(bug report) intel network card driver and software causes system degradation and WMI error
gianni
http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldId=4275&lang=eng
The system is XP SP2 with all latest updates.
The problem is with WMI.
Logs are here...
************* LOGS ************************
(Mon Sep 03 15:36:42 2007.546453) : Impersonation failed - Access
denied
(Mon Sep 03 15:57:40 2007.1804187) : WDM call returned error: 4200
(Mon Sep 03 18:43:19 2007.45750) : Unable to add definition query
SELECT * FROM IANet_802dot3TeamEvent to a provider proxy. Error code:
80041002
(Mon Sep 03 18:43:19 2007.45750) : Skipping provider NcsWmiEventProv
registration query SELECT * FROM IANet_802dot3TeamEvent
failed to merge: 80041002
(Mon Sep 03 18:43:19 2007.45750) : Invalid event class
IANet_802dot3VlanEvent in provider registration
Query was: SELECT * FROM IANet_802dot3VlanEvent
(Mon Sep 03 18:43:19 2007.45765) : Unable to add definition query
SELECT * FROM IANet_802dot3VlanEvent to a provider proxy. Error code:
80041002
(Mon Sep 03 18:43:19 2007.45765) : Skipping provider NcsWmiEventProv
registration query SELECT * FROM IANet_802dot3VlanEvent
failed to merge: 80041002
(Mon Sep 03 18:43:19 2007.45765) : Invalid event class
IANet_InternalErrorEvent in provider registration
Query was: SELECT * FROM IANet_InternalErrorEvent
(Mon Sep 03 18:43:19 2007.45765) : Unable to add definition query
SELECT * FROM IANet_InternalErrorEvent to a provider proxy. Error
code: 80041002
(Mon Sep 03 18:43:19 2007.45765) : Skipping provider NcsWmiEventProv
registration query SELECT * FROM IANet_InternalErrorEvent
failed to merge: 80041002
(Mon Sep 03 18:44:23 2007.109953) : NT Event Log Consumer: could not
retrieve sid, 0x80041002
A provider, Ncs2, has been registered in the WMI namespace, Root
\IntelNCS2, but did not specify the HostingModel property.
This provider will be run using the LocalSystem account. This
account is privileged and the provider may cause a
security violation if it does not correctly impersonate user
requests. Ensure that provider has been reviewed for
security behavior and update the HostingModel property of the provider
registration to an account with the least
privileges possible for the required functionality.
A provider, IntelEthernetDiag, has been registered in the WMI
namespace, Root\CIMv2, but did not specify the HostingModel
property. This provider will be run using the LocalSystem account.
This account is privileged and the provider may cause
a security violation if it does not correctly impersonate user
requests. Ensure that provider has been reviewed for
security behavior and update the HostingModel property of the provider
registration to an account with the least
privileges possible for the required functionality.
Event provider attempted to register query "SELECT * FROM
IANet_SessionEvent" whose target class "IANet_SessionEvent" does
not exist. The query will be ignored.
Event provider attempted to register query "SELECT * FROM
IANet_InternalErrorEvent" whose target class
"IANet_InternalErrorEvent" does not exist. The query will be ignored.
Event provider attempted to register query "SELECT * FROM
IANet_SessionEvent" whose target class "IANet_SessionEvent" does
not exist. The query will be ignored.
Event provider attempted to register query "SELECT * FROM
IANet_802dot3AdapterEvent" whose target class
"IANet_802dot3AdapterEvent" does not exist. The query will be ignored.
Event provider attempted to register query "SELECT * FROM
IANet_802dot3TeamEvent" whose target class
"IANet_802dot3TeamEvent" does not exist. The query will be ignored.
Event provider attempted to register query "SELECT * FROM
IANet_802dot3VlanEvent" whose target class
"IANet_802dot3VlanEvent" does not exist. The query will be ignored.
gianni
There appears to be impact made by any version of the intel drivers as
inspected with 8.4, 11.2, 12.2 versions.
It is sufficient to have them once installed and removed to have error
REMAIN. For version 8.4 that is chronologically ... logical. For
example I can see IntelNCS remaining in the security properties
page... But where and what is it really changed in windows and where
do we see those configuration files?
Since the system used to work well I suppose that microsoft something
changed via automatic updates and then the system became crappy.
I tried loosening security for everything in WMI properties except for
user "Everyone" but that had no result.
While the event viewer is printing same messages all the time (??) the
WBEM is printing logs like this...
******************* LOGS *******************************
errors after uninstalling driver and removing 98% of intel proset
rekated registry entries...
(Tue Sep 04 17:09:46 2007.4008406) : Unable to register event source
'Service Control Manager' on server ''. Error code: 6B5
(Tue Sep 04 17:09:46 2007.4008406) : Event consumer provider is unable
to instantiate event consumer NTEventLogEventConsumer="SCM Event Log
Consumer": error code 0x80041001
(Tue Sep 04 17:09:46 2007.4008406) : Failed the first attempt to
retrieve the sink to deliver an event to event consumer
NTEventLogEventConsumer="SCM Event Log Consumer" with error code
80041001.
