBMSD, ADPT_Module, C:\Program Files (x86)\Common Files\IBM\icc\cimom\bin\wmicpa.exe /G{B007445E-6AF0-4CBD-9009-809F071FCE69}:ADPT_Module
06665 14:51:25 (0) ** - ROOT/IBMSD, IBM_PA_Providers, C:\Program Files (x86)\Common Files\IBM\icc\cimom\bin\wmicpa.exe /G{2244E0FA-D37A-4F6E-82FB-92F1DB78716D}:IBM_PA_Providers
06666 14:51:25 (0) ** - ROOT/IBMSD, EndpointRegistrationProviderModule, C:\Program Files (x86)\Common Files\IBM\icc\cimom\bin\wmicpa.exe /G{BF833E81-33AA-40ED-B74A-329F006DB4F8}:EndpointRegistrationProviderModule
06667 14:51:25 (0) ** - ROOT/CIMV2, SBLIM_Data_Gatherer, C:\Program Files (x86)\Common Files\IBM\icc\cimom\bin\wmicpa.exe /G{0D03AF80-A160-44EF-9E8B-318201F41693}:SBLIM_Data_Gatherer
06668 14:51:25 (0) ** - ROOT/ADPT, ADPT_Module, C:\Program Files (x86)\Common Files\IBM\icc\cimom\bin\wmicpa.exe /G{B007445E-6AF0-4CBD-9009-809F071FCE69}:ADPT_Module
06669 14:51:25 (0) ** - ROOT/PG_INTEROP, SBLIM_Data_Gatherer, C:\Program Files (x86)\Common Files\IBM\icc\cimom\bin\wmicpa.exe /G{0D03AF80-A160-44EF-9E8B-318201F41693}:SBLIM_Data_Gatherer
06670 14:51:25 (0) ** - ROOT/PG_INTEROP, LSIESG_SMIS13_HHR_ProviderModule, C:\Program Files (x86)\Common Files\IBM\icc\cimom\bin\wmicpa.exe /G{E21064DD-757A-4F2D-B798-81CDFF03B48C}:LSIESG_SMIS13_HHR_ProviderModule
06671 14:51:25 (0) ** - ROOT/PG_INTEROP, emulex_fc_provider_Module, C:\Program Files (x86)\Common Files\IBM\icc\cimom\bin\wmicpa.exe /G{27734403-1E6C-4BC7-B97D-1FE9657B35EC}:emulex_fc_provider_Module
06672 14:51:25 (0) ** - ROOT/PG_INTEROP, emulex_ucna_provider_Module, C:\Program Files (x86)\Common Files\IBM\icc\cimom\bin\wmicpa.exe /G{68D3C192-F517-41CC-B852-BA74A8D05A85}:emulex_ucna_provider_Module
06673 14:51:25 (0) ** - ROOT/IBMSE, emulex_fc_provider_Module, C:\Program Files (x86)\Common Files\IBM\icc\cimom\bin\wmicpa.exe /G{27734403-1E6C-4BC7-B97D-1FE9657B35EC}:emulex_fc_provider_Module
06674 14:51:25 (0) ** - ROOT/IBMSE, IBM_PA_Providers, C:\Program Files (x86)\Common Files\IBM\icc\cimom\bin\wmicpa.exe /G{2244E0FA-D37A-4F6E-82FB-92F1DB78716D}:IBM_PA_Providers
06675 14:51:25 (0) ** - ROOT/IBMSE, emulex_ucna_provider_Module, C:\Program Files (x86)\Common Files\IBM\icc\cimom\bin\wmicpa.exe /G{68D3C192-F517-41CC-B852-BA74A8D05A85}:emulex_ucna_provider_Module
06676 14:51:25 (0) ** - ROOT/LSI_MR_1_3_0, LSIESG_SMIS13_HHR_ProviderModule, C:\Program Files (x86)\Common Files\IBM\icc\cimom\bin\wmicpa.exe /G{E21064DD-757A-4F2D-B798-81CDFF03B48C}:LSIESG_SMIS13_HHR_ProviderModule
06677 14:51:25 (0) ** - ROOT/EMULEX, emulex_fc_provider_Module, C:\Program Files (x86)\Common Files\IBM\icc\cimom\bin\wmicpa.exe /G{27734403-1E6C-4BC7-B97D-1FE9657B35EC}:emulex_fc_provider_Module
06678 14:51:25 (0) ** - ROOT/EMULEX, emulex_ucna_provider_Module, C:\Program Files (x86)\Common Files\IBM\icc\cimom\bin\wmicpa.exe /G{68D3C192-F517-41CC-B852-BA74A8D05A85}:emulex_ucna_provider_Module
06679 14:51:25 (0) ** - ROOT/BROCADE, brcdprovider_Module, C:\Program Files (x86)\Common Files\IBM\icc\cimom\bin\wmicpa.exe /G{48898EFD-0F9A-4657-B03D-FF400A7D2CDE}:brcdprovider_Module
06680 14:51:25 (0) ** => This will make any operations related to the WMI class supported by the provider(s) to fail.
06681 14:51:25 (0) ** This can be due to:
06682 14:51:25 (0) ** - the de-installation of the software.
06683 14:51:25 (0) ** - the deletion of some files.
06684 14:51:25 (0) ** => If the software has been de-installed intentionally, then this information must be
06685 14:51:25 (0) ** removed from the WMI repository. You can use the 'WMIC.EXE' command to remove
06686 14:51:25 (0) ** the provider registration data.
06687 14:51:25 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT\BROCADE path __Win32Provider Where Name='brcdprovider_Module' DELETE'
06688 14:51:25 (0) ** => If not, you must restore a copy of the missing provider EXE/DLL file(s) as indicated by the path.
06689 14:51:25 (0) ** You can retrieve the missing file from:
06690 14:51:25 (0) ** - A backup.
06691 14:51:25 (0) ** - The Windows CD.
06692 14:51:25 (0) ** - Another Windows installation using the same version and service pack level of the examined system.
06693 14:51:25 (0) ** - The original CD or software package installing this WMI provider.
06694 14:51:25 (0) **
06695 14:51:25 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
06696 14:51:25 (0) ** INFO: User Account Control (UAC): ................................................................................... DISABLED.
06697 14:51:25 (0) ** INFO: Local Account Filtering: ...................................................................................... ENABLED.
06698 14:51:25 (0) ** => WMI tasks remotely accessing WMI information on this computer and requiring Administrative
06699 14:51:25 (0) ** privileges MUST use a DOMAIN account part of the Local Administrators group of this computer
06700 14:51:25 (0) ** to ensure that administrative privileges are granted. If a Local User account is used for remote
06701 14:51:25 (0) ** accesses, it will be reduced to a plain user (filtered token), even if it is part of the Local Administrators group.
06702 14:51:25 (0) **
06703 14:51:25 (0) ** Overall DCOM security status: ....................................................................................... OK.
06704 14:51:25 (0) ** Overall WMI security status: ........................................................................................ OK.
06705 14:51:25 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
06706 14:51:25 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 2.
06707 14:51:25 (0) ** - ROOT/SUBSCRIPTION, CommandLineEventConsumer.Name="BVTConsumer".
06708 14:51:25 (0) ** 'SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99'
06709 14:51:25 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer".
06710 14:51:25 (0) ** 'select * from MSFT_SCMEventLogEvent'
06711 14:51:25 (0) **
06712 14:51:25 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
06713 14:51:25 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: .................................................................... 3 NAMESPACE(S)!
06714 14:51:25 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTTPM.
06715 14:51:25 (0) ** - ROOT/CIMV2/TERMINALSERVICES.
06716 14:51:25 (0) ** - ROOT/SERVICEMODEL.
06717 14:51:25 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to
06718 14:51:25 (0) ** use an encrypted connection by specifying the PACKET PRIVACY authentication level.
06719 14:51:25 (0) ** (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags)
06720 14:51:25 (0) ** i.e. 'WMIC.EXE /NODE:"{ComputerName}" /AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class __SystemSecurity'
06721 14:51:25 (0) **
06722 14:51:25 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK.
06723 14:51:25 (0) ** WMI CONNECTIONS: .................................................................................................... OK.
06724 14:51:25 (1) !! ERROR: WMI GET operation errors reported: ........................................................................... 30 ERROR(S)!
06725 14:51:25 (0) ** - Root/CIMV2, MSFT_NetInvalidDriverDependency, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06726 14:51:25 (0) ** MOF Registration: ''
06727 14:51:25 (0) ** - Root/CIMV2, Win32_OsBaselineProvider, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06728 14:51:25 (0) ** MOF Registration: ''
06729 14:51:25 (0) ** - Root/CIMV2, Win32_OsBaseline, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06730 14:51:25 (0) ** MOF Registration: ''
06731 14:51:25 (0) ** - Root/CIMV2, Win32_DriverVXD, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06732 14:51:25 (0) ** MOF Registration: ''
06733 14:51:25 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_GenericIKEandAuthIP, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06734 14:51:25 (0) ** MOF Registration: ''
06735 14:51:25 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_GenericIKEandAuthIP, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06736 14:51:25 (0) ** MOF Registration: ''
06737 14:51:25 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecAuthIPv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06738 14:51:25 (0) ** MOF Registration: ''
06739 14:51:25 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecAuthIPv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06740 14:51:25 (0) ** MOF Registration: ''
06741 14:51:25 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecAuthIPv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06742 14:51:25 (0) ** MOF Registration: ''
06743 14:51:25 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecAuthIPv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06744 14:51:25 (0) ** MOF Registration: ''
06745 14:51:25 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecIKEv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06746 14:51:25 (0) ** MOF Registration: ''
06747 14:51:25 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecIKEv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06748 14:51:25 (0) ** MOF Registration: ''
06749 14:51:25 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecIKEv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06750 14:51:25 (0) ** MOF Registration: ''
06751 14:51:25 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecIKEv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06752 14:51:25 (0) ** MOF Registration: ''
06753 14:51:25 (0) ** - Root/CIMV2, Win32_PerfFormattedData_TermService_TerminalServices, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06754 14:51:25 (0) ** MOF Registration: ''
06755 14:51:25 (0) ** - Root/CIMV2, Win32_PerfRawData_TermService_TerminalServices, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06756 14:51:25 (0) ** MOF Registration: ''
06757 14:51:25 (0) ** - Root/WMI, ReserveDisjoinThread, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06758 14:51:25 (0) ** MOF Registration: ''
06759 14:51:25 (0) ** - Root/WMI, ReserveLateCount, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06760 14:51:25 (0) ** MOF Registration: ''
06761 14:51:25 (0) ** - Root/WMI, ReserveJoinThread, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06762 14:51:25 (0) ** MOF Registration: ''
06763 14:51:25 (0) ** - Root/WMI, ReserveDelete, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06764 14:51:25 (0) ** MOF Registration: ''
06765 14:51:25 (0) ** - Root/WMI, ReserveBandwidth, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06766 14:51:25 (0) ** MOF Registration: ''
06767 14:51:25 (0) ** - Root/WMI, ReserveCreate, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06768 14:51:25 (0) ** MOF Registration: ''
06769 14:51:25 (0) ** - Root/WMI, SystemConfig_PhyDisk, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06770 14:51:25 (0) ** MOF Registration: ''
06771 14:51:25 (0) ** - Root/WMI, SystemConfig_Video, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06772 14:51:25 (0) ** MOF Registration: ''
06773 14:51:25 (0) ** - Root/WMI, SystemConfig_IDEChannel, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06774 14:51:25 (0) ** MOF Registration: ''
06775 14:51:25 (0) ** - Root/WMI, SystemConfig_NIC, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06776 14:51:25 (0) ** MOF Registration: ''
06777 14:51:25 (0) ** - Root/WMI, SystemConfig_Network, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06778 14:51:25 (0) ** MOF Registration: ''
06779 14:51:25 (0) ** - Root/WMI, SystemConfig_CPU, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06780 14:51:25 (0) ** MOF Registration: ''
06781 14:51:25 (0) ** - Root/WMI, SystemConfig_LogDisk, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06782 14:51:25 (0) ** MOF Registration: ''
06783 14:51:25 (0) ** - Root/WMI, SystemConfig_Power, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
06784 14:51:25 (0) ** MOF Registration: ''
06785 14:51:25 (0) ** => When a WMI performance class is missing (i.e. 'Win32_PerfRawData_TermService_TerminalServices'), it is generally due to
06786 14:51:25 (0) ** a lack of buffer refresh of the WMI class provider exposing the WMI performance counters.
06787 14:51:25 (0) ** You can refresh the WMI class provider buffer with the following command:
06788 14:51:25 (0) **
06789 14:51:25 (0) ** i.e. 'WINMGMT.EXE /SYNCPERF'
06790 14:51:25 (0) **
06791 14:51:25 (0) ** WMI MOF representations: ............................................................................................ OK.
06792 14:51:25 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
06793 14:51:25 (0) ** WMI ENUMERATION operations: ......................................................................................... OK.
06794 14:51:25 (2) !! WARNING: WMI EXECQUERY operation errors reported: ................................................................... 2 WARNING(S)!
06795 14:51:25 (0) ** - Root/CIMV2, 'Select * From Win32_PointingDevice WHERE Status = "OK"' did not return any instance while AT LEAST 1 instance is expected.
06796 14:51:25 (0) ** - Root/CIMV2, 'Select * From Win32_Keyboard' did not return any instance while AT LEAST 1 instance is expected.
06797 14:51:25 (0) **
06798 14:51:25 (2) !! WARNING: WMI GET VALUE operation errors reported: ................................................................... 5 WARNING(S)!
06799 14:51:25 (0) ** - Root, Instance: __EventConsumerProviderCacheControl=@, Property: ClearAfter='00000000000030.000000:000' (Expected default='00000000000500.000000:000').
06800 14:51:25 (0) ** - Root, Instance: __EventProviderCacheControl=@, Property: ClearAfter='00000000000030.000000:000' (Expected default='00000000000500.000000:000').
06801 14:51:25 (0) ** - Root, Instance: __EventSinkCacheControl=@, Property: ClearAfter='00000000000015.000000:000' (Expected default='00000000000230.000000:000').
06802 14:51:25 (0) ** - Root, Instance: __ObjectProviderCacheControl=@, Property: ClearAfter='00000000000030.000000:000' (Expected default='00000000000500.000000:000').
06803 14:51:25 (0) ** - Root, Instance: __PropertyProviderCacheControl=@, Property: ClearAfter='00000000000030.000000:000' (Expected default='00000000000500.000000:000').
06804 14:51:25 (0) **
06805 14:51:25 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
06806 14:51:25 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
06807 14:51:25 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
06808 14:51:25 (0) ** WMI static instances retrieved: ..................................................................................... 2072.
06809 14:51:25 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
06810 14:51:25 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 1.
06811 14:51:25 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
06812 14:51:25 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
06813 14:51:25 (0) ** DCOM: ............................................................................................................. 0.
06814 14:51:25 (0) ** WINMGMT: .......................................................................................................... 0.
06815 14:51:25 (0) ** WMIADAPTER: ....................................................................................................... 0.
06816 14:51:25 (0) **
06817 14:51:25 (0) ** # of additional Event Log events AFTER WMIDiag execution:
06818 14:51:25 (0) ** DCOM: ............................................................................................................. 0.
06819 14:51:25 (0) ** WINMGMT: .......................................................................................................... 0.
06820 14:51:25 (0) ** WMIADAPTER: ....................................................................................................... 0.
06821 14:51:25 (0) **
06822 14:51:25 (0) ** 30 error(s) 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found
06823 14:51:25 (0) ** => This error is typically a WMI error. This WMI error is due to:
06824 14:51:25 (0) ** - a missing WMI class definition or object.
06825 14:51:25 (0) ** (See any GET, ENUMERATION, EXECQUERY and GET VALUE operation failures).
06826 14:51:25 (0) ** You can correct the missing class definitions by:
06827 14:51:25 (0) ** - Manually recompiling the MOF file(s) with the 'MOFCOMP <FileName.MOF>' command.
06828 14:51:25 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag.
06829 14:51:25 (0) ** (This list can be built on a similar and working WMI Windows installation)
06830 14:51:25 (0) ** The following command line must be used:
06831 14:51:25 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider'
06832 14:51:25 (0) ** Note: When a WMI performance class is missing, you can manually resynchronize performance counters
06833 14:51:25 (0) ** with WMI by starting the ADAP process.
06834 14:51:25 (0) ** - a WMI repository corruption.
06835 14:51:25 (0) ** In such a case, you must rerun WMIDiag with 'WriteInRepository' parameter
06836 14:51:25 (0) ** to validate the WMI repository operations.
06837 14:51:25 (0) ** Note: ENSURE you are an administrator with FULL access to WMI EVERY namespaces of the computer before
06838 14:51:25 (0) ** executing the WriteInRepository command. To write temporary data from the Root namespace, use:
06839 14:51:25 (0) ** i.e. 'WMIDiag WriteInRepository=Root'
06840 14:51:25 (0) ** - If the WriteInRepository command fails, while being an Administrator with ALL accesses to ALL namespaces
06841 14:51:25 (0) ** the WMI repository must be reconstructed.
06842 14:51:25 (0) ** Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository,
06843 14:51:25 (0) ** otherwise some applications may fail after the reconstruction.
06844 14:51:25 (0) ** This can be achieved with the following command:
06845 14:51:25 (0) ** i.e. 'WMIDiag ShowMOFErrors'
06846 14:51:25 (0) ** Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing
06847 14:51:25 (0) ** ALL fixes previously mentioned.
06848 14:51:25 (2) !! WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory)
06849 14:51:25 (0) **
06850 14:51:25 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
06851 14:51:25 (0) ** Unexpected, wrong or missing registry key values: ................................................................... 1 KEY(S)!
06852 14:51:25 (0) ** INFO: Unexpected registry key value:
06853 14:51:25 (0) ** - Current: HKLM\SOFTWARE\Microsoft\WBEM\CIMOM\Logging (REG_SZ) -> 0
06854 14:51:25 (0) ** - Expected: HKLM\SOFTWARE\Microsoft\WBEM\CIMOM\Logging (REG_SZ) -> 1
06855 14:51:25 (0) ** From the command line, the registry configuration can be corrected with the following command:
06856 14:51:25 (0) ** i.e. 'REG.EXE Add "HKLM\SOFTWARE\Microsoft\WBEM\CIMOM" /v "Logging" /t "REG_SZ" /d "1" /f'
06857 14:51:25 (0) **
06858 14:51:25 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
06859 14:51:25 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
06860 14:51:25 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
06861 14:51:25 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
06862 14:51:25 (0) **
06863 14:51:25 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
06864 14:51:25 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
06865 14:51:25 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
06866 14:51:25 (0) **
06867 14:51:25 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\USERS\{Username}\APPDATA\LOCAL\TEMP\WMIDIAG-V2.1_2K8R2.SRV.SP1.64_{ComputerName}_2012.07.10_14.40.25.LOG' for details.
06868 14:51:25 (0) **
06869 14:51:25 (0) ** WMIDiag v2.1 ended on Tuesday, July 10, 2012 at 14:51 (W:103 E:51 S:1).

Following might help
A Wmiprvse.exe process crashes in Windows Server 2008 R2 when you use the WMI interface to query the hardware status on a computer that supports the IPMI standard
http://support.microsoft.com/kb/2280777
I do not represent the organisation I work for, all the opinions expressed here are my own.
This posting is provided "AS IS" with no warranties or guarantees and confers no rights.
I saw this in my googling. Listed as the cause on the hotfix page is the following: "This
problem occurs because the Ipmiprv.dll module leads the Wmiprvse.exe process to crash. This behavior depends on certain hardware sensor types when the sensor is enumerated." The
faulting module for that hotfix is ipmiprv.dll, and our faulting module is ntdll.dll. I'm thinking that this hotfix isn't applicable, but I'm open to hearing why I'm incorrect if I am.
Seth Johnson

DFS replication stopped working and cannot be debugged because WMI repository cannot be accessed

Hello,
two days ago our DFS replication suddendly stopped working sometime around midnight local time. At least this is what our second domain controller is reporting. Event log is flooded with event id 5002 from DFSR. It is unclear what caused this sudden problem
and even worse, how to solve it. First thing I tried was to perform propagation tests. According to propagation report none of them was successful. Creating an integrity report brought me to another problem: It fails with two errors. First it is unable to
connect to the other DC. Second it is unable to access local WMI repository. This is true for both machines.
First I tried to find information on possible problems with WMI. WMIdiag provided a lot of information. However, opinions I found on the net largely disagree whether output from WMIdiag is useful or not. Yet I tried to re-compile .mof files and rebuild the
repository. So far, nothing changed. This is my output from WMIdiag:
34309 13:02:46 (0) ** WMIDiag v2.1 started on Donnerstag, 22. Mai 2014 at 12:49.
34310 13:02:46 (0) **
34311 13:02:46 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - July 2007.
34312 13:02:46 (0) **
34313 13:02:46 (0) ** This script is not supported under any Microsoft standard support program or service.
34314 13:02:46 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
34315 13:02:46 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
34316 13:02:46 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
34317 13:02:46 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
34318 13:02:46 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
34319 13:02:46 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
34320 13:02:46 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
34321 13:02:46 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
34322 13:02:46 (0) ** of the possibility of such damages.
34323 13:02:46 (0) **
34324 13:02:46 (0) **
34325 13:02:46 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
34326 13:02:46 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
34327 13:02:46 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
34328 13:02:46 (0) **
34329 13:02:46 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
34330 13:02:46 (0) ** Windows Server 2008 R2 - Service pack 1 - 64-bit (7601) - User 'COM\ABCDEF' on computer 'DC2'.
34331 13:02:46 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
34332 13:02:46 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)!
34333 13:02:46 (0) ** INFO: => 1 possible incorrect shutdown(s) detected on:
34334 13:02:46 (0) ** - Shutdown on 01 April 2014 10:20:54 (GMT-0).
34335 13:02:46 (0) **
34336 13:02:46 (0) ** System drive: ....................................................................................................... C: (Datenträgernr. 0 Partitionsnr. 1).
34337 13:02:46 (0) ** Drive type: ......................................................................................................... SCSI (Adaptec Array SCSI Disk Device).
34338 13:02:46 (0) ** There are no missing WMI system files: .............................................................................. OK.
34339 13:02:46 (0) ** There are no missing WMI repository files: .......................................................................... OK.
34340 13:02:46 (0) ** WMI repository state: ............................................................................................... CONSISTENT.
34341 13:02:46 (0) ** AFTER running WMIDiag:
34342 13:02:46 (0) ** The WMI repository has a size of: ................................................................................... 26 MB.
34343 13:02:46 (0) ** - Disk free space on 'C:': .......................................................................................... 10665 MB.
34344 13:02:46 (0) ** - INDEX.BTR, 4276224 bytes, 22.05.2014 12:52:30
34345 13:02:46 (0) ** - MAPPING1.MAP, 67248 bytes, 22.05.2014 12:52:30
34346 13:02:46 (0) ** - MAPPING2.MAP, 67168 bytes, 22.05.2014 12:48:33
34347 13:02:46 (0) ** - OBJECTS.DATA, 23126016 bytes, 22.05.2014 12:52:30
34348 13:02:46 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
34349 13:02:46 (0) ** INFO: Windows Firewall status: ...................................................................................... ENABLED.
34350 13:02:46 (0) ** Windows Firewall Profile: ........................................................................................... DOMAIN.
34351 13:02:46 (0) ** Inbound connections that do not match a rule BLOCKED: ............................................................... ENABLED.
34352 13:02:46 (0) ** => This will prevent any WMI remote connectivity to this computer except
34353 13:02:46 (0) ** if the following three inbound rules are ENABLED and non-BLOCKING:
34354 13:02:46 (0) ** - 'Windows Management Instrumentation (DCOM-In)'
34355 13:02:46 (0) ** - 'Windows Management Instrumentation (WMI-In)'
34356 13:02:46 (0) ** - 'Windows Management Instrumentation (ASync-In)'
34357 13:02:46 (0) ** Verify the reported status for each of these three inbound rules below.
34358 13:02:46 (0) **
34359 13:02:46 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI)' group rule: ............................................. DISABLED.
34360 13:02:46 (0) ** => This will prevent any WMI remote connectivity to/from this machine.
34361 13:02:46 (0) ** - You can adjust the configuration by executing the following command:
34362 13:02:46 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE GROUP="Windows Management Instrumentation (WMI)" NEW ENABLE=YES'
34363 13:02:46 (0) ** Note: With this command all inbound and outbound WMI rules are activated at once!
34364 13:02:46 (0) ** You can also enable each individual rule instead of activating the group rule.
34365 13:02:46 (0) **
34366 13:02:46 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
34367 13:02:46 (0) ** DCOM Status: ........................................................................................................ OK.
34368 13:02:46 (0) ** WMI registry setup: ................................................................................................. OK.
34369 13:02:46 (0) ** INFO: WMI service has dependents: ................................................................................... 1 SERVICE(S)!
34370 13:02:46 (0) ** - Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Disabled')
34371 13:02:46 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
34372 13:02:46 (0) ** Note: If the service is marked with (*), it means that the service/application uses WMI but
34373 13:02:46 (0) ** there is no hard dependency on WMI. However, if the WMI service is stopped,
34374 13:02:46 (0) ** this can prevent the service/application to work as expected.
34375 13:02:46 (0) **
34376 13:02:46 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
34377 13:02:46 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
34378 13:02:46 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
34379 13:02:46 (0) ** WMI service DCOM setup: ............................................................................................. OK.
34380 13:02:46 (0) ** WMI components DCOM registrations: .................................................................................. OK.
34381 13:02:46 (0) ** WMI ProgID registrations: ........................................................................................... OK.
34382 13:02:46 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
34383 13:02:46 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
34384 13:02:46 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
34385 13:02:46 (2) !! WARNING: Some WMI providers EXE/DLL file(s) are missing: ............................................................ 1 WARNING(S)!
34386 13:02:46 (0) ** - ROOT/MICROSOFTACTIVEDIRECTORY, ReplProv1, replprov.dll
34387 13:02:46 (0) ** => This will make any operations related to the WMI class supported by the provider(s) to fail.
34388 13:02:46 (0) ** This can be due to:
34389 13:02:46 (0) ** - the de-installation of the software.
34390 13:02:46 (0) ** - the deletion of some files.
34391 13:02:46 (0) ** => If the software has been de-installed intentionally, then this information must be
34392 13:02:46 (0) ** removed from the WMI repository. You can use the 'WMIC.EXE' command to remove
34393 13:02:46 (0) ** the provider registration data.
34394 13:02:46 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT\MICROSOFTACTIVEDIRECTORY path __Win32Provider Where Name='ReplProv1' DELETE'
34395 13:02:46 (0) ** => If not, you must restore a copy of the missing provider EXE/DLL file(s) as indicated by the path.
34396 13:02:46 (0) ** You can retrieve the missing file from:
34397 13:02:46 (0) ** - A backup.
34398 13:02:46 (0) ** - The Windows CD.
34399 13:02:46 (0) ** - Another Windows installation using the same version and service pack level of the examined system.
34400 13:02:46 (0) ** - The original CD or software package installing this WMI provider.
34401 13:02:46 (0) **
34402 13:02:46 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
34403 13:02:46 (0) ** INFO: User Account Control (UAC): ................................................................................... DISABLED.
34404 13:02:46 (0) ** INFO: Local Account Filtering: ...................................................................................... ENABLED.
34405 13:02:46 (0) ** => WMI tasks remotely accessing WMI information on this computer and requiring Administrative
34406 13:02:46 (0) ** privileges MUST use a DOMAIN account part of the Local Administrators group of this computer
34407 13:02:46 (0) ** to ensure that administrative privileges are granted. If a Local User account is used for remote
34408 13:02:46 (0) ** accesses, it will be reduced to a plain user (filtered token), even if it is part of the Local Administrators group.
34409 13:02:46 (0) **
34410 13:02:46 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED.
34411 13:02:46 (1) !! ERROR: Default trustee 'NT AUTHORITY\ANONYMOUS LOGON' has been REMOVED!
34412 13:02:46 (0) ** - REMOVED ACE:
34413 13:02:46 (0) ** ACEType: &h0
34414 13:02:46 (0) ** ACCESS_ALLOWED_ACE_TYPE
34415 13:02:46 (0) ** ACEFlags: &h0
34416 13:02:46 (0) ** ACEMask: &h7
34417 13:02:46 (0) ** DCOM_RIGHT_EXECUTE
34418 13:02:46 (0) ** DCOM_RIGHT_ACCESS_LOCAL
34419 13:02:46 (0) ** DCOM_RIGHT_ACCESS_REMOTE
34420 13:02:46 (0) **
34421 13:02:46 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
34422 13:02:46 (0) ** Removing default security will cause some operations to fail!
34423 13:02:46 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
34424 13:02:46 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
34425 13:02:46 (0) **
34426 13:02:46 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED.
34427 13:02:46 (1) !! ERROR: Default trustee 'BUILTIN\PERFORMANCE LOG USERS' has been REMOVED!
34428 13:02:46 (0) ** - REMOVED ACE:
34429 13:02:46 (0) ** ACEType: &h0
34430 13:02:46 (0) ** ACCESS_ALLOWED_ACE_TYPE
34431 13:02:46 (0) ** ACEFlags: &h0
34432 13:02:46 (0) ** ACEMask: &h7
34433 13:02:46 (0) ** DCOM_RIGHT_EXECUTE
34434 13:02:46 (0) ** DCOM_RIGHT_ACCESS_LOCAL
34435 13:02:46 (0) ** DCOM_RIGHT_ACCESS_REMOTE
34436 13:02:46 (0) **
34437 13:02:46 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
34438 13:02:46 (0) ** Removing default security will cause some operations to fail!
34439 13:02:46 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
34440 13:02:46 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
34441 13:02:46 (0) **
34442 13:02:46 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED.
34443 13:02:46 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED!
34444 13:02:46 (0) ** - REMOVED ACE:
34445 13:02:46 (0) ** ACEType: &h0
34446 13:02:46 (0) ** ACCESS_ALLOWED_ACE_TYPE
34447 13:02:46 (0) ** ACEFlags: &h0
34448 13:02:46 (0) ** ACEMask: &h7
34449 13:02:46 (0) ** DCOM_RIGHT_EXECUTE
34450 13:02:46 (0) ** DCOM_RIGHT_ACCESS_LOCAL
34451 13:02:46 (0) ** DCOM_RIGHT_ACCESS_REMOTE
34452 13:02:46 (0) **
34453 13:02:46 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
34454 13:02:46 (0) ** Removing default security will cause some operations to fail!
34455 13:02:46 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
34456 13:02:46 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
34457 13:02:46 (0) **
34458 13:02:46 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED.
34459 13:02:46 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
34460 13:02:46 (0) ** - REMOVED ACE:
34461 13:02:46 (0) ** ACEType: &h0
34462 13:02:46 (0) ** ACCESS_ALLOWED_ACE_TYPE
34463 13:02:46 (0) ** ACEFlags: &h0
34464 13:02:46 (0) ** ACEMask: &h1F
34465 13:02:46 (0) ** DCOM_RIGHT_EXECUTE
34466 13:02:46 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
34467 13:02:46 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
34468 13:02:46 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
34469 13:02:46 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
34470 13:02:46 (0) **
34471 13:02:46 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
34472 13:02:46 (0) ** Removing default security will cause some operations to fail!
34473 13:02:46 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
34474 13:02:46 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
34475 13:02:46 (0) **
34476 13:02:46 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED.
34477 13:02:46 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED!
34478 13:02:46 (0) ** - REMOVED ACE:
34479 13:02:46 (0) ** ACEType: &h0
34480 13:02:46 (0) ** ACCESS_ALLOWED_ACE_TYPE
34481 13:02:46 (0) ** ACEFlags: &h0
34482 13:02:46 (0) ** ACEMask: &h1F
34483 13:02:46 (0) ** DCOM_RIGHT_EXECUTE
34484 13:02:46 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
34485 13:02:46 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
34486 13:02:46 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
34487 13:02:46 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
34488 13:02:46 (0) **
34489 13:02:46 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
34490 13:02:46 (0) ** Removing default security will cause some operations to fail!
34491 13:02:46 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
34492 13:02:46 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
34493 13:02:46 (0) **
34494 13:02:46 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED.
34495 13:02:46 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED!
34496 13:02:46 (0) ** - REMOVED ACE:
34497 13:02:46 (0) ** ACEType: &h0
34498 13:02:46 (0) ** ACCESS_ALLOWED_ACE_TYPE
34499 13:02:46 (0) ** ACEFlags: &h0
34500 13:02:46 (0) ** ACEMask: &h1F
34501 13:02:46 (0) ** DCOM_RIGHT_EXECUTE
34502 13:02:46 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
34503 13:02:46 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
34504 13:02:46 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
34505 13:02:46 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
34506 13:02:46 (0) **
34507 13:02:46 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
34508 13:02:46 (0) ** Removing default security will cause some operations to fail!
34509 13:02:46 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
34510 13:02:46 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
34511 13:02:46 (0) **
34512 13:02:46 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED.
34513 13:02:46 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
34514 13:02:46 (0) ** - REMOVED ACE:
34515 13:02:46 (0) ** ACEType: &h0
34516 13:02:46 (0) ** ACCESS_ALLOWED_ACE_TYPE
34517 13:02:46 (0) ** ACEFlags: &h0
34518 13:02:46 (0) ** ACEMask: &h1F
34519 13:02:46 (0) ** DCOM_RIGHT_EXECUTE
34520 13:02:46 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
34521 13:02:46 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
34522 13:02:46 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
34523 13:02:46 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
34524 13:02:46 (0) **
34525 13:02:46 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
34526 13:02:46 (0) ** Removing default security will cause some operations to fail!
34527 13:02:46 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
34528 13:02:46 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
34529 13:02:46 (0) **
34530 13:02:46 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED.
34531 13:02:46 (1) !! ERROR: Default trustee 'BUILTIN\PERFORMANCE LOG USERS' has been REMOVED!
34532 13:02:46 (0) ** - REMOVED ACE:
34533 13:02:46 (0) ** ACEType: &h0
34534 13:02:46 (0) ** ACCESS_ALLOWED_ACE_TYPE
34535 13:02:46 (0) ** ACEFlags: &h0
34536 13:02:46 (0) ** ACEMask: &h1F
34537 13:02:46 (0) ** DCOM_RIGHT_EXECUTE
34538 13:02:46 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
34539 13:02:46 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
34540 13:02:46 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
34541 13:02:46 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
34542 13:02:46 (0) **
34543 13:02:46 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
34544 13:02:46 (0) ** Removing default security will cause some operations to fail!
34545 13:02:46 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
34546 13:02:46 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
34547 13:02:46 (0) **
34548 13:02:46 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED.
34549 13:02:46 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED!
34550 13:02:46 (0) ** - REMOVED ACE:
34551 13:02:46 (0) ** ACEType: &h0
34552 13:02:46 (0) ** ACCESS_ALLOWED_ACE_TYPE
34553 13:02:46 (0) ** ACEFlags: &h0
34554 13:02:46 (0) ** ACEMask: &hB
34555 13:02:46 (0) ** DCOM_RIGHT_EXECUTE
34556 13:02:46 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
34557 13:02:46 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
34558 13:02:46 (0) **
34559 13:02:46 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
34560 13:02:46 (0) ** Removing default security will cause some operations to fail!
34561 13:02:46 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
34562 13:02:46 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
34563 13:02:46 (0) **
34564 13:02:46 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
34565 13:02:46 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
34566 13:02:46 (0) ** - REMOVED ACE:
34567 13:02:46 (0) ** ACEType: &h0
34568 13:02:46 (0) ** ACCESS_ALLOWED_ACE_TYPE
34569 13:02:46 (0) ** ACEFlags: &h0
34570 13:02:46 (0) ** ACEMask: &h1F
34571 13:02:46 (0) ** DCOM_RIGHT_EXECUTE
34572 13:02:46 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
34573 13:02:46 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
34574 13:02:46 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
34575 13:02:46 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
34576 13:02:46 (0) **
34577 13:02:46 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
34578 13:02:46 (0) ** Removing default security will cause some operations to fail!
34579 13:02:46 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
34580 13:02:46 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
34581 13:02:46 (0) **
34582 13:02:46 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
34583 13:02:46 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED!
34584 13:02:46 (0) ** - REMOVED ACE:
34585 13:02:46 (0) ** ACEType: &h0
34586 13:02:46 (0) ** ACCESS_ALLOWED_ACE_TYPE
34587 13:02:46 (0) ** ACEFlags: &h0
34588 13:02:46 (0) ** ACEMask: &h1F
34589 13:02:46 (0) ** DCOM_RIGHT_EXECUTE
34590 13:02:46 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
34591 13:02:46 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
34592 13:02:46 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
34593 13:02:46 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
34594 13:02:46 (0) **
34595 13:02:46 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
34596 13:02:46 (0) ** Removing default security will cause some operations to fail!
34597 13:02:46 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
34598 13:02:46 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
34599 13:02:46 (0) **
34600 13:02:46 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
34601 13:02:46 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED!
34602 13:02:46 (0) ** - REMOVED ACE:
34603 13:02:46 (0) ** ACEType: &h0
34604 13:02:46 (0) ** ACCESS_ALLOWED_ACE_TYPE
34605 13:02:46 (0) ** ACEFlags: &h0
34606 13:02:46 (0) ** ACEMask: &h1F
34607 13:02:46 (0) ** DCOM_RIGHT_EXECUTE
34608 13:02:46 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
34609 13:02:46 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
34610 13:02:46 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
34611 13:02:46 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
34612 13:02:46 (0) **
34613 13:02:46 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
34614 13:02:46 (0) ** Removing default security will cause some operations to fail!
34615 13:02:46 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
34616 13:02:46 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
34617 13:02:46 (0) **
34618 13:02:46 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
34619 13:02:46 (1) !! ERROR: Default trustee 'NT AUTHORITY\NETWORK SERVICE' has been REMOVED!
34620 13:02:46 (0) ** - REMOVED ACE:
34621 13:02:46 (0) ** ACEType: &h0
34622 13:02:46 (0) ** ACCESS_ALLOWED_ACE_TYPE
34623 13:02:46 (0) ** ACEFlags: &h0
34624 13:02:46 (0) ** ACEMask: &h1F
34625 13:02:46 (0) ** DCOM_RIGHT_EXECUTE
34626 13:02:46 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
34627 13:02:46 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
34628 13:02:46 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
34629 13:02:46 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
34630 13:02:46 (0) **
34631 13:02:46 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
34632 13:02:46 (0) ** Removing default security will cause some operations to fail!
34633 13:02:46 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
34634 13:02:46 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
34635 13:02:46 (0) **
34636 13:02:46 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
34637 13:02:46 (1) !! ERROR: Default trustee 'NT AUTHORITY\LOCAL SERVICE' has been REMOVED!
34638 13:02:46 (0) ** - REMOVED ACE:
34639 13:02:46 (0) ** ACEType: &h0
34640 13:02:46 (0) ** ACCESS_ALLOWED_ACE_TYPE
34641 13:02:46 (0) ** ACEFlags: &h0
34642 13:02:46 (0) ** ACEMask: &h1F
34643 13:02:46 (0) ** DCOM_RIGHT_EXECUTE
34644 13:02:46 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
34645 13:02:46 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
34646 13:02:46 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
34647 13:02:46 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
34648 13:02:46 (0) **
34649 13:02:46 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
34650 13:02:46 (0) ** Removing default security will cause some operations to fail!
34651 13:02:46 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
34652 13:02:46 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
34653 13:02:46 (0) **
34654 13:02:46 (0) **
34655 13:02:46 (0) ** DCOM security warning(s) detected: .................................................................................. 0.
34656 13:02:46 (0) ** DCOM security error(s) detected: .................................................................................... 14.
34657 13:02:46 (0) ** WMI security warning(s) detected: ................................................................................... 0.
34658 13:02:46 (0) ** WMI security error(s) detected: ..................................................................................... 0.
34659 13:02:46 (0) **
34660 13:02:46 (1) !! ERROR: Overall DCOM security status: ................................................................................ ERROR!
34661 13:02:46 (0) ** Overall WMI security status: ........................................................................................ OK.
34662 13:02:46 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
34663 13:02:46 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 1.
34664 13:02:46 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer".
34665 13:02:46 (0) ** 'select * from MSFT_SCMEventLogEvent'
34666 13:02:46 (0) **
34667 13:02:46 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
34668 13:02:46 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: .................................................................... 3 NAMESPACE(S)!
34669 13:02:46 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTTPM.
34670 13:02:46 (0) ** - ROOT/CIMV2/TERMINALSERVICES.
34671 13:02:46 (0) ** - ROOT/SERVICEMODEL.
34672 13:02:46 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to
34673 13:02:46 (0) ** use an encrypted connection by specifying the PACKET PRIVACY authentication level.
34674 13:02:46 (0) ** (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags)
34675 13:02:46 (0) ** i.e. 'WMIC.EXE /NODE:"ISWDC2" /AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class __SystemSecurity'
34676 13:02:46 (0) **
34677 13:02:46 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK.
34678 13:02:46 (0) ** WMI CONNECTIONS: .................................................................................................... OK.
34679 13:02:46 (1) !! ERROR: WMI GET operation errors reported: ........................................................................... 32 ERROR(S)!
34680 13:02:46 (0) ** - Root/CIMV2, MSFT_NetInvalidDriverDependency, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34681 13:02:46 (0) ** MOF Registration: ''
34682 13:02:46 (0) ** - Root/CIMV2, Win32_OsBaselineProvider, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34683 13:02:46 (0) ** MOF Registration: ''
34684 13:02:46 (0) ** - Root/CIMV2, Win32_OsBaseline, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34685 13:02:46 (0) ** MOF Registration: ''
34686 13:02:46 (0) ** - Root/CIMV2, Win32_DriverVXD, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34687 13:02:46 (0) ** MOF Registration: ''
34688 13:02:46 (0) ** - Root/CIMV2, Win32_PerfFormattedData_BITS_BITSNetUtilization, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34689 13:02:46 (0) ** MOF Registration: ''
34690 13:02:46 (0) ** - Root/CIMV2, Win32_PerfRawData_BITS_BITSNetUtilization, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34691 13:02:46 (0) ** MOF Registration: ''
34692 13:02:46 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_GenericIKEandAuthIP, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34693 13:02:46 (0) ** MOF Registration: ''
34694 13:02:46 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_GenericIKEandAuthIP, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34695 13:02:46 (0) ** MOF Registration: ''
34696 13:02:46 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecAuthIPv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34697 13:02:46 (0) ** MOF Registration: ''
34698 13:02:46 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecAuthIPv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34699 13:02:46 (0) ** MOF Registration: ''
34700 13:02:46 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecAuthIPv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34701 13:02:46 (0) ** MOF Registration: ''
34702 13:02:46 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecAuthIPv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34703 13:02:46 (0) ** MOF Registration: ''
34704 13:02:46 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecIKEv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34705 13:02:46 (0) ** MOF Registration: ''
34706 13:02:46 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecIKEv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34707 13:02:46 (0) ** MOF Registration: ''
34708 13:02:46 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecIKEv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34709 13:02:46 (0) ** MOF Registration: ''
34710 13:02:46 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecIKEv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34711 13:02:46 (0) ** MOF Registration: ''
34712 13:02:46 (0) ** - Root/CIMV2, Win32_PerfFormattedData_TermService_TerminalServices, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34713 13:02:46 (0) ** MOF Registration: ''
34714 13:02:46 (0) ** - Root/CIMV2, Win32_PerfRawData_TermService_TerminalServices, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34715 13:02:46 (0) ** MOF Registration: ''
34716 13:02:46 (0) ** - Root/WMI, ReserveDisjoinThread, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34717 13:02:46 (0) ** MOF Registration: ''
34718 13:02:46 (0) ** - Root/WMI, ReserveLateCount, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34719 13:02:46 (0) ** MOF Registration: ''
34720 13:02:46 (0) ** - Root/WMI, ReserveJoinThread, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34721 13:02:46 (0) ** MOF Registration: ''
34722 13:02:46 (0) ** - Root/WMI, ReserveDelete, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34723 13:02:46 (0) ** MOF Registration: ''
34724 13:02:46 (0) ** - Root/WMI, ReserveBandwidth, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34725 13:02:46 (0) ** MOF Registration: ''
34726 13:02:46 (0) ** - Root/WMI, ReserveCreate, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34727 13:02:46 (0) ** MOF Registration: ''
34728 13:02:46 (0) ** - Root/WMI, SystemConfig_PhyDisk, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34729 13:02:46 (0) ** MOF Registration: ''
34730 13:02:46 (0) ** - Root/WMI, SystemConfig_Video, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34731 13:02:46 (0) ** MOF Registration: ''
34732 13:02:46 (0) ** - Root/WMI, SystemConfig_IDEChannel, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34733 13:02:46 (0) ** MOF Registration: ''
34734 13:02:46 (0) ** - Root/WMI, SystemConfig_NIC, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34735 13:02:46 (0) ** MOF Registration: ''
34736 13:02:46 (0) ** - Root/WMI, SystemConfig_Network, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34737 13:02:46 (0) ** MOF Registration: ''
34738 13:02:46 (0) ** - Root/WMI, SystemConfig_CPU, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34739 13:02:46 (0) ** MOF Registration: ''
34740 13:02:46 (0) ** - Root/WMI, SystemConfig_LogDisk, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34741 13:02:46 (0) ** MOF Registration: ''
34742 13:02:46 (0) ** - Root/WMI, SystemConfig_Power, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
34743 13:02:46 (0) ** MOF Registration: ''
34744 13:02:46 (0) ** => When a WMI performance class is missing (i.e. 'Win32_PerfRawData_TermService_TerminalServices'), it is generally due to
34745 13:02:46 (0) ** a lack of buffer refresh of the WMI class provider exposing the WMI performance counters.
34746 13:02:46 (0) ** You can refresh the WMI class provider buffer with the following command:
34747 13:02:46 (0) **
34748 13:02:46 (0) ** i.e. 'WINMGMT.EXE /SYNCPERF'
34749 13:02:46 (0) **
34750 13:02:46 (0) ** WMI MOF representations: ............................................................................................ OK.
34751 13:02:46 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
34752 13:02:46 (0) ** WMI ENUMERATION operations: ......................................................................................... OK.
34753 13:02:46 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
34754 13:02:46 (2) !! WARNING: WMI GET VALUE operation errors reported: ................................................................... 5 WARNING(S)!
34755 13:02:46 (0) ** - Root, Instance: __EventConsumerProviderCacheControl=@, Property: ClearAfter='00000000000030.000000:000' (Expected default='00000000000500.000000:000').
34756 13:02:46 (0) ** - Root, Instance: __EventProviderCacheControl=@, Property: ClearAfter='00000000000030.000000:000' (Expected default='00000000000500.000000:000').
34757 13:02:46 (0) ** - Root, Instance: __EventSinkCacheControl=@, Property: ClearAfter='00000000000015.000000:000' (Expected default='00000000000230.000000:000').
34758 13:02:46 (0) ** - Root, Instance: __ObjectProviderCacheControl=@, Property: ClearAfter='00000000000030.000000:000' (Expected default='00000000000500.000000:000').
34759 13:02:46 (0) ** - Root, Instance: __PropertyProviderCacheControl=@, Property: ClearAfter='00000000000030.000000:000' (Expected default='00000000000500.000000:000').
34760 13:02:46 (0) **
34761 13:02:46 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
34762 13:02:46 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
34763 13:02:46 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
34764 13:02:46 (0) ** WMI static instances retrieved: ..................................................................................... 1822.
34765 13:02:46 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
34766 13:02:46 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 1.
34767 13:02:46 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
34768 13:02:46 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
34769 13:02:46 (0) ** DCOM: ............................................................................................................. 0.
34770 13:02:46 (0) ** WINMGMT: .......................................................................................................... 0.
34771 13:02:46 (0) ** WMIADAPTER: ....................................................................................................... 0.
34772 13:02:46 (0) **
34773 13:02:46 (0) ** # of additional Event Log events AFTER WMIDiag execution:
34774 13:02:46 (0) ** DCOM: ............................................................................................................. 0.
34775 13:02:46 (0) ** WINMGMT: .......................................................................................................... 0.
34776 13:02:46 (0) ** WMIADAPTER: ....................................................................................................... 0.
34777 13:02:46 (0) **
34778 13:02:46 (0) ** 32 error(s) 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found
34779 13:02:46 (0) ** => This error is typically a WMI error. This WMI error is due to:
34780 13:02:46 (0) ** - a missing WMI class definition or object.
34781 13:02:46 (0) ** (See any GET, ENUMERATION, EXECQUERY and GET VALUE operation failures).
34782 13:02:46 (0) ** You can correct the missing class definitions by:
34783 13:02:46 (0) ** - Manually recompiling the MOF file(s) with the 'MOFCOMP <FileName.MOF>' command.
34784 13:02:46 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag.
34785 13:02:46 (0) ** (This list can be built on a similar and working WMI Windows installation)
34786 13:02:46 (0) ** The following command line must be used:
34787 13:02:46 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider'
34788 13:02:46 (0) ** Note: When a WMI performance class is missing, you can manually resynchronize performance counters
34789 13:02:46 (0) ** with WMI by starting the ADAP process.
34790 13:02:46 (0) ** - a WMI repository corruption.
34791 13:02:46 (0) ** In such a case, you must rerun WMIDiag with 'WriteInRepository' parameter
34792 13:02:46 (0) ** to validate the WMI repository operations.
34793 13:02:46 (0) ** Note: ENSURE you are an administrator with FULL access to WMI EVERY namespaces of the computer before
34794 13:02:46 (0) ** executing the WriteInRepository command. To write temporary data from the Root namespace, use:
34795 13:02:46 (0) ** i.e. 'WMIDiag WriteInRepository=Root'
34796 13:02:46 (0) ** - If the WriteInRepository command fails, while being an Administrator with ALL accesses to ALL namespaces
34797 13:02:46 (0) ** the WMI repository must be reconstructed.
34798 13:02:46 (0) ** Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository,
34799 13:02:46 (0) ** otherwise some applications may fail after the reconstruction.
34800 13:02:46 (0) ** This can be achieved with the following command:
34801 13:02:46 (0) ** i.e. 'WMIDiag ShowMOFErrors'
34802 13:02:46 (0) ** Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing
34803 13:02:46 (0) ** ALL fixes previously mentioned.
34804 13:02:46 (2) !! WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory)
34805 13:02:46 (0) **
34806 13:02:46 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
34807 13:02:46 (0) ** WMI Registry key setup: ............................................................................................. OK.
34808 13:02:46 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
34809 13:02:46 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
34810 13:02:46 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
34811 13:02:46 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
34812 13:02:46 (0) **
34813 13:02:46 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
34814 13:02:46 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
34815 13:02:46 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
34816 13:02:46 (0) **
34817 13:02:46 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\USERS\ABCDEF\APPDATA\LOCAL\TEMP\WMIDIAG-V2.1_2K8R2.SRV.SP1.64_ISWDC2_2014.05.22_12.49.13.LOG' for details.
34818 13:02:46 (0) **
34819 13:02:46 (0) ** WMIDiag v2.1 ended on Donnerstag, 22. Mai 2014 at 13:02 (W:89 E:52 S:1).
There are a lot of error in the report and I don't know, whether they are relevant or how to solve them. To my current knowledge, I need to solve at least some of them so that I can access the local WMI repository again and get replication back working.
But after hours of research I am stuck. Any hints are greatly appreciated.
Regards,
Oliver