WMI will reload and retry.
(Tue Sep 04 17:09:46 2007.4008421) : Unable to register event source
'Service Control Manager' on server ''. Error code: 6B5
(Tue Sep 04 17:09:46 2007.4008421) : Event consumer provider is unable
to instantiate event consumer NTEventLogEventConsumer="SCM Event Log
Consumer": error code 0x80041001
(Tue Sep 04 17:09:46 2007.4008421) : Failed the second attempt to
deliver an event to event consumer NTEventLogEventConsumer="SCM Event
Log Consumer" with error code 80041001.
This event is dropped for this consumer.
(Tue Sep 04 17:09:46 2007.4008421) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008421) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008421) : Unable to register event source
'Service Control Manager' on server ''. Error code: 6B5
(Tue Sep 04 17:09:46 2007.4008421) : Event consumer provider is unable
to instantiate event consumer NTEventLogEventConsumer="SCM Event Log
Consumer": error code 0x80041001
(Tue Sep 04 17:09:46 2007.4008421) : Failed the first attempt to
retrieve the sink to deliver an event to event consumer
NTEventLogEventConsumer="SCM Event Log Consumer" with error code
80041001.
WMI will reload and retry.
(Tue Sep 04 17:09:46 2007.4008421) : Unable to register event source
'Service Control Manager' on server ''. Error code: 6B5
(Tue Sep 04 17:09:46 2007.4008421) : Event consumer provider is unable
to instantiate event consumer NTEventLogEventConsumer="SCM Event Log
Consumer": error code 0x80041001
(Tue Sep 04 17:09:46 2007.4008421) : Failed the second attempt to
deliver an event to event consumer NTEventLogEventConsumer="SCM Event
Log Consumer" with error code 80041001.
This event is dropped for this consumer.
(Tue Sep 04 17:09:46 2007.4008421) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008500) : Unable to register event source
'Service Control Manager' on server ''. Error code: 6B5
(Tue Sep 04 17:09:46 2007.4008500) : Event consumer provider is unable
to instantiate event consumer NTEventLogEventConsumer="SCM Event Log
Consumer": error code 0x80041001
(Tue Sep 04 17:09:46 2007.4008500) : Failed the first attempt to
retrieve the sink to deliver an event to event consumer
NTEventLogEventConsumer="SCM Event Log Consumer" with error code
80041001.
WMI will reload and retry.
(Tue Sep 04 17:09:46 2007.4008500) : Unable to register event source
'Service Control Manager' on server ''. Error code: 6B5
(Tue Sep 04 17:09:46 2007.4008515) : Event consumer provider is unable
to instantiate event consumer NTEventLogEventConsumer="SCM Event Log
Consumer": error code 0x80041001
(Tue Sep 04 17:09:46 2007.4008515) : Failed the second attempt to
deliver an event to event consumer NTEventLogEventConsumer="SCM Event
Log Consumer" with error code 80041001.
This event is dropped for this consumer.
(Tue Sep 04 17:09:46 2007.4008515) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008515) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008515) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008515) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008515) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008515) : Unable to register event source
'Service Control Manager' on server ''. Error code: 6B5
(Tue Sep 04 17:09:46 2007.4008515) : Event consumer provider is unable
to instantiate event consumer NTEventLogEventConsumer="SCM Event Log
Consumer": error code 0x80041001
(Tue Sep 04 17:09:46 2007.4008515) : Failed the first attempt to
retrieve the sink to deliver an event to event consumer
NTEventLogEventConsumer="SCM Event Log Consumer" with error code
80041001.
WMI will reload and retry.
(Tue Sep 04 17:09:46 2007.4008531) : Unable to register event source
'Service Control Manager' on server ''. Error code: 6B5
(Tue Sep 04 17:09:46 2007.4008531) : Event consumer provider is unable
to instantiate event consumer NTEventLogEventConsumer="SCM Event Log
Consumer": error code 0x80041001
(Tue Sep 04 17:09:46 2007.4008531) : Failed the second attempt to
deliver an event to event consumer NTEventLogEventConsumer="SCM Event
Log Consumer" with error code 80041001.
This event is dropped for this consumer.
(Tue Sep 04 17:09:46 2007.4008531) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008531) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008531) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008531) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008531) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008531) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:11:02 2007.41765) : Invalid event class
IANet_SessionEvent in provider registration
Query was: SELECT * FROM IANet_SessionEvent
(Tue Sep 04 17:11:02 2007.41781) : Unable to add definition query
SELECT * FROM IANet_SessionEvent to a provider proxy. Error code:
80041002
(Tue Sep 04 17:11:02 2007.41781) : Skipping provider NcsCoreEvents
registration query SELECT * FROM IANet_SessionEvent
failed to merge: 80041002
(Tue Sep 04 17:11:02 2007.41781) : Invalid event class
IANet_InternalErrorEvent in provider