I don't know why, but soon after posting this, I found a solution to the problem. The WMI part was solved in this thread:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/953be9ef-e9e3-4885-a5c4-47fc475ba562/dfs-is-not-working-anymore?forum=winserverfiles
The relevant portion is this:
Open a CMD prompt in %windir%\system32\wbem
mofcomp dfsrprovs.mof
net stop winmgmt
net start winmgmt
net start iphlpsvc
net stop dfsr
net start dfsr
I don't know why recompiling of all mof did not solve the problem, but the solution above did. Restarting the DCs solved the communication issue. I don't know why the primary DC forgot about the WMI DFS provider or why communication failed. However, it is
working again, it seems.

Operations manager failed to run a wmi query for wmi events (0x800706ba)

Hi everyone,
I've been working on this issue for a while and I am still no closer to finding out what the problem is. If anybody can offer any other advice or things to check, I'm all ears.
I'm running SCOM 2012 R2 with UR2, and the Cluster Management Pack v6.0.7063.0
My problem is on one particular batch of cluster servers where I am getting the following error.
Name: Operations Manager failed to run a WMI query for WMI events
Alert Description:
Module was unable to enumerate the WMI data
Error: 0x800706ba
Details: The RPC server is unavailable
Workflow name: Microsoft.Windows.Cluster.Node.StateMonitoring
Instance Name: servername.domain.local
Instance ID: {instance_id}
Management group: SCOM_Management_Grp_Name
I am getting this alert regardless of whether I run the Windows Cluster Action Account as Local System, or as a domain user with full local admin privileges on all the cluster nodes.
When looking at the management pack and the workflow in particular (Microsoft.Windows.Cluster.Node.StateMonitoring), I can see that it's trying to access
MSCluster_Node in the root\MSCLUSTER WMI namespace.
This is the workflow for your information...
<UnitMonitor> ID="Microsoft.Windows.Cluster.Node.StateMonitoring" Accessibility="Public" Enabled="onEssentialMonitoring" Target="ClusLibrary!Microsoft.Windows.Cluster.Node" ParentMonitorID="Health!System.Health.AvailabilityState" Remotable="true" Priority="Normal" TypeID="ClusLibrary!Microsoft.Windows.Cluster.CheckState" ConfirmDelivery="false">
<Category>AvailabilityHealth</Category>
<AlertSettings AlertMessage="Microsoft.Windows.Cluster.Node.StateMonitoring.AlertMessage">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>MatchMonitorHealth</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Target/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</AlertParameter1>
<AlertParameter2>$Target/Property[Type="ClusLibrary!Microsoft.Windows.Cluster.Node"]/ClusterName$</AlertParameter2>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="Success" MonitorTypeStateID="Online" HealthState="Success" />
<OperationalState ID="Warning" MonitorTypeStateID="Partial" HealthState="Warning" />
<OperationalState ID="Error" MonitorTypeStateID="NotOnline" HealthState="Error" />
</OperationalStates>
<Configuration>
<ClusterObjectName>$Target/Property[Type='ClusLibrary!Microsoft.Windows.Cluster.Node']/NodeName$</ClusterObjectName>
<PollInterval>60</PollInterval>
<ClusterObjectClass>MSCLUSTER_Node</ClusterObjectClass>
<OnlineExpression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='EventNewState']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">0</Value>
</ValueExpression>
</SimpleExpression>
</OnlineExpression>
<OnlineExpressionOnDemand>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='State']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">0</Value>
</ValueExpression>
</SimpleExpression>
</OnlineExpressionOnDemand>
<PartialExpression>
<Or>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='EventNewState']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">2</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='EventNewState']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">3</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</Or>
</PartialExpression>
<PartialExpressionOnDemand>
<Or>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='State']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">2</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='State']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">3</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</Or>
</PartialExpressionOnDemand>
<NotOnlineExpression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='EventNewState']</XPathQuery>
</ValueExpression>
<Operator>NotEqual</Operator>
<ValueExpression>
<Value Type="String">0</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='EventNewState']</XPathQuery>
</ValueExpression>
<Operator>NotEqual</Operator>
<ValueExpression>
<Value Type="String">2</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='EventNewState']</XPathQuery>
</ValueExpression>
<Operator>NotEqual</Operator>
<ValueExpression>
<Value Type="String">3</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</NotOnlineExpression>
<NotOnlineExpressionOnDemand>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='State']</XPathQuery>
</ValueExpression>
<Operator>NotEqual</Operator>
<ValueExpression>
<Value Type="String">0</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='State']</XPathQuery>
</ValueExpression>
<Operator>NotEqual</Operator>
<ValueExpression>
<Value Type="String">2</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='State']</XPathQuery>
</ValueExpression>
<Operator>NotEqual</Operator>
<ValueExpression>
<Value Type="String">3</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</NotOnlineExpressionOnDemand>
<WMIFields>Name, State</WMIFields>
</Configuration>
</UnitMonitor>
I can confirm that I am able to browse the MSCluster_Node class locally, as well as remotely using WMIEXPLORER and WBEMTEST,
however it only works when I set the Authentication Level to
Packet Privacy. If I do not select Packet Privacy, a WMI event log error 5605 is logged on the remote servers application log that says...
The root\mscluster namespace is marked with the RequiresEncryption flag. Access to this namespace might be denied if the script or application does not have the appropriate authentication level. Change the authentication level to Pkt_Privacy
and run the script or application again.
I can confirm that all firewalls are turned off, and there are no firewalls between the management servers and the agents in question. AV exclusions have been done and appear to be in place. The nodes are all Windows 2008 R2 with SP1. As
far as I can tell there is plenty of memory available on each of the nodes in question (50%+) of RAM is available.
If I manually run the "Discover the Windows Server 2008 R2 Cluster Components" task in the Cluster Service State section of the management pack in the Monitoring Pane in the console, on the nodes in question - the discovery runs successfully.
Does anybody have any other ideas or suggestions I could try?
Many thanks in advance,
Noel.
http://www.dreamension.net

Hi,
Common causes of RPC errors include:
Errors resolving a DNS or NetBIOS name.
The RPC service or related services may not be running.
Problems with network connectivity.
File and printer sharing is not enabled.
For more information, please review the link below:
Windows Server Troubleshooting: "The RPC server is unavailable"
http://social.technet.microsoft.com/wiki/contents/articles/4494.windows-server-troubleshooting-the-rpc-server-is-unavailable.aspx#Identify
Troubleshooting RPC Errors
http://technet.microsoft.com/en-us/magazine/2007.07.howitworks.aspx
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Problem with Terminal Service Performance Counters in WMI on Windows Server 2008 SP2

I'm always getting Errors in the WMI Subsystem. The two classes Win32_PerfFormattedData_TermService_TerminalServices and Win32_PerfRawData_TermService_TerminalServices are not found by WMI.
According to KB2512451 classes Win32_PerfRawData_TermService_TerminalServices and Win32_PerfFormattedData_TermService_TerminalServices have been renamed in Windows Server 2008 SP1.
Unfortunately in the WMI system they are still referenced, which produces Errors as you can see in the following log file.
Excerpt from the WMIDIAG 2.1 log file:
26757 15:36:08 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK.
26758 15:36:08 (0) ** WMI CONNECTIONS: .................................................................................................... OK.
26759 15:36:08 (1) !! ERROR: WMI GET operation errors reported: ........................................................................... 2 ERROR(S)!
26760 15:36:08 (0) ** - Root/CIMV2, Win32_PerfFormattedData_TermService_TerminalServices, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
26761 15:36:08 (0) ** MOF Registration: ''
26762 15:36:08 (0) ** - Root/CIMV2, Win32_PerfRawData_TermService_TerminalServices, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
I'v tried to delete the two classes using wbemtest.exe started as Administrator but I get an error 0x80041024: Provider not capable of the attempted Operation.
How can I get rid of these two errors in the WMI system?
Markus

Hi Markus,
Did you refer to following KB and check if that HotFix will help you.
The WMI repository is corrupted on a computer that is running Windows Server 2008 or Windows Vista
Meanwhile, please check system log file if find some clues.
By the way, did you install all necessary updates on the server 2008?
If any update, please feel free to let me know.
Best regards,
Justin Gu
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Failover cluster wmi provider detected an invalid character

We are getting this recurring error in our two node hyper-v cluster:
ID: 6237 Source: FailoverClustering-WMIProvider
Logs anywhere from 1- 15 of these errors every half hour. We are running on Server 2008 R2 SP1 with Hyper-V role and management done by VMM 2012. Hosts are identical hardware (Intel Board, dual quad-core Xeon, 48gb ram) and VMs running on EMC VNXe 3100 shared
storage via iSCSI.
Log Name:      Microsoft-Windows-FailoverClustering-WMIProvider/Admin
Source:        Microsoft-Windows-FailoverClustering-WMIProvider
Date:          5/6/2013 5:02:11 AM
Event ID:      6237
Task Category: Failover Cluster WMI Provider
Level:         Error
Keywords:
User:          COASCADA\msscvmm
Computer:      wwpsvrhypv02.coascada.local
Description:
Failover Cluster WMI Provider detected an invalid character. The private property name 'PreviousOfflineAction' had an invalid character but the provider failed to change it to a valid property name. Property names must start with A-Z or a-z, and valid characters
for WMI property names are A-Z, a-z, 0-9, and '_'.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
   <Provider Name="Microsoft-Windows-FailoverClustering-WMIProvider" Guid="{0461BE3C-BC15-4BAD-9A9E-51F3FADFEC75}" />
    <EventID>6237</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>1</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2013-05-06T12:02:11.390560300Z" />
    <EventRecordID>8301</EventRecordID>
    <Correlation />
    <Execution ProcessID="6900" ThreadID="5376" />
    <Channel>Microsoft-Windows-FailoverClustering-WMIProvider/Admin</Channel>
    <Computer>wwpsvrhypv02.coascada.local</Computer>
    <Security UserID="S-1-5-21-3378633525-1537071075-772992230-3177" />
</System>
<EventData>
    <Data Name="Parameter1">PreviousOfflineAction</Data>
</EventData>
</Event>

Hi,
You may try the hotfix in KB 974930:
An application or service that queries information about a failover cluster by using the WMI provider may experience low performance or a time-out exception
http://support.microsoft.com/kb/974930
Cause:
This problem occurs because the WMI provider responds to the query requests very slowly. The time that the WMI provider takes to complete the query requests affects the following performance measurements:
The ability and reliability of the service or application
The speed of generating a status report about the failover cluster
Therefore, a slow response of the WMI provider may cause the application or service to function abnormally.
For more information please refer to following MS articles:
Event ID 6237: Failover Cluster WMI Provider detected an invalid character
http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2highavailability/thread/bae84aea-5a80-4637-989b-c31bbc1aa55a/
Lawrence
TechNet Community Support

SQL Server won't start - unhelpful error message in log

I am running SQL Server 2008 on Windows Server 2008. SQL server had been running using a netowrk account, which i then changed over to a dedicated Active Directory account, and I tried restarting the server. It failed to restart, and produces a number of identical error messages in the event log. The error message is below:
initerrlog: Could not open error log file ''. Operating system error = 3(failed to retrieve text for this error. Reason: 15105)
I've searched the web and have not found a solution. It appears to be a permissions problem (the "Reason: 15105" indicates such), but the permissions on all the data and log folders are correct. The fact that it fails to list the error log file is the must frustrating of all since it gives me no indication of where to look for the problem.
If I try switching the the SQL Server user back to the network account it gives the following error:
WMI Provider Error [call to WMI Provider returned error code: 0x800742a2]

Hi Guys,
The solution of Tibork is the working one for me.
What I did to get this error:
I wanted to move my TempDB to another volume (e). I executed following query:
USE master
GO
ALTER DATABASE tempdb
MODIFY FILE (NAME = tempdb, FILENAME = 'E:\tempdb.mdf')
GO
ALTER DATABASE tempdb
MODIFY FILE (NAME = templog, FILENAME = 'E:\templog.ldf')
GO
Stopped the SQL Server instance and moved the TempDB files from the original DATA folder.
After that, when I restarted the server, it gave me the 1814 error. I tried to undo my actions with no luck.
The working solution for the problem was indeed access rights. I know its not best practice, but since we are in a protected environment I choose to remedy the problem with Tibork's solution:
Start > Control Panel > Adminsitrative Tools > Services
Find the SQL Instance
Right click and choose Properties
Find the logon tab
I changed the logon to "Local System Account"
Worked like a charm. Thanks for the hint.

Event ID 10 with error 0x80041010

Hello,
getting the following event 10 as well as a handful of others differing only in the specific wmi class referenced in the query. Appears to only be logged once at boot.
Log Name: Application
Source: Microsoft-Windows-WMI
Event ID: 10
Description:
Event filter with query "select * from HP_PowerSupplyEvent" could not be reactivated in namespace "//./ROOT/WMI" because of error 0x80041010. Events cannot be delivered through this filter until the problem is corrected.
This is an HP server and I know it's related to the HP WBEM provider. I'm using the latest version of the HP WBEM provider, and have also tried the previous version. Same results.
From what I've found googling the 0x8001010 error indicates an 'invalid class', however using powershell I can retrieve a reference to this class without error, and they show in the list when querying that namespace, for example:
PS C:\> gwmi -Namespace root\wmi -list | Select-String hp_
\\DFEWWW-R5CM5N\ROOT\wmi:HP_FanEvent
\\DFEWWW-R5CM5N\ROOT\wmi:HP_UIDStateChangeEvent
\\DFEWWW-R5CM5N\ROOT\wmi:HP_TempSensorFailureEvent
\\DFEWWW-R5CM5N\ROOT\wmi:HP_PowerSupplyEvent
\\DFEWWW-R5CM5N\ROOT\wmi:HP_ASRStateChangeEvent
\\DFEWWW-R5CM5N\ROOT\wmi:HP_Health
all the classes listed in output of above PS command have an event id 10 error in the application log, just like the example I put at the beginning of this post.
aside from "check with HP", does anyone have any idea how to resolve this? recompiling the mof's?

I have the same problem on Windows 2008 R2 server and the WMI Diagnosis Utility doesn't work.
May the source be with you!
Please Mark As Answer if my post solves your problem or
Vote As Helpful if a post has been helpful for you.
yes, same thing happened with Windows Server 2008R2 and HP WBEM monitoring agent.
What's the solution here ?
/* Server Support Specialist */

Client Install Fails - Unable to get Win32_OperatingSystem object

I have a PC that won't install the SCCM client via Client Push. In the CCM.Log file on the site server, it connects to the IPC$ and admin$ shares using my client installation account, but then it comes back with this error:
---> Unable to get Win32_OperatingSystem object from WMI on remote machine "PCNAME", error = 0x80080005.
I know that error means that access was denied to WMI, and I verified that when I run wbemtest manually (using the same client installation account), I can connect to the root\cimv2 object on that PC but when I try to enumerate the instances of the Win32_OperatingSystem object, I get the same error.
I also tried using Computer Management applet (remotely - I have no local access to this PC) to look at the WMI Control properties. Again, I get the same access denied error so I can't check/change the security permissions that way.
I have verified that my client installation account is in the local Administrators group of the PC. I've already tried rebuilding the WMI repository - that worked but it didn't fix the access issue. I know I can install the client manually but I'm guessing I'd still have a problem with inventories, etc. that are dependent on access to that WMI object. Any suggestions about how to go about fixing the WMI access issue?
Thanks so much, --Jo

Finally getting back to this issue after vacaton... sigh.
I got a little further. I took client push out of the mix and ran ccmsetup.exe locally on the PC. This time the client installation ran. However, I'm still getting a similar error from the client itself and the client is not talking to the site. After the client was installed, only about 10 of the log files showed up in system32\ccm\logs.
ccmexec.log shows this error:
Endpoint'PolicyAgent_PolicyEvaluator' return 0x80070057 from event notification
PolicyAgentProvider.log has these lines repeating:
Failed to create actual config class for 'CCM_RootCACertificates'
Failed to update namespace 'Machine' (80041002)
Successfully updated namespace 'DefaultMachine'
Successfully updated namespace 'DefaultUser'
Failed to create actual config class for 'CCM_MulticastConfig'
Failed to update namespace 'Machine' (80041002)
PolicyEvaluator.log has this error:
Received notification that Local policy has changed.
Failed to trigger Machine settings update (80070057)
SrcUpdateManager has these errors:
Instance of CCM_SourceUpdateClientConfig doesn't exist in WMI
Failed to get instance of CCM_SourceUpdateHistory, error 80041002
ClientIDManagerStartup.log has these errors:
GetSystemEnclosureInfo failed (0x80080005)
ComputeHardwareID failed (0x80080005).
RegTask: Failed to create registration request body. Error: 0x80080005
The rest of the logs that exist (LocationServices, StatusAgent, ClientLocation, RemCtrl, and setuppolicyevaluator) appear to be OK.
These seem to all be WMI-related errors/issues, but I can't find any specific information on any SCCM/SMS websites/forums that address these particular errors in these particular log files. I've tried rebuilding the repository (several times), I've done the regsvr stuff as discussed above, etc.
I ran WMIDIAG next. It ran for a little less than two hours - not sure if that's normal or not, but the log file continued to update the entire time. Now I have this log file and I'm not sure what to do with the issues I found. I'm looking at the WMI REPORT: BEGIN section... I see instructions that make sense for most of the errors. However, the section of log file below shows the area that is most likely causing issues for SCCM because it is the same error I get on the client install. I have no idea how to fix this stuff - any help would be appreciated:
31997 14:20:05 (1) !! ERROR: WMI ENUMERATION operation errors reported: .......................................... 33 ERROR(S)!
31998 14:20:05 (0) ** - ROOT/CIMV2, InstancesOfAsync, CIM_USBDevice, 0x80080005 - .
31999 14:20:05 (0) ** - ROOT/CIMV2, InstancesOfAsync, CIM_USBHub, 0x80080005 - .
32000 14:20:05 (0) ** - ROOT/CIMV2/SMS, InstancesOfAsync, SMS_Class_Template, 0x80041011 - (WBEM_E_PROVIDER_NOT_FOUND) Provider referenced in the schema does not have a corresponding registration.
32001 14:20:05 (0) ** - Root/Default, InstancesOf, SystemRestore, 0x80080005 - Server execution failed.
32002 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_Process, 0x80080005 - Server execution failed.
32003 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_OperatingSystem, 0x80080005 - Server execution failed.
32004 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_ComputerSystem, 0x80080005 - Server execution failed.
32005 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_Service, 0x80041013 - (WBEM_E_PROVIDER_LOAD_FAILURE) COM cannot locate a provider referenced in the schema.
32006 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_Bios, 0x80080005 - Server execution failed.
32007 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_PerfRawData_Tcpip_IP, 0x80080005 - Server execution failed.
32008 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_PerfRawData_Tcpip_TCP, 0x80080005 - Server execution failed.
32009 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_PerfRawData_Tcpip_UDP, 0x80080005 - Server execution failed.
32010 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_PerfRawData_Tcpip_ICMP, 0x80080005 - Server execution failed.
32011 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_PerfRawData_PerfOS_Cache, 0x80080005 - Server execution failed.
32012 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_PerfRawData_PerfOS_Memory, 0x80041013 - (WBEM_E_PROVIDER_LOAD_FAILURE) COM cannot locate a provider referenced in the schema.
32013 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_PerfRawData_PerfOS_Objects, 0x80080005 - Server execution failed.
32014 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_PerfRawData_PerfOS_PagingFile, 0x80080005 - Server execution failed.
32015 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_PerfRawData_PerfOS_Processor, 0x80080005 - Server execution failed.
32016 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_PerfRawData_PerfOS_System, 0x80080005 - Server execution failed.
32017 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_PerfRawData_PerfProc_Process, 0x80080005 - Server execution failed.
32018 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_PerfRawData_PerfProc_Thread, 0x80080005 - Server execution failed.
32019 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_PerfFormattedData_Tcpip_IP, 0x80080005 - Server execution failed.
32020 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_PerfFormattedData_Tcpip_TCP, 0x80080005 - Server execution failed.
32021 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_PerfFormattedData_Tcpip_UDP, 0x80080005 - Server execution failed.
32022 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_PerfFormattedData_Tcpip_ICMP, 0x80041013 - (WBEM_E_PROVIDER_LOAD_FAILURE) COM cannot locate a provider referenced in the schema.
32023 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_PerfFormattedData_PerfOS_Cache, 0x80080005 - Server execution failed.
32024 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_PerfFormattedData_PerfOS_Memory, 0x80080005 - Server execution failed.
32025 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_PerfFormattedData_PerfOS_Objects, 0x80080005 - Server execution failed.
32026 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_PerfFormattedData_PerfOS_PagingFile, 0x80080005 - Server execution failed.
32027 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_PerfFormattedData_PerfOS_Processor, 0x80080005 - Server execution failed.
32028 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_PerfFormattedData_PerfOS_System, 0x80080005 - Server execution failed.
32029 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_PerfFormattedData_PerfProc_Process, 0x80080005 - Server execution failed.
32030 14:20:05 (0) ** - Root/CIMv2, InstancesOf, Win32_PerfFormattedData_PerfProc_Thread, 0x80080005 - Server execution failed.
32031 14:20:05 (0) **
32032 14:20:05 (1) !! ERROR: WMI EXECQUERY operation errors reported: ............................................ 17 ERROR(S)!
32033 14:20:05 (0) ** - Root/Default, SELECT * FROM SystemRestore, 0x80080005 - Server execution failed.
32034 14:20:05 (0) ** - Root/CIMv2, SELECT * FROM Win32_LogicalDisk WHERE FreeSpace > 10000000 AND DriveType = 3, 0x80080005 - Server execution failed.
32035 14:20:05 (0) ** - Root/CIMv2, SELECT * FROM Win32_PageFileUsage, 0x80041013 - (WBEM_E_PROVIDER_LOAD_FAILURE) COM cannot locate a provider referenced in the schema.
32036 14:20:05 (0) ** - Root/CIMv2, SELECT * FROM Win32_BIOS WHERE Version IS NOT NULL, 0x80080005 - Server execution failed.
32037 14:20:05 (0) ** - Root/CIMv2, SELECT * FROM Win32_NetworkAdapter WHERE AdapterType IS NOT NULL AND AdapterType != "Wide Area Network (WAN)" AND Description != "Packet Scheduler Miniport", 0x80041013 - (WBEM_E_PROVIDER_LOAD_FAILURE) COM cannot locate a provider referenced in the schema.
32038 14:20:05 (0) ** - Root/CIMv2, SELECT * FROM Win32_Processor WHERE Name IS NOT NULL, 0x80080005 - Server execution failed.
32039 14:20:05 (0) ** - Root/CIMv2, SELECT * FROM Win32_DiskDrive, 0x80041013 - (WBEM_E_PROVIDER_LOAD_FAILURE) COM cannot locate a provider referenced in the schema.
32040 14:20:05 (0) ** - Root/CIMv2, SELECT * FROM Win32_ComputerSystem, 0x80080005 - Server execution failed.
32041 14:20:05 (0) ** - Root/CIMv2, SELECT * FROM Win32_DiskPartition, 0x80041013 - (WBEM_E_PROVIDER_LOAD_FAILURE) COM cannot locate a provider referenced in the schema.
32042 14:20:05 (0) ** - Root/CIMv2, SELECT * FROM Win32_LogicalDisk WHERE Description != "Network Connection", 0x80080005 - Server execution failed.
32043 14:20:05 (0) ** - Root/CIMv2, SELECT * FROM Win32_SoundDevice, 0x80041013 - (WBEM_E_PROVIDER_LOAD_FAILURE) COM cannot locate a provider referenced in the schema.
32044 14:20:05 (0) ** - Root/CIMv2, SELECT * FROM Win32_VideoController, 0x80080005 - Server execution failed.
32045 14:20:05 (0) ** - Root/CIMv2, SELECT * FROM Win32_USBController, 0x80041013 - (WBEM_E_PROVIDER_LOAD_FAILURE) COM cannot locate a provider referenced in the schema.
32046 14:20:05 (0) ** - Root/CIMv2, SELECT * FROM Win32_DesktopMonitor, 0x80080005 - Server execution failed.
32047 14:20:05 (0) ** - Root/CIMv2, SELECT * FROM Win32_PointingDevice WHERE Status = "OK", 0x80041013 - (WBEM_E_PROVIDER_LOAD_FAILURE) COM cannot locate a provider referenced in the schema.
32048 14:20:05 (0) ** - Root/CIMv2, SELECT * FROM Win32_Keyboard, 0x80080005 - Server execution failed.
32049 14:20:05 (0) ** - Root/CIMv2, SELECT * FROM Win32_SystemDriver WHERE StartMode != "Disabled", 0x80041013 - (WBEM_E_PROVIDER_LOAD_FAILURE) COM cannot locate a provider referenced in the schema.
32050 14:20:05 (0) **
32051 14:20:05 (0) ** WMI PUT operations: ........................................................................ OK.
32052 14:20:05 (0) ** WMI DELETE operations: ..................................................................... OK.
32053 14:20:05 (0) ** WMI GET VALUE operations: .................................................................. OK.
32054 14:20:05 (0) ** WMI static instances retrieved: ............................................................ 1541.
32055 14:20:05 (0) ** WMI dynamic instances retrieved: ........................................................... 0.
32056 14:20:05 (0) ** WMI instances request cancellations (to limit performance impact): ......................... 0.
32057 14:20:05 (0) **
32058 14:20:05 (0) ** 38 error(s) 0x80080005 - (WBEM_UNKNOWN) This error code is external to WMI.
32059 14:20:05 (0) **
32060 14:20:05 (0) ** 1 error(s) 0x80041011 - (WBEM_E_PROVIDER_NOT_FOUND) Provider referenced in the schema does not have a corresponding registration
32061 14:20:05 (0) ** => This error is typically due to the following major reasons:
32062 14:20:05 (0) **    - The application queried by the WMI provider is not installed, not available or not running
32063 14:20:05 (0) **      at the time of the request was made. This error can also be generated because
32064 14:20:05 (0) **      the application supporting the providers has been uninstalled.
32065 14:20:05 (0) **    - The WMI provider binary files are not accessible (e.g. access denied ACL).
32066 14:20:05 (0) **    - A WMI provider registration problem at the CIM level (MOFCOMP.EXE) or at the COM level (REGSVR32.EXE).
32067 14:20:05 (0) **      You must re-register the WMI provider by recompiling its associated MOF file with MOFCOMP.EXE
32068 14:20:05 (0) **    Note: - If the WMI provider DLL CIM and COM registrations are correct, this error can
32069 14:20:05 (0) **            be returned because the provider has a dependency on another DLL that cannot be
32070 14:20:05 (0) **            loaded (missing or bad DLL)
32071 14:20:05 (0) **          - Dependencies can be found with the DEPENDS.EXE tool coming with the
32072 14:20:05 (0) **            Windows XP and Windows 2003 Support Tools. The command line is as follows:
32073 14:20:05 (0) **            e.g. DEPENDS.EXE <PATH><Provider.DLL>
32074 14:20:05 (0) ** => If the software has been de-installed intentionally, then this information must be
32075 14:20:05 (0) **    removed from the WMI repository. You can use the 'WMIC.EXE' command to remove the provider
32076 14:20:05 (0) **    registration data and its set of associated classes.
32077 14:20:05 (0) ** => To correct this situation, you can:
32078 14:20:05 (0) **    - Install or start the application supporting these providers.
32079 14:20:05 (0) **    - Register the providers in CIM (MOFCOMP) or DCOM (REGSVR32).
32080 14:20:05 (0) **    Note: In this case the provider should also be listed in the 'missing WMI
32081 14:20:05 (0) **          provider DCOM registrations' or in the 'missing WMI provider files' section.
32082 14:20:05 (2) !! WARNING: Re-registering with REGSVR32.EXE all DLL from 'C:\WINDOWS\SYSTEM32\WBEM\'
32083 14:20:05 (0) **          may not solve the problem as the DLL supporting the WMI class(es)
32084 14:20:05 (0) **          can be located in a different folder.
32085 14:20:05 (0) **          You must refer to the class name to determine the software delivering the related DLL.
32086 14:20:05 (0) **
Thanks, --Jo

Cannot connect to Session broker server, but can to other servers in Cluster

Hi Everyone,
Hopefully this is the right place to post. Have searched quite a bit through the forums (not all 19000+ pages though), and can't seem to find a similiar issue.
I have also searched the internet and tried all solutions others with a similiar problem have.
This is my problem:
We have two servers running Server 2008 R2, set up as Remote Desktop Servers in a cluster setup.
The session broker is located on the second server (This is an active server which has sessions load balanced to it). There is also a DNS round robin setup
Problem: When sessions are allowed to be load balanced on Server2, then the users cannot connect to the cluster. The round robin seems to still send some sessions to the first server, and these seem to connect fine.
I suspected the issue was with the WMI Respository, and so started. I found a lot of errors, but have been unable to fix them.
I downlaoded the WMIDiag from Microsoft, and here is the report:
48866 15:56:44 (0) ** WMIDiag v2.1 started on 15 April 2015 at 15:48.
48867 15:56:44 (0) **
48868 15:56:44 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - July 2007.
48869 15:56:44 (0) **
48870 15:56:44 (0) ** This script is not supported under any Microsoft standard support program or service.
48871 15:56:44 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
48872 15:56:44 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
48873 15:56:44 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
48874 15:56:44 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
48875 15:56:44 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
48876 15:56:44 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
48877 15:56:44 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
48878 15:56:44 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
48879 15:56:44 (0) ** of the possibility of such damages.
48880 15:56:44 (0) **
48881 15:56:44 (0) **
48882 15:56:44 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
48883 15:56:44 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
48884 15:56:44 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
48885 15:56:44 (0) **
48886 15:56:44 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
48887 15:56:44 (0) ** Windows Server 2008 R2 - Service pack 1 - 64-bit (7601) - User 'MIBCO\CONN.LOMBARD' on computer 'SSCRDS02'.
48888 15:56:44 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
48889 15:56:44 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)!
48890 15:56:44 (0) ** INFO: => 3 possible incorrect shutdown(s) detected on:
48891 15:56:44 (0) **          - Shutdown on 05 December 2014 22:55:28 (GMT-0).
48892 15:56:44 (0) **          - Shutdown on 12 December 2014 06:43:00 (GMT-0).
48893 15:56:44 (0) **          - Shutdown on 27 February 2015 05:19:26 (GMT-0).
48894 15:56:44 (0) **
48895 15:56:44 (0) ** System drive: ....................................................................................................... C: (Disk #0 Partition #1).
48896 15:56:44 (0) ** Drive type: ......................................................................................................... SCSI (DELL PERC H700 SCSI Disk Device).
48897 15:56:44 (0) ** There are no missing WMI system files: .............................................................................. OK.
48898 15:56:44 (0) ** There are no missing WMI repository files: .......................................................................... OK.
48899 15:56:44 (0) ** WMI repository state: ............................................................................................... CONSISTENT.
48900 15:56:44 (0) ** AFTER running WMIDiag:
48901 15:56:44 (0) ** The WMI repository has a size of: ................................................................................... 26 MB.
48902 15:56:44 (0) ** - Disk free space on 'C:': .......................................................................................... 297281 MB.
48903 15:56:44 (0) **   - INDEX.BTR,                     5513216 bytes,      2015/04/15 03:52:21 PM
48904 15:56:44 (0) **   - MAPPING1.MAP,                  76804 bytes,        2015/04/15 03:50:51 PM
48905 15:56:44 (0) **   - MAPPING2.MAP,                  76804 bytes,        2015/04/15 03:52:21 PM
48906 15:56:44 (0) **   - OBJECTS.DATA,                  22036480 bytes,     2015/04/15 03:52:21 PM
48907 15:56:44 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
48908 15:56:44 (0) ** INFO: Windows Firewall status: ...................................................................................... ENABLED.
48909 15:56:44 (0) ** Windows Firewall Profile: ........................................................................................... DOMAIN.
48910 15:56:44 (0) ** Inbound connections that do not match a rule BLOCKED: ............................................................... ENABLED.
48911 15:56:44 (0) ** => This will prevent any WMI remote connectivity to this computer except
48912 15:56:44 (0) **    if the following three inbound rules are ENABLED and non-BLOCKING:
48913 15:56:44 (0) **    - 'Windows Management Instrumentation (DCOM-In)'
48914 15:56:44 (0) **    - 'Windows Management Instrumentation (WMI-In)'
48915 15:56:44 (0) **    - 'Windows Management Instrumentation (ASync-In)'
48916 15:56:44 (0) **    Verify the reported status for each of these three inbound rules below.
48917 15:56:44 (0) **
48918 15:56:44 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI)' GROUP rule: ............................................. ENABLED.
48919 15:56:44 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-Out)' rule: ............................................... ENABLED.
48920 15:56:44 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-In)' rule: ................................................ ENABLED.
48921 15:56:44 (0) ** Windows Firewall 'Windows Management Instrumentation (DCOM-In)' rule: ............................................... ENABLED.
48922 15:56:44 (0) ** Windows Firewall 'Windows Management Instrumentation (ASync-In)' rule: .............................................. ENABLED.
48923 15:56:44 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
48924 15:56:44 (0) ** DCOM Status: ........................................................................................................ OK.
48925 15:56:44 (0) ** WMI registry setup: ................................................................................................. OK.
48926 15:56:44 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)!
48927 15:56:44 (0) ** - Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Disabled')
48928 15:56:44 (0) ** - SMS Agent Host (CCMEXEC, StartMode='Automatic')
48929 15:56:44 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
48930 15:56:44 (0) **    Note: If the service is marked with (*), it means that the service/application uses WMI but
48931 15:56:44 (0) **          there is no hard dependency on WMI. However, if the WMI service is stopped,
48932 15:56:44 (0) **          this can prevent the service/application to work as expected.
48933 15:56:44 (0) **
48934 15:56:44 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
48935 15:56:44 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
48936 15:56:44 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
48937 15:56:44 (0) ** WMI service DCOM setup: ............................................................................................. OK.
48938 15:56:44 (0) ** WMI components DCOM registrations: .................................................................................. OK.
48939 15:56:44 (0) ** WMI ProgID registrations: ........................................................................................... OK.
48940 15:56:44 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
48941 15:56:44 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
48942 15:56:44 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
48943 15:56:44 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
48944 15:56:44 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
48945 15:56:44 (0) ** INFO: User Account Control (UAC): ................................................................................... ENABLED.
48946 15:56:44 (0) ** => WMI tasks requiring Administrative privileges on this computer MUST run in an elevated context.
48947 15:56:44 (0) **    i.e. You can start your scripts or WMIC commands from an elevated command
48948 15:56:44 (0) **         prompt by right clicking on the 'Command Prompt' icon in the Start Menu and
48949 15:56:44 (0) **         selecting 'Run as Administrator'.
48950 15:56:44 (0) **    i.e. You can also execute the WMI scripts or WMIC commands as a task
48951 15:56:44 (0) **         in the Task Scheduler within the right security context.
48952 15:56:44 (0) **
48953 15:56:44 (0) ** INFO: Local Account Filtering: ...................................................................................... ENABLED.
48954 15:56:44 (0) ** => WMI tasks remotely accessing WMI information on this computer and requiring Administrative
48955 15:56:44 (0) **    privileges MUST use a DOMAIN account part of the Local Administrators group of this computer
48956 15:56:44 (0) **    to ensure that administrative privileges are granted. If a Local User account is used for remote
48957 15:56:44 (0) **    accesses, it will be reduced to a plain user (filtered token), even if it is part of the Local Administrators group.
48958 15:56:44 (0) **
48959 15:56:44 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment' (Launch & Activation Permissions): ........................... MODIFIED.
48960 15:56:44 (1) !! ERROR: Actual trustee 'NT AUTHORITY\SYSTEM' DOES NOT match corresponding expected trustee rights (Actual->Default)
48961 15:56:44 (0) **        - ACTUAL ACE:
48962 15:56:44 (0) **          ACEType: &h0
48963 15:56:44 (0) **                    ACCESS_ALLOWED_ACE_TYPE
48964 15:56:44 (0) **          ACEFlags: &h4
48965 15:56:44 (0) **                    NO_PROPAGATE_INHERIT_ACE
48966 15:56:44 (0) **          ACEMask: &hB
48967 15:56:44 (0) **                    DCOM_RIGHT_EXECUTE
48968 15:56:44 (0) **                    DCOM_RIGHT_LAUNCH_LOCAL
48969 15:56:44 (0) **                    DCOM_RIGHT_ACTIVATE_LOCAL
48970 15:56:44 (0) **        - EXPECTED ACE:
48971 15:56:44 (0) **          ACEType: &h0
48972 15:56:44 (0) **                    ACCESS_ALLOWED_ACE_TYPE
48973 15:56:44 (0) **          ACEFlags: &h0
48974 15:56:44 (0) **          ACEMask: &h1F
48975 15:56:44 (0) **                    DCOM_RIGHT_EXECUTE
48976 15:56:44 (0) **                    DCOM_RIGHT_LAUNCH_LOCAL
48977 15:56:44 (0) **                    DCOM_RIGHT_LAUNCH_REMOTE
48978 15:56:44 (0) **                    DCOM_RIGHT_ACTIVATE_LOCAL
48979 15:56:44 (0) **                    DCOM_RIGHT_ACTIVATE_REMOTE
48980 15:56:44 (0) **
48981 15:56:44 (0) ** => The actual ACE has the right(s) '&h14 DCOM_RIGHT_LAUNCH_REMOTE DCOM_RIGHT_ACTIVATE_REMOTE' removed!
48982 15:56:44 (0) **    This will cause some operations to fail!
48983 15:56:44 (0) **    It is possible to fix this issue by editing the security descriptor and adding the removed right.
48984 15:56:44 (0) **    For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
48985 15:56:44 (0) **
48986 15:56:44 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment' (Launch & Activation Permissions): ........................... MODIFIED.
48987 15:56:44 (1) !! ERROR: Actual trustee 'NT AUTHORITY\INTERACTIVE' DOES NOT match corresponding expected trustee rights (Actual->Default)
48988 15:56:44 (0) **        - ACTUAL ACE:
48989 15:56:44 (0) **          ACEType: &h0
48990 15:56:44 (0) **                    ACCESS_ALLOWED_ACE_TYPE
48991 15:56:44 (0) **          ACEFlags: &h4
48992 15:56:44 (0) **                    NO_PROPAGATE_INHERIT_ACE
48993 15:56:44 (0) **          ACEMask: &hB
48994 15:56:44 (0) **                    DCOM_RIGHT_EXECUTE
48995 15:56:44 (0) **                    DCOM_RIGHT_LAUNCH_LOCAL
48996 15:56:44 (0) **                    DCOM_RIGHT_ACTIVATE_LOCAL
48997 15:56:44 (0) **        - EXPECTED ACE:
48998 15:56:44 (0) **          ACEType: &h0
48999 15:56:44 (0) **                    ACCESS_ALLOWED_ACE_TYPE
49000 15:56:44 (0) **          ACEFlags: &h0
49001 15:56:44 (0) **          ACEMask: &h1F
49002 15:56:44 (0) **                    DCOM_RIGHT_EXECUTE
49003 15:56:44 (0) **                    DCOM_RIGHT_LAUNCH_LOCAL
49004 15:56:44 (0) **                    DCOM_RIGHT_LAUNCH_REMOTE
49005 15:56:44 (0) **                    DCOM_RIGHT_ACTIVATE_LOCAL
49006 15:56:44 (0) **                    DCOM_RIGHT_ACTIVATE_REMOTE
49007 15:56:44 (0) **
49008 15:56:44 (0) ** => The actual ACE has the right(s) '&h14 DCOM_RIGHT_LAUNCH_REMOTE DCOM_RIGHT_ACTIVATE_REMOTE' removed!
49009 15:56:44 (0) **    This will cause some operations to fail!
49010 15:56:44 (0) **    It is possible to fix this issue by editing the security descriptor and adding the removed right.
49011 15:56:44 (0) **    For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
49012 15:56:44 (0) **
49013 15:56:44 (0) **
49014 15:56:44 (0) ** DCOM security warning(s) detected: .................................................................................. 0.
49015 15:56:44 (0) ** DCOM security error(s) detected: .................................................................................... 2.
49016 15:56:44 (0) ** WMI security warning(s) detected: ................................................................................... 0.
49017 15:56:44 (0) ** WMI security error(s) detected: ..................................................................................... 0.
49018 15:56:44 (0) **
49019 15:56:44 (1) !! ERROR: Overall DCOM security status: ................................................................................ ERROR!
49020 15:56:44 (0) ** Overall WMI security status: ........................................................................................ OK.
49021 15:56:44 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
49022 15:56:44 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 5.
49023 15:56:44 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer".
49024 15:56:44 (0) **   'select * from MSFT_SCMEventLogEvent'
49025 15:56:44 (0) ** - ROOT/CCM/POLICY, CCM_PolicyReplicationConsumer.Id="{9099D177-1AD6-46e6-BBC0-70F460786953}".
49026 15:56:44 (0) **   'SELECT * FROM __NamespaceCreationEvent'
49027 15:56:44 (0) ** - ROOT/CCM/POLICY, CCM_PolicyReplicationConsumer.Id="{9099D177-1AD6-46e6-BBC0-70F460786953}".
49028 15:56:44 (0) **   'SELECT * FROM __ClassOperationEvent WHERE TargetClass ISA "CCM_Policy_EmbeddedObject"'
49029 15:56:44 (0) ** - ROOT/CCM/POLICY, CCM_PolicyReplicationConsumer.Id="{9099D177-1AD6-46e6-BBC0-70F460786953}".
49030 15:56:44 (0) **   'SELECT * FROM __ClassOperationEvent WHERE TargetClass ISA "CCM_Policy_Config"'
49031 15:56:44 (0) ** - ROOT/CCM/POLICY, CCM_PolicyReplicationConsumer.Id="{9099D177-1AD6-46e6-BBC0-70F460786953}".
49032 15:56:44 (0) **   'SELECT * FROM __ClassOperationEvent WHERE TargetClass ISA "CCM_Policy"'
49033 15:56:44 (0) **
49034 15:56:44 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
49035 15:56:44 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: .................................................................... 3 NAMESPACE(S)!
49036 15:56:44 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTTPM.
49037 15:56:44 (0) ** - ROOT/CIMV2/TERMINALSERVICES.
49038 15:56:44 (0) ** - ROOT/SERVICEMODEL.
49039 15:56:44 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to
49040 15:56:44 (0) **    use an encrypted connection by specifying the PACKET PRIVACY authentication level.
49041 15:56:44 (0) **    (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags)
49042 15:56:44 (0) **    i.e. 'WMIC.EXE /NODE:"SSCRDS02" /AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class __SystemSecurity'
49043 15:56:44 (0) **
49044 15:56:44 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK.
49045 15:56:44 (0) ** WMI CONNECTIONS: .................................................................................................... OK.
49046 15:56:44 (1) !! ERROR: WMI GET operation errors reported: ........................................................................... 34 ERROR(S)!
49047 15:56:44 (0) ** - Root/CIMV2, MSFT_NetInvalidDriverDependency, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49048 15:56:44 (0) **   MOF Registration: ''
49049 15:56:44 (0) ** - Root/CIMV2, Win32_OsBaselineProvider, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49050 15:56:44 (0) **   MOF Registration: ''
49051 15:56:44 (0) ** - Root/CIMV2, Win32_OsBaseline, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49052 15:56:44 (0) **   MOF Registration: ''
49053 15:56:44 (0) ** - Root/CIMV2, Win32_DriverVXD, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49054 15:56:44 (0) **   MOF Registration: ''
49055 15:56:44 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_GenericIKEandAuthIP, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49056 15:56:44 (0) **   MOF Registration: ''
49057 15:56:44 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_GenericIKEandAuthIP, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49058 15:56:44 (0) **   MOF Registration: ''
49059 15:56:44 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecAuthIPv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49060 15:56:44 (0) **   MOF Registration: ''
49061 15:56:44 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecAuthIPv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49062 15:56:44 (0) **   MOF Registration: ''
49063 15:56:44 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecAuthIPv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49064 15:56:44 (0) **   MOF Registration: ''
49065 15:56:44 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecAuthIPv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49066 15:56:44 (0) **   MOF Registration: ''
49067 15:56:44 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecIKEv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49068 15:56:44 (0) **   MOF Registration: ''
49069 15:56:44 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecIKEv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49070 15:56:44 (0) **   MOF Registration: ''
49071 15:56:44 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecIKEv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49072 15:56:44 (0) **   MOF Registration: ''
49073 15:56:44 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecIKEv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49074 15:56:44 (0) **   MOF Registration: ''
49075 15:56:44 (0) ** - Root/CIMV2, Win32_PerfFormattedData_NETDataProviderforOracle_NETDataProviderforOracle, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49076 15:56:44 (0) **   MOF Registration: ''
49077 15:56:44 (0) ** - Root/CIMV2, Win32_PerfRawData_NETDataProviderforOracle_NETDataProviderforOracle, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49078 15:56:44 (0) **   MOF Registration: ''
49079 15:56:44 (0) ** - Root/CIMV2, Win32_PerfFormattedData_TermService_TerminalServices, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49080 15:56:44 (0) **   MOF Registration: ''
49081 15:56:44 (0) ** - Root/CIMV2, Win32_PerfRawData_TermService_TerminalServices, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49082 15:56:44 (0) **   MOF Registration: ''
49083 15:56:44 (0) ** - Root/WMI, ReserveDisjoinThread, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49084 15:56:44 (0) **   MOF Registration: ''
49085 15:56:44 (0) ** - Root/WMI, ReserveLateCount, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49086 15:56:44 (0) **   MOF Registration: ''
49087 15:56:44 (0) ** - Root/WMI, ReserveJoinThread, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49088 15:56:44 (0) **   MOF Registration: ''
49089 15:56:44 (0) ** - Root/WMI, ReserveDelete, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49090 15:56:44 (0) **   MOF Registration: ''
49091 15:56:44 (0) ** - Root/WMI, ReserveBandwidth, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49092 15:56:44 (0) **   MOF Registration: ''
49093 15:56:44 (0) ** - Root/WMI, ReserveCreate, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49094 15:56:44 (0) **   MOF Registration: ''
49095 15:56:44 (0) ** - Root/WMI, SystemConfig_PhyDisk, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49096 15:56:44 (0) **   MOF Registration: ''
49097 15:56:44 (0) ** - Root/WMI, SystemConfig_Video, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49098 15:56:44 (0) **   MOF Registration: ''
49099 15:56:44 (0) ** - Root/WMI, SystemConfig_IDEChannel, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49100 15:56:44 (0) **   MOF Registration: ''
49101 15:56:44 (0) ** - Root/WMI, SystemConfig_NIC, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49102 15:56:44 (0) **   MOF Registration: ''
49103 15:56:44 (0) ** - Root/WMI, SystemConfig_Network, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49104 15:56:44 (0) **   MOF Registration: ''
49105 15:56:44 (0) ** - Root/WMI, SystemConfig_CPU, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49106 15:56:44 (0) **   MOF Registration: ''
49107 15:56:44 (0) ** - Root/WMI, SystemConfig_LogDisk, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49108 15:56:44 (0) **   MOF Registration: ''
49109 15:56:44 (0) ** - Root/WMI, SystemConfig_Power, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49110 15:56:44 (0) **   MOF Registration: ''
49111 15:56:44 (0) ** - root/ccm/LocationServices, ClientInfo, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49112 15:56:44 (0) **   MOF Registration: ''
49113 15:56:44 (0) ** - root/ccm/LocationServices, ClientInfo, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
49114 15:56:44 (0) **   MOF Registration: ''
49115 15:56:44 (0) ** => When a WMI performance class is missing (i.e. 'Win32_PerfRawData_TermService_TerminalServices'), it is generally due to
49116 15:56:44 (0) **    a lack of buffer refresh of the WMI class provider exposing the WMI performance counters.
49117 15:56:44 (0) **    You can refresh the WMI class provider buffer with the following command:
49118 15:56:44 (0) **
49119 15:56:44 (0) **    i.e. 'WINMGMT.EXE /SYNCPERF'
49120 15:56:44 (0) **
49121 15:56:44 (0) ** WMI MOF representations: ............................................................................................ OK.
49122 15:56:44 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
49123 15:56:44 (0) ** WMI ENUMERATION operations: ......................................................................................... OK.
49124 15:56:44 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
49125 15:56:44 (2) !! WARNING: WMI GET VALUE operation errors reported: ................................................................... 5 WARNING(S)!
49126 15:56:44 (0) ** - Root, Instance: __EventConsumerProviderCacheControl=@, Property: ClearAfter='00000000000030.000000:000' (Expected default='00000000000500.000000:000').
49127 15:56:44 (0) ** - Root, Instance: __EventProviderCacheControl=@, Property: ClearAfter='00000000000030.000000:000' (Expected default='00000000000500.000000:000').
49128 15:56:44 (0) ** - Root, Instance: __EventSinkCacheControl=@, Property: ClearAfter='00000000000015.000000:000' (Expected default='00000000000230.000000:000').
49129 15:56:44 (0) ** - Root, Instance: __ObjectProviderCacheControl=@, Property: ClearAfter='00000000000030.000000:000' (Expected default='00000000000500.000000:000').
49130 15:56:44 (0) ** - Root, Instance: __PropertyProviderCacheControl=@, Property: ClearAfter='00000000000030.000000:000' (Expected default='00000000000500.000000:000').
49131 15:56:44 (0) **
49132 15:56:44 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
49133 15:56:44 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
49134 15:56:44 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
49135 15:56:44 (0) ** WMI static instances retrieved: ..................................................................................... 6304.
49136 15:56:44 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
49137 15:56:44 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 3.
49138 15:56:44 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
49139 15:56:44 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
49140 15:56:44 (0) **   DCOM: ............................................................................................................. 0.
49141 15:56:44 (0) **   WINMGMT: .......................................................................................................... 0.
49142 15:56:44 (0) **   WMIADAPTER: ....................................................................................................... 0.
49143 15:56:44 (0) **
49144 15:56:44 (0) ** # of additional Event Log events AFTER WMIDiag execution:
49145 15:56:44 (0) **   DCOM: ............................................................................................................. 0.
49146 15:56:44 (0) **   WINMGMT: .......................................................................................................... 0.
49147 15:56:44 (0) **   WMIADAPTER: ....................................................................................................... 0.
49148 15:56:44 (0) **
49149 15:56:44 (0) ** 34 error(s) 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found
49150 15:56:44 (0) ** => This error is typically a WMI error. This WMI error is due to:
49151 15:56:44 (0) **    - a missing WMI class definition or object.
49152 15:56:44 (0) **      (See any GET, ENUMERATION, EXECQUERY and GET VALUE operation failures).
49153 15:56:44 (0) **      You can correct the missing class definitions by:
49154 15:56:44 (0) **      - Manually recompiling the MOF file(s) with the 'MOFCOMP <FileName.MOF>' command.
49155 15:56:44 (0) **      Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag.
49156 15:56:44 (0) **            (This list can be built on a similar and working WMI Windows installation)
49157 15:56:44 (0) **            The following command line must be used:
49158 15:56:44 (0) **            i.e. 'WMIDiag CorrelateClassAndProvider'
49159 15:56:44 (0) **      Note: When a WMI performance class is missing, you can manually resynchronize performance counters
49160 15:56:44 (0) **            with WMI by starting the ADAP process.
49161 15:56:44 (0) **    - a WMI repository corruption.
49162 15:56:44 (0) **      In such a case, you must rerun WMIDiag with 'WriteInRepository' parameter
49163 15:56:44 (0) **      to validate the WMI repository operations.
49164 15:56:44 (0) **    Note: ENSURE you are an administrator with FULL access to WMI EVERY namespaces of the computer before
49165 15:56:44 (0) **          executing the WriteInRepository command. To write temporary data from the Root namespace, use:
49166 15:56:44 (0) **          i.e. 'WMIDiag WriteInRepository=Root'
49167 15:56:44 (0) **    - If the WriteInRepository command fails, while being an Administrator with ALL accesses to ALL namespaces
49168 15:56:44 (0) **      the WMI repository must be reconstructed.
49169 15:56:44 (0) **    Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository,
49170 15:56:44 (0) **          otherwise some applications may fail after the reconstruction.
49171 15:56:44 (0) **          This can be achieved with the following command:
49172 15:56:44 (0) **          i.e. 'WMIDiag ShowMOFErrors'
49173 15:56:44 (0) **    Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing
49174 15:56:44 (0) **          ALL fixes previously mentioned.
49175 15:56:44 (2) !! WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory)
49176 15:56:44 (0) **
49177 15:56:44 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
49178 15:56:44 (0) ** Unexpected, wrong or missing registry key values: ................................................................... 1 KEY(S)!
49179 15:56:44 (0) ** INFO: Unexpected registry key value:
49180 15:56:44 (0) **   - Current: HKLM\SOFTWARE\Microsoft\WBEM\CIMOM\Logging (REG_SZ) -> 0
49181 15:56:44 (0) **   - Expected: HKLM\SOFTWARE\Microsoft\WBEM\CIMOM\Logging (REG_SZ) -> 1
49182 15:56:44 (0) **     From the command line, the registry configuration can be corrected with the following command:
49183 15:56:44 (0) **     i.e. 'REG.EXE Add "HKLM\SOFTWARE\Microsoft\WBEM\CIMOM" /v "Logging" /t "REG_SZ" /d "1" /f'
49184 15:56:44 (0) **
49185 15:56:44 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
49186 15:56:44 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
49187 15:56:44 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
49188 15:56:44 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
49189 15:56:44 (0) **
49190 15:56:44 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
49191 15:56:44 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
49192 15:56:44 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
49193 15:56:44 (0) **
49194 15:56:44 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\USERS\CONN.LOMBARD\APPDATA\LOCAL\TEMP\WMIDIAG-V2.1_2K8R2.SRV.SP1.64_SSCRDS02_2015.04.15_15.48.25.LOG' for details.
49195 15:56:44 (0) **
49196 15:56:44 (0) ** WMIDiag v2.1 ended on 15 April 2015 at 15:56 (W:110 E:41 S:1).
This seems to be the biggest problem:
48960 15:56:44 (1) !! ERROR: Actual trustee 'NT AUTHORITY\SYSTEM' DOES NOT match corresponding expected trustee rights (Actual->Default)
This seems to be the second biggest error (and there are a few of them):
0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
I have tried:
winmgmt /resyncperf
winmgmt /verifyrepository
winmgmt /salvagerepository
winmgmt /resetrepository
I have also tried registering the mof files with
MOFCOMP <FileName.mof>
Lastly, I even disabled the WMI service, renamed the Repository folder, and had it rebuild the repository.
I got stuck on re registering the 'NT AUTHORITY\SYSTEM' (I think it is in the Components section in Administrative tools), as I could not find clear instructions on exactly how to go about it.
Chkdsk found no errors
Sfc /scannow found no errors
winmgmt /verifyrepository finds no errors.
I'm hoping someone here might be able to steer me in the right direction to get this resolved, as I do not want to rebuild a server that hosts a connection broker and has over 100 user profiles on it, as well as some very annoying and finniky LOB apps installed,
which will have to manually be reinstalled for each profile.

Hi,
Here is a blog regarding how to fix WMI issue might be useful to you:
Fixing WMI issues Using Batch Script
http://social.technet.microsoft.com/wiki/contents/articles/6887.fixing-wmi-issues-using-batch-script.aspx
In addition, you mentioned Remote Desktop Servers are in a cluster setup, would you tell us how did you create the cluster?
As far as I know, with RD Connection Broker, we don’t need to create a cluster but just add multiple RD session hosts into one collection, then RD connection Broker would redirect sessions automatically.
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

How can I stop a task sequence if a custom HTA preflight check fails?

In our currently deployment method, we launch an HTA program before initiating the OSD process. This is only when run from the RAP menu, not via PXE. When a user initiates OSD through that menu, they get a message prompting them to close Outlook, and
a countdown of 5 mins, then OSD starts. They also have the ability to click on an 'OK' button to proceed on their own.
I've created a new script which checks WMI if Outlook and/or OCS are open, and if the machine is running on battery, spit out a "Failed" response and stop the HTA. I've also added a "recheck" button to re-do the check, and an 'OK
button if people jsut want to continue.
I'm curious if there is a way to prevent the task sequence from continuing if any of those conditions arent met. Currently it just pops up and says "Failed, Cannot conitue", but if they close the window, the task sequence thinks the program
has run, and the OSD migration starts. I'd like to be able and get the script to cancel the OSD process if a check fails.
Has anyone had success with this, using WINXP? I'd use the MS pre-flight check but it's only for WIN7.

Interesting. Thanks for the response. Is there anybody out there that can assist with VBS part of the solution?
Here's the code I'm working with. Currently the battery piece isnt working as it should but I can figure that our, eventually. I'd like to get Jason's proposed solution in the code. If this isn't the right place, I'll take this somewhere
else.
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>OSD Preflight checks</title>
<HTA:APPLICATION
APPLICATIONNAME="OSD Preflight checks"
ID="objOSDPreReqChecks"
SCROLL="no"
CONTEXTMENU="no"
SINGLEINSTANCE="no"
MAXIMIZEBUTTON="no"
MINIMIZEBUTTON="no"
WINDOWSTATE="normal"/>

<style type="text/css">
H1{color:Black;text-align:center;font-family: Arial, Helvetica, sans-serif;font-size: 26px;}
p{font-family:"Arial";font-size:10px;}
fail{color:Red;text-align:center;}
.Version {float:left; font-size:1.0em;font-style:italic;color:#888888;font-weight:bold;}
.Header1 {width: 180px; text-align: right;font-weight:bold;}
H2 {font-family: Arial, Helvetica, sans-serif; text-align: center;}
H3 {font-style: italic;}
.style2 {width: 180px; text-align: left;}
.Header2 {width: 150px; text-align: right;font-weight:bold;}
.style4 {width: 410px; text-align: left;}
.StatusBar
font-family: Arial, Helvetica, sans-serif;
text-align: center;
.hidden {display: none; visibility: hidden;}
</style>
</head>
<script language="VBScript" type="text/vbscript">
'======================================================================================
' Script
' Version
' Purpose To check a machine is suitable for taking an OS deployment
'======================================================================================
'Features
' Modular design
' Verbose "Debug Mode"
' In-built data validation
' Custom error handling
' Custom error codes - 90x0
' Generic WMI handler
'BUGfix: Change CLng to CDbl to avoid overflow (in GetRAM)
'fixed - moved head section to top to become head > script > body
'fixed - fCheckModel display with leading ,
'fixed - fgetmodels dictionary list
Option Explicit
' #region GLOBAL DECLARATIONS: Persistent fold region
'======================================================================================
'GLOBAL Vars
'Things to just display (in GUI)
Dim strRAM
Dim strCPUInfo
Dim strCPUName
Dim strCPUDesc
Dim iCPUCount
Dim iCPUCoreCount
Dim iRAM
Dim strBIOSver, strBIOSDate, strBIOSInfo
'Time related
Dim TimerInterval 'timer to refresh HTA at start
Dim iTimer 'abort timer
Const iAbortTimeout=300000 'delay before window closes (in milliseconds)
Dim pbTimerID
Dim pbHTML
Dim pbWaitTime
Dim pbHeight
Dim pbWidth
Dim pbBorder
Dim pbUnloadedColor
Dim pbLoadedColor
Dim pbStartTime
'Dictionary
Dim objModelsDict,colKeys,strKey 'models
Dim objApprovedMakesDict
'Misc GLOBAL vars
Dim blnDebug 'set TRUE to trigger debug mode
Dim bAbortBuild 'Boolean flag to abort or not abort
Dim strTemp 'throwaway/scratch
Dim strNamespace 'wmi default namespace for ANY machine
Dim strComputer 'wmi reference to current machine, just .
Dim strService 'WMI service
Dim strQuery 'custom WQL
Dim ErrMsg 'custom error messages
Dim iErrMode 'State machine for error mode
Dim lFlags 'WMI flag
Dim strDisks
'Pre-requisites - things that will cause build to abort if values do not meet spec
Dim strHTAVendor 'Make of hardware
Dim strHTAVendorState
Dim strHTAModel 'Model of hardware
Dim strHTAModelState 'Model state
Dim strHTARAM 'RAM
Dim strHTARAMState 'RAM state
Dim strHTACPUSpeed 'Processor speed
Dim strHTACPUCores 'Number of cores
Dim strHTACPUFullInfo 'CPU + cores
Dim strHTAHDD 'Disk info
Dim strHTAHDDState 'Disk state
Dim strHTACheckRAW 'NTFS check
Dim strHTAArchitecture 'Processor support
Dim strHTAProduct 'Product ID
Dim strHTAOutlook 'Outlook running
Dim strHTAOutlookState 'Outlook state
Dim strHTABattery 'Battery check
Dim strHTABatteryState 'Battery state
'for WQL filters
Dim strWQLPCInfo 'Pre-req - (1) for various inc. domain role (servers)
Dim strWQLRAM 'Pre-req - (2) RAM
Dim strWQLCPU 'Pre-req - CPU speed string (not int)
Dim strWQLBootOrder 'Pre-req - Boot order string
Dim strWQLSATAMode 'Pre-req - HDD mode
Dim strWQLGenericBIOS
Dim strWQLCPUCount 'Pre-req - how many CPUs
Dim strWQLCPUInfo
Dim strWQLFSType 'Pre-req - Check HDD not RAW (i.e. is NTFS)
Dim strWQLDisks 'Disks
Dim strWQLChassis 'Machine type
Dim strWQLID 'Unique code from OEM
Dim strWQLProc 'is Outlook running = False
Dim strWQLBattery 'is on Battery = False
'State
Const cProblem = " Problem!"
Const cRunAgain =" RunCheck: Run System Check Again"
Const cSuccess = " Success!"
Const cPassed=" Pass"
Const cFail=" Fail"
'Pre-requisite to check: SET VALUES HERE vvvvvvvvvvvvvvvv
Const cApprovedOEM="Hewlett-Packard"
Const LegacyOEM1="Dell Inc."
Const LegacyOEM2="IBM"
Const cMinimumMemoryMB = 1000 'RAM in MB
'Const cMinimumMemoryMB = 1000000 'force fail test data RAM in MB
Const cMinFS="NTFS"
' Const cMinFS="HPFS" 'force fail test data
Const iMinCores=1
'Const iMinCores=10099 'force fail cores test data
Const iMinCPUSpeed=2 '20 'in GHz
'Const iMinCPUSpeed=90000 'in GHz
Const iMinCPUArch=32
'Const iMinCPUArch=64
' #endregion
' To hide anything use ID.className = "hidden", to show set to "", e.g. NotFoundArea.className = "hidden"
Sub Window_Onload
Err.Clear
VersionSpan.InnerText = objOSDPreReqChecks.Version 'Get version
self.focus
self.moveTo 100,100 'Move window top left
StatusBar.InnerText="Validating machine..."
document.body.style.cursor = "wait" 'hourglass cursor
'Call PreflightChecks 'use for testing as a VBS only, otherwise HTA timer will call below
TimerInterval = window.setInterval("PreflightChecks",10)
End Sub
Function PreflightChecks
' #region HEADER NOTES: Persistent fold region
'Version history
'ver 5 OCTOBER 2011 - added error handler
'ver 3rd Nov - removed HPonly queries
'// Solution: Custom Script for use with MDT - Adapted from hardwareinfo.vbs Mikael Nystrom – http://deploymentbunny.com
'Typical BIOS content
'Processor Speed = 2133/1066 MHz
'Boot Order = Network Controller,ATAPI CD-ROM Drive,USB device,Hard Drive,Diskette Drive,PnP Device #2,PnP Device #3,PnP Device #4,PnP Device #5,PnP Device #6,PnP Device #7,PnPe #8,PnP Device #9,PnP Device #10,PnP Device #11
'SATA (disk) mode: *IDE,--,RAID,-- or IDE,*AHCI,RAID
'On Error Resume Next
' #endregion
' #region CONSTANTS: Persistent fold region
'======================================================================================
'Fields available in HP BIOS
Const sAsset = "Notebook Asset Tag"
Const sOwner = "Notebook Ownership Tag"
Const sMan = "Manufacturer"
Const sNoteModel = "Notebook Model"
Const sCPU = "Processor Type"
Const sCPUSpeed = "Processor Speed"
Const sRAM = "Memory Size"
Const sModel = "Product Name"
Const sBIOSName ="System BIOS"
Const sBIOSVer = "BIOS Version"
Const sBIOSDate = "BIOS Date"
'Other BIOS stuff you could use too
'Const sOwnerTag = "Enter Ownership Tag"
'Const sBIOS = "PCID"
'Const sBIOS = "Define Custom URL"
'Const sBIOS = "Set Alarm Time"
'Const sBIOS = "PCID Version"
Const TextMode="1" 'text case sensitive for dict obj
'WMI core constants
Const wbemFlagReturnImmediately = 16 'wmi - Causes the call to return immediately.
Const wbemFlagForwardOnly = 32 'wmi - Causes a forward-only enumerator to be returned.
'Forward-only enumerators are generally much faster and
'use less memory than conventional enumerators, but don't allow calls to SWbemObject.Clone_
'Advisory config values - as in "you want to the change these"
Dim strHTABootOrder
Dim strHTASATAMode
'Dim strHTACPU
' #endregion
'======================================================================================
' #region WQL: Persistent fold region
lFlags = wbemFlagReturnImmediately + wbemFlagForwardOnly
'Queries of things to check (HP)
strWQLBootOrder = "select Name, value from HP_BIOSSetting where Name='Boot order'"
strWQLSATAMode = "select Name, value from HP_BIOSSetting where (Name='SATA emulation' or name='SATA device mode')"
strWQLDisks ="SELECT * FROM Win32_DiskDrive where mediatype like 'Fixed%hard disk%'" 'win32_disk only avail after W7
strWQLFSType ="SELECT * from Win32_LogicalDisk where DriveType='3'" 'only bother with HDDs
'Generic WMI query strings
strWQLGenericBIOS="SELECT Manufacturer,SMBIOSBIOSVersion,ReleaseDate FROM Win32_BIOS WHERE PrimaryBIOS = True"
strWQLCPUCount= "SELECT NumberOfProcessors,NumberOfLogicalProcessors from Win32_ComputerSystem"
strWQLCPUInfo="SELECT Name,DataWidth,description,MaxClockSpeed,NumberofCores,NumberOfLogicalProcessors from Win32_Processor"
strWQLPCInfo="SELECT Domain,DomainRole,SystemType,Manufacturer,Model,TotalPhysicalMemory FROM Win32_ComputerSystem"
' strWQLPCInfo="SELECT Domain,DomainRole,SystemType,Manufacturer FROM Win32_ComputerSystem"
strWQLChassis="SELECT ChassisTypes from Win32_SystemEnclosure"
strWQLID="SELECT IdentifyingNumber,UUID from Win32_ComputerSystemProduct"
strWQLRAM="SELECT * FROM Win32_PhysicalMemory"
strWQLProc="SELECT * FROM Win32_Process"
strWQLBattery="SELECT * FROM BatteryStatus Where Voltage > 0"
' #endregion
' #region MAIN algorithm
'=====================================================================================================
' MAIN
'Algorithm
'1) Check make (vendor)
'2) Check model (in list)
'3) Check RAM >x
'4) Check HDD TYPE (HDD is not RAW)
'5) Check CPU architecture
'6) Check outlook
'7) Check battery
'=====================================================================================================
'Initialise
window.clearInterval(TimerInterval) 'Reset timer to 0
' blnDebug=True
blnDebug=False
bAbortBuild=False 'default to DON'T abort
' bAbortBuild=True
'Build list of approved vendors
Set objApprovedMakesDict = CreateObject("Scripting.Dictionary")
objApprovedMakesDict.comparemode=VBTextCompare
objApprovedMakesDict.add cApprovedOEM,"OK"
objApprovedMakesDict.add LegacyOEM1,"OK"
objApprovedMakesDict.add LegacyOEM2,"OK"
objApprovedMakesDict.add "Lenovo","Testdata"
If blnDebug Then Stop
'1) all machines check make
strHTAVendor=fCheckVendor(strWQLGenericBIOS) 'check vendor in BIOS - if vendor not approved ABORT without proceeding
If bAbortBuild=True Then
StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "FATAL ERROR - goodbye cruel world"
iTimer = window.setTimeout("Abort", iAbortTimeout, "VBScript")
Else
StatusBar.InnerText="Vendor: " & strHTAVendor & vbTab & " " & strHTAVendorState
'2) Discover current Model
strHTAModel=fGetModelName(strWQLPCInfo) 'get model name from WMI
strHTAModel=fUniversalCheckData(strHTAModel,"'Discover Model - fGetModelName'") 'validate
Call fGetModels 'get list of all valid models (from text file)
strHTAModel=fCheckModel(strHTAModel)
'2a) Model number (optional)
strHTAProduct=fGetComputerSystemProdIDNumber(strWQLID) 'manufacturer's product ID
strHTAProduct=fUniversalCheckData(strHTAProduct,"'Discover ID - fGetComputerSystemProdIDNumber'")
' StatusBar.InnerText=StatusBar.InnerText & VbCrLf & vbTab & "Product Code: " & vbTab & strHTAProduct
'3) Check installed Memory
strHTARAM=fGetRAM(strWQLRAM) 'find RAM size
strHTARAM=fUniversalCheckData(strHTARAM,"'Detect RAM - fCheckRAM'")
strHTARAM=fCheckRAM(strHTARAM) 'check RAM meets req
If strHTARAMState=cFail Then Exit Function
'4) Disk format IS NTFS
strDisks=fGetDrives(strWQLFSType) 'Get formatting info for all drives
strHTACheckRAW=fUniversalCheckData(strDisks,"'Detect filesystem - fCheckNTFS'") 'Validate data
strHTACheckRAW=fCheckNTFS(strDisks) 'Check FS format is acceptable (not RAW)
If strHTACheckRAW=cFail Then Exit Function
'Generic CPU calls
strHTACPUFullInfo="CPUs:" & fGetCPUInfo(strWQLCPUInfo) & " with CPU cores:" & iCPUCoreCount
strBIOSInfo="BIOS version: " & strBIOSver & ", dated " & strBIOSDate
'5a) CPU Speed check (info from http://www.robvanderwoude.com/wmiexamples.php)
strCPUInfo=WMI(strWQLCPUInfo,strNamespace) 'Get CPU details
strTemp=split(strCPUInfo,"@"): strHTACPUSpeed=strTemp(1)
strHTACPUSpeed=fUniversalCheckData(strHTACPUSpeed,"'Check processor - fCheckCPUSpeed'") 'Validate data
strHTACPUSpeed=fCheckCPUSpeed(strHTACPUSpeed) 'Check CPU clock speed
'5b) cores check
strHTACPUCores=fUniversalCheckData(iCPUCoreCount,"Check core count - fCheckCores") 'Validate data
iCPUCoreCount=fCheckCores(iCPUCoreCount) 'pass or fail?
'5c) CPU address width
strHTAArchitecture=fUniversalCheckData(strHTAArchitecture,"Check core count - fCheckCores") 'Validate data
strHTAArchitecture=fCheckCPUArch(strHTAArchitecture)
'6) Check outlook
strHTAOutlook=fCheckProcess(strWQLProc)
'7) Check Battery
strHTABattery=fCheckBattery(strWQLBattery)
'end checkss
document.body.style.cursor = "default"
'Display hardware values in GUI (in table)
Vendor.innerhtml = strHTAVendor 'Use str...var..STATE if you want Pass/fail text instead
Model.innerhtml = strHTAModel
Product.innerhtml = strHTAProduct
RAM.innerhtml = strHTARAM
CPUspeed.innerhtml = strHTACPUSpeed
CPUInfo.innerhtml = strHTACPUFullInfo
HDDFS.innerhtml = strHTACheckRAW
CapableArchitecture.innerhtml=strHTAArchitecture
BIOSversion.innerhtml = strBIOSver
BIOSDate.innerhtml = strBIOSDate' CPUName.innerhtml = strCPUDesc 'GetCPUName
End If
'======================================================================================
' #endregion
End Function
'generic WMI queries, by field and namespace
Function WMI(strQuery,strNameSpace)
'Aim: generic WMI calls
'return value of BIOS
On Error Resume Next
Dim colItems,objItem
Dim objWMI
Const strService = "winmgmts:{impersonationlevel=impersonate}//" 'binding to WMI
Const strComputer = "." 'this machine
Set objWMI = GetObject(strService & strComputer & strNamespace) 'GLOBAL wmi
Set colItems = objWMI.ExecQuery(strQuery,,lFlags)
For Each objItem In colItems
If Err Then
StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "WMI query: " & strQuery & " in " & strNamespace & objItem.Name
Call ErrHandler("WMI error " & strQuery,1)
Else
WMI=objItem.Name 'Return value
End If
Next
End Function
Function fGetModelName(strWQLPCInfo)
'Aim: Get model name from BIOS - WMI field sometimes varies if laptop, so try two
'Return STRING: Model string from BIOS or "UNKNOWN" if null
On Error Resume Next
Dim colPCInfo,objPCItem
Dim strModel
Set colPCInfo = GetObject("winmgmts:").ExecQuery(strWQLPCInfo,"WQL",lFlags)
If Err Then
Call ErrHandler("fGetModelName: Error querying WMI " & strWQLPCInfo,2)
Else
For Each objPCItem In colPCInfo
If Not IsNull(objPCItem.Model) Then
strModel=objPCItem.Model
' iRAM=objPCItem.TotalPhysicalMemory
Else
If (strHTAVendor=cApprovedOEM And IsLaptop = True) Then ' resort to HP specific query for older laptops
'Notebook
strModel=QueryHPBIOS(sNoteModel)
if strModel="" then strModel=QueryHPBIOS(sModel) 'try alt value
Else
strModel=QueryHPBIOS(sModel)
End If
End If
Next
End If
If strModel = "" Then
fGetModelName = "UNKNOWN"
Model.style.visibility="hidden"
Else
fGetModelName=strModel
End If
End Function
'====================================================
'====================================================
Function fGetRAM(strQuery)
'Aim: get RAM installed. NB Win32_ComputerSystem::TotalPhysicalMemory may not be accurate
'Return integer
On Error Resume Next 'equiv to Err.Clear
Dim colItems, item
Dim iTotalMemory
Set colItems = GetObject("winmgmts:").ExecQuery(strQuery,"WQL",lFlags)
If Err Then
Call ErrHandler("fGetRAM: Error querying " & strQuery,2)
Else
iTotalMemory = 0
For Each item In colItems
iTotalMemory = iTotalMemory + CDBL(item.Capacity)/(1024^2)
Next
End If
If iTotalMemory = "" Then
fGetRAM = "RAM UNKNOWN"
RAM.style.visibility="hidden"
Else
fGetRAM=iTotalMemory
End If
End Function
'====================================================
'====================================================
Function fGetCPUInfo(strQuery)
'Aim: query WMI for CPU info - number and number of cores
'Return: function=CPU count, var for the cores: iCPUCoreCount, strHTAArchitecture, strCPUDesc
On Error Resume Next
Dim colItems, objItem
Dim NumberOfProcessors
Set colItems = GetObject("winmgmts:").ExecQuery(strQuery,"WQL",lFlags)
If Err Then
Call ErrHandler("GetCPUInfo: Error querying " & strQuery,2)
Else
For Each objItem In colItems
If Err Then
Else
If Not IsNull(objItem.NumberOfCores) Then
NumberOfProcessors = Trim(objItem.NumberOfCores) 'NumberOfProcessors
End If
If Not IsNull(objItem.NumberOfLogicalProcessors) Then
iCPUCoreCount = Int(Trim(objItem.NumberOfLogicalProcessors))
End If
If Not IsNull(objItem.DataWidth) Then
strHTAArchitecture=Trim(objItem.DataWidth) & "-bit"
End If
If Not IsNull(objItem.description) Then
strCPUDesc = Trim(objItem.description) 'cpu name
End If
End If
Next
If NumberOfProcessors = "" Then
NumberOfProcessors = "UNKNOWN"
End If
fGetCPUInfo = Int(NumberOfProcessors)
' iCPUCoreCount = Int(NumberOfLogicalProcessors)
End If
End Function
'====================================================
'====================================================
Function fGetComputerSystemProdIDNumber(strWQLID)
'Aim: Get UUID from Win32_ComputerSystemProduct
'Return: great big integer
Dim colSys,objSys
Dim strUUID
On Error resume next
Set colSys = GetObject("winmgmts:").ExecQuery(strWQLID,"WQL",lFlags)
If Err then
Call ErrHandler("fGetComputerSystemProdIDNumber: Error querying " & strWQLID,2)
Else
For Each objSys In colSys
If Not IsNull(objSys.IdentifyingNumber) Then
strUUID = Trim(objSys.IdentifyingNumber)
End If
Next
If strUUID = "" Then
fGetComputerSystemProdIDNumber = "UNKNOWN"
Else
fGetComputerSystemProdIDNumber = strUUID
End If
End If
End Function
'=================================================================================
'=================================================================================
Function fGetDrives(strQuery)
Dim colDisks,objHDD
Dim strDriveType, strDiskSize, strDisk
Dim strDiskFSType
Dim iGBUnits
On Error Resume Next
iGBUnits=1073741824
Dim iRAW
iRAW=0
Set colDisks = GetObject("winmgmts:").ExecQuery(strQuery)
For Each objHDD In colDisks
Select Case objHDD.DriveType
Case 1 strDriveType = "Drive could not be determined."
Case 2 strDriveType = "Removable Drive"
Case 3 strDriveType = "Local hard disk."
Case 4 strDriveType = "Network disk."
Case 5 strDriveType = "Compact disk (CD)"
Case 6 strDriveType = "RAM disk."
Case Else strDriveType = "Drive type Problem."
End Select
strDiskFSType = objHDD.FileSystem
'Find C
If objHDD.Name="C:" Then
If isNull(objHDD.FreeSpace) Then
If blnDebug=True then Call ErrHandler("ALERT!! Volume " & objHDD.Name & "is RAW",1) 'Abort/clean
fCheckDrives="ALERT!! Volume " & objHDD.Name & "is RAW"
End If
End If
strDiskSize = Int(objHDD.Size /iGBUnits) & "GB" 'calc size of disk
strDisk = strDisk & VbCrLf & "Vol " & objHDD.Name & " (" & strDriveType & ") size: " & strDiskSize & " (free: " & Int(objHDD.FreeSpace /iGBUnits) & "GB), " & strDiskFSType
fGetDrives=strDisk
Next
If (Err.Number <>0) Then
Call ErrHandler("WMI Property Query Error: [" & Err.Number & "]",2)
fGetDrives = -1
Exit Function
End If
End Function
'=================================================================================
'=================================================================================
Function fUniversalCheckData(varData,strStage) 'template
'Aim: Check value passed...
'is not blank
'is in range x..y
'spelt OK
'is in a list
'format is text, numeric
'return: string: the original value
On Error Resume Next
Dim Err
if blnDebug Then StatusBar.InnerText = StatusBar.InnerText & VbCrLf & "Validating " & strStage & " data..."
If Err Then
Call ErrHandler("WARNING: Error discovering value in " & strStage,2) '1=Quit,2=Warn
strHTAModel="Unknown"
Else
Select Case varData
Case IsEmpty(varData) Or IsNull(varData)
Call ErrHandler("WARNING: Error in "& strStage,2) '1=Quit,2=Warn
fUniversalCheckData="Unknown"
Case IsNumeric(varData)
If varData<0 Then
Call ErrHandler("WARNING: Value negative"& strStage,2) '1=Quit,2=Warn
fUniversalCheckData="Unknown"
End if
' & varData &
Case IsDate(varData)
Case Else
fUniversalCheckData=varData 'Data OK - return value unchanged
End Select
End If
End Function
'=================================================================================
'Checks - follow if true DO, if false warn/abort
'=================================================================================
Function fCheckBattery(strQuery)
'Aim: Find if battery is running
'Return pass/fail
On Error Resume Next 'equiv to Err.Clear
Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20
Dim colItems, item
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\WMI")
Set colItems = objWMIService.ExecQuery("SELECT * FROM BatteryStatus Where Voltage > 0", "WQL", _
wbemFlagReturnImmediately + wbemFlagForwardOnly)
For Each item In colItems
if objItem.PowerOnline = True Then
strHTABattery=objItem.PowerOnline
strHTABatteryState = cFail
Err.Raise 9010,"fCheckBattery",strHTABattery & " Laptop running on battery. OSD Cannot continue."
Call ErrHandler(ucase(strHTABatteryState) & ": " & Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",1)
StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "FATAL ERROR - Laptop on Battery. Please plug into an outlet before proceeding."
iTimer = window.setTimeout("Abort", iAbortTimeout, "VBScript")
Else
strHTABatteryState = cPassed
End if
Next
fCheckBattery=strHTABattery
End Function
'====================================================
Function fCheckProcess(strQuery)
'Aim: Find if outlook is running
'Return pass/fail
On Error Resume Next 'equiv to Err.Clear
Dim colItems, item
Set colItems = GetObject("winmgmts:").ExecQuery(strQuery,"WQL",lFlags)
For Each item In colItems
if item.Name = "OUTLOOK.EXE" Then
strHTAOutlook=item.Name
strHTAOutlookState = cFail
Err.Raise 9010,"fCheckOutlook",strHTAOutlook & " running. OSD Cannot continue."
Call ErrHandler(ucase(strHTAOutlookState) & ": " & Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",1)
StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "FATAL ERROR - Outlook Running, please close outlook before proceeding."
iTimer = window.setTimeout("Abort", iAbortTimeout, "VBScript")
Elseif item.Name = "communicator.exe" Then
strHTAOutlook=item.Name
strHTAOutlookState = cFail
Err.Raise 9010,"fCheckOutlook",strHTAOutlook & " running. OSD Cannot continue."
Call ErrHandler(ucase(strHTAOutlookState) & ": " & Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",1)
StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "FATAL ERROR - Communicator Running, please close OCS before proceeding."
iTimer = window.setTimeout("Abort", iAbortTimeout, "VBScript")
Else
strHTAOutlookState = cPassed
End if
Next
fCheckProcess=strHTAOutlook
End Function
'====================================================
'1 - Make
Function fCheckVendor(strVendor)
'Aim: Check make is one the OS/build is designed For
'Return: STRINGS for "Make", BIOS version and BIOS date (generic): strHTAVendorState pass or fail
On Error Resume Next
Dim colItems,objItem
Set colItems = GetObject("winmgmts:").ExecQuery(strVendor, "WQL", lFlags)
For Each objItem In colItems
strHTAVendor=objItem.Manufacturer
if objApprovedMakesDict.exists(strHTAVendor) then
strBIOSver=objItem.SMBIOSBIOSVersion
strBIOSDate=Mid( objItem.ReleaseDate, 5, 2 ) & "/" & Mid( objItem.ReleaseDate, 7, 2 ) & "/" & Left( objItem.ReleaseDate, 4 )
strHTAVendorState=cPassed
Else
strHTAVendorState=cFail
Err.Raise 9010,"fCheckVendor",strHTAVendor & " found. The build will not work on this make of hardware"
Call ErrHandler(ucase(strHTAVendorState) & ": " & Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",1)
bAbortBuild=True
end if
Next
fCheckVendor=strHTAVendor
End Function
'=================================================================================
'=================================================================================
'2 - Models check
Function fCheckModel(strThisModel)
'Aim Check target machine is in list of models
'Return string
On Error Resume Next
StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "Checking model..." & VbCrLf
If objModelsDict.exists(trim(strThisModel)) then ' if current model in objDict then huzzah
strHTAModelState=cPassed
StatusBar.InnerText=StatusBar.InnerText & vbTab & "Model detected: " & vbTab & strHTAModelState
Else
strHTAModelState=cFail
Err.Raise 9010,"fCheckModel",strThisModel & " found. The build will not work on this model of hardware"
Call ErrHandler(ucase(strHTAModelState) & ": " & Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",1)
end if
fCheckModel=strHTAModel
End Function
'=================================================================================
'=================================================================================
'3 - RAM
Function fCheckRAM(strRAM)
'Aim: Check installed RAM > x
'Return string digits with units, e.g. 4GB
'use strHTARAM for value
'==================================================================
' Memory Preflight Check (from MDT2012)
'==================================================================
On Error Resume Next
StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "Checking RAM..."
If Err.Number <> 0 Then
Call ErrHandler("Error occurred while calculating computer's memory.",2)
End If
fCheckRAM = Int(strRAM/1024) & "GB" 'format in GB
If Int(strRAM) > cMinimumMemoryMB Then
strHTARAMState=cPassed 'Sufficient memory - show whole number in GB"
StatusBar.InnerText=StatusBar.InnerText & vbTab & "RAM installed: " & vbTab & strHTARAMState
Else
strHTARAMState=cFail
Err.Raise 9030 ,"fCheckRAM","Not enough memory in this machine!" & " Required physical memory is: " & cMinimumMemoryMB & " MB."
Call ErrHandler(ucase(strHTARAMState) & ": " & Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",1) 'abort build
End If
End Function
'=================================================================================
'=================================================================================
'4 - NTFS disk
Function fCheckNTFS(strDiskFS)
'Aim: Check HDD is NTFS
'Return string
On Error Resume Next
StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "Checking file system is not RAW..."
If Instr(1,strDiskFS,cMinFS,VBTextCompare)<>0 Then
fCheckNTFS=cMinFS 'disk format is OK (NTFS)
StatusBar.InnerText=StatusBar.InnerText & vbTab & " File system: " & cPassed
Else
fCheckNTFS=cFail
Err.Raise 9040 ,"fCheckNTFS","WARNING: Disk not correct file-system. Type required is: " & cMinFS & "." & VbCrLf & _
"The deployment will fail unless you reformat the target disk immediately."
Call ErrHandler(Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",2) 'halt build
End If
End Function
'====================================================
'=================================================================================
'5 - CPU checks
'=================================================================================
Function fCheckCPUSpeed(strCPU) 'any HW
'Aim: Check CPU speed
'Return string = number + appropriate units, e.g. 5HGz (strCPU)
On Error Resume Next
StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "Checking CPU spec..."
Select Case Right(strCPU,3) 'check units
Case "MHz"
strCPU=Left(strCPU,4)/1000 'reformat to GHz
Case "GHz"
strCPU=strCPU 'unit already OK
Case Else
Call ErrHandler("CPU units are unknown",2)
End Select
'Check clock speed
If Int(Left(trim(strCPU),1))>=iMinCPUSpeed Then
fCheckCPUSpeed=strHTACPUSpeed 'CPU is fine i.e don't change value
StatusBar.InnerText=StatusBar.InnerText & vbTab & "CPU Speed: " & cPassed
Else
fCheckCPUSpeed=cFail 'already in GHz
Err.Raise 9050,"fCheckCPUSpeed","CPU speed pre-requisite failed. Minimum processor clock speed is: " & iMinCPUSpeed
Call ErrHandler(Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",1) 'halt build
End If
End Function
'=================================================================================
'=================================================================================
Function fCheckCPUArch(strCPUArch) 'any HW
'Aim: Check CPU width
'Return string
On Error Resume Next
StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "Checking CPU bus width..."
'Check clock speed
If Int(Left(trim(strCPUArch),2))>=iMinCPUArch Then
fCheckCPUArch=strHTAArchitecture 'CPU is fine i.e don't change value
StatusBar.InnerText=StatusBar.InnerText & vbTab & "CPU width: " & cPassed
Else
fCheckCPUArch=cFail 'already in GHz
Err.Raise 9052,"fCheckCPUArch","CPU width pre-requisite failed. Minimum processor width required is: " & iMinCPUArch
Call ErrHandler(Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",1) 'abort build
End If
End Function
'=================================================================================
Function fCheckCores(iCores)
'Aim: Check hardware (CPU) has a minimum number of cores
'Return Integer
On Error Resume Next
StatusBar.InnerText=StatusBar.InnerText & VbCrLf & "Checking CPU cores..."
If iCores>=iMinCores Then
fCheckCores=iCores
StatusBar.InnerText=StatusBar.InnerText & vbTab & "Core count: " & vbTab & cPassed
'StatusBar.InnerText=StatusBar.InnerText & vbTab & "CPU cores: " & cPassed
Else
fCheckCores=cFail
Err.Raise 9051,"fCheckCores","WARNING: Not enough cores on the CPU to support the build. Minimum CPU cores is: " & iMinCores
Call ErrHandler(Err.Description & " (Code: " & Err.Number & " - " & Err.Source & ")",2) 'halt build
End If
End Function
'=================================================================================
'=================================================================================
Function fCheckHPCPUSpeed 'HP ONLY
'Aim: Check CPU speed
'return: string
'Check CPU speed
On Error Resume Next
strWQLCPU = "processor speed"
strTemp=QueryHPBIOS(strWQLCPU,"")
Select Case Right(strTemp,3)
Case "MHz"
strTemp=Left(strTemp,4)/1000 'reformat to GHz
Case "GHz"
strTemp 'is OK
Case Else
Call ErrHandler("CPU is unknown",2)
End Select
'Check clock speed
If strTemp>=iMinCPUSpeed Then
fCheckCPUSpeed= strTemp & "GHz"
Else
Err.Raise 9050,,"CPU speed pre-requisite failed"
Call ErrHandler("CPU is too slow",1)
fCheckCPUSpeed=cFail 'already in GHz
End If
End Function
'=================================================================================
'=================================================================================
Function fGetModels
'Aim: Read external text file
'return: dictionary object - models as key, integer as value e.g. Dell Optiplex,12
'On Error Resume Next
Dim objFSO
Dim objFile
Dim strFile
Dim strEntry
Dim n
Dim strfilepath
Dim iLineCount 'count lines to avoid listing first item with ,.
Set objModelsDict = CreateObject("Scripting.Dictionary")
set objFSO=CreateObject("Scripting.FileSystemObject")
Const ForReading=1
strfilepath = Left(window.location.pathname,InStrRev(window.location.pathname,"\"))
strFile=strfilepath & "Models.txt"
set objFile=objFSO.OpenTextFile(strFile,ForReading)
iLineCount=0
'read in each line of data until you reach the end of the file
do While objFile.AtEndOfStream<>True
strEntry=objFile.ReadLine
'you can now do what ever you want with the line as referenced with the strEntry variable such as
'echoing it back (e.g. wscript.Echo strEntry) or passing it as a variable to a function of subroutine (e.g. MyFunction strEntry)
objModelsDict.comparemode=VBTextCompare
objModelsDict.Add strEntry,iLineCount
iLineCount=iLineCount+1
If blnDebug then
If iLineCount=1 Then
StatusBar.InnerText=trim(strEntry)
Else
StatusBar.InnerText=StatusBar.InnerText & ", " & trim(strEntry) 'list models
End If
End If
Loop
objFile.Close
End Function
'=================================================================================
'=================================================================================
'====================================================
Function ErrHandler(strErrorMsg,iErrMode)
'Aim: to handle error states
' 1 = Abort
' 2 = Warn
'Return 'Appropriate text message explaining the error
'====================================================
Const msgTitle="SCCM Deployment Preflight Checklist"
'On Error Resume Next '< don't use that as we want to KEEP the error properties
'Abort=1
If iErrMode=1 Then
StatusBar.InnerText=strErrorMsg 'overwrite status with Error message
' StatusBar.InnerText=StatusBar.InnerText & VbCrLf & " " & strHTAOutlook & " " & strHTAVendor & " " & strHTAVendorState & _
' VbCrLf & " " & strHTAModel & strHTAModelState & _
' VbCrLf & " " & strHTARAM & strHTARAMState & _
' VbCrLf & " " & strHTAHDD & strHTAHDDState
iTimer = window.setTimeout("Abort", iAbortTimeout, "VBScript") 'Abort (close) after n seconds
'MsgBox strErrorMsg,vbExclamation,msgTitle
'ErrBar.class=""
ElseIf iErrMode=2 Then
'Warning
StatusBar.InnerText=StatusBar.InnerText & VbCrLf & strErrorMsg & " " '& "(" & Err.Description & " :" & Err.Number & ")"',vbExclamation,msgTitle
Err.Clear
End If
End Function
'====================================================
Sub Abort
'Aim: Quit gracefully
window.close()
End Sub
</script>

<body>
<br />
<div>
<span style="version"> <span id="VersionSpan"></span></div>
<div style="text-align: center;">
<H1 style="font-family: Arial, Helvetica, sans-serif; font-size: large; text-align: center; color: #000000; text-transform: capitalize">System information</H1>
<span>
<table border="1" cellspacing="0" cellpadding="0" style="width: 912px"
id="SysInfoTable">
<tr class="h1">
<td align="right" class="Header1" style="width: 76px; height: 18px">
</td>
<td align="right" class="Header1" style="height: 18px"><em id="VendorCaption">Vendor</em></td>
<td align="left" class="style2" style="height: 18px"><span id="Vendor"></span></td>
<td align="right" class="Header2" style="height: 18px"><em id="ModelCaption">Model</em></td>
<td align="center" class="style4" style="width: 400px; height: 18px"><span id="Model"></span></td>
</tr>
<tr>
<td align="right" class="Header1" style="width: 76px">
</td>
<td align="right" class="Header1"><em id="ProductCaption">Product ID</em></td>
<td align="left" class="style2"><span id="Product"></span></td>
<td align="right" class="Header2"><em id="RAMCaption">Memory(in MB)</em></td>
<td align="left" class="style4" style="width: 400px"><span id="RAM"></span></td>
</tr>`
<tr>
<td align="right" class="Header1" style="width: 76px">
</td>
<td align="right" class="Header1"><em id="CPUCaption">CPU speed (in GHz)</em></td>
<td align="left" class="style2"><span id="CPUspeed"></span></td>
<td align="right" class="Header2"><em id="CPUInfoCaption">No: CPU\Cores</em></td>
<td align="left" class="style4" style="width: 400px"><span id="CPUInfo"></span></td>
</tr>
<tr>
<td align="right" class="Header1" style="width: 76px">
</td>
<td align="right" class="Header1"><em id="DiskFSCaption">Filesystem info</em></td>
<td align="left" class="style2"><span id="HDDFS"></span></td>
<td align="right" class="Header2"><em id="CapableArchCaption">Architecture</em></td>
<td align="left" class="style4" style="width: 400px"><span id="CapableArchitecture"></span></td>
</tr>
<tr>
<td align="right" class="Header1" style="width: 76px">
</td>
<td align="right" class="Header1"><em id="BIOSVerCaption">BIOS version</em></td>
<td align="left" class="style2" ><span id="BIOSVERSION"></span></td>
<td align="right" class="Header2"><em id="BIOSDateCaption">BIOS Date</em></td>
<td align="left" class="style4" style="width: 400px"><span id="BIOSDate"></span></td>
</tr>
</table>
</span>
</div>
<div class="StatusBar">
<br />
<Span id="StatusBar">Loading...please wait.</Span>
</div> <br><br>
<div align="center">
<input type="button" name="btnStop" id="btnStop" value="Continue" onclick="Abort">
<input type="Button" value="Re-Scan Machine" name="button1" onClick="Window_Onload" class="button">
</div>
</body>
</html>

Assistance to solve this problem

Hi,
Event filter with query "select" form HP_TempSensorFailureEvent " could not be (re) activated in namespace"//./root/WMI"because of error 0x80041010. Events may not be delivered through this filter until the problems is corrected.

Hello,
Suggest you to post this question in Scripting forum to get better assistance... This is Exchange server forum...
http://social.technet.microsoft.com/Forums/scriptcenter/en-US/home
Blog |
Get Your Exchange Powershell Tip of the Day from here

Selecting InDesign version in VB script

I am having some difficulty with selecting the proper version of InDesign in my VB scripts.
Usually I use the connection string: CreateObject("InDesign.Application"), which will launch in whatever version is installed.
Now, one of my customers has installed version 6 along side with version 5.5, which means that I have to supply either: CreateObject("InDesign.Application.CS5.5") or CreateObject("InDesign.Application.CS6"), in order to get it to run on the proper version.
What I don't understand is why the script doesn't start within the version of InDesign that it is activated from. If I use the connection string: CreateObject("InDesign.Application"), and I start it from within InDesign version 6 (from the script menu), why does it launch version 5.5 and try to run the script there? Why does it not run inside the InDesign application that launched it?
It quickly becomes a mess to have to modify scripts whenever people install new versions of InDesign, so is there any way to ensure that a VB script is always run within the InDesign application that launched it, regardless of what other versions people might have installed?

you can use WMI to have a peak at all the ID processes.
here I have both CS4 and CS5 running, hopefully only one version should be running at a time, and we can use the ExecutablePath property to get the version (CS4 for instance) from it.
Dim WMI, Col, Ob, S2
Err.Clear
On Error Resume Next
Set WMI = GetObject("WinMgmts:")
    If (Err.number <> 0) Then
       MsgBox "Error creating WMI object. Error: " & Err.Number & " - " & Err.Description
       WScript.quit
    End If
'-------------- processes ------------------------------------
Set Col = WMI.ExecQuery( _
    "SELECT * FROM Win32_Process" & _
    " WHERE Name = 'indesign.exe'",,48)
S2 = S2 & " Process Info:" & vbCrLf & vbCrLf
For Each Ob in Col
    S2 = S2 & "Caption: " & Ob.Caption & vbCrLf
    S2 = S2 & "ExecutablePath: " & Ob.ExecutablePath & vbCrLf
    S2 = S2 & "ProcessID: " & Ob.ProcessID & vbCrLf & "__________________________" & vbCrLf & vbCrLf
Next
            msgbox S2
Set Col = Nothing
Set WMI = Nothing
MsgBox "Done."

WMI Win32_PerfFormattedData_PerfOS_Processor 0x80041017 error

Similar Messages

Maybe you are looking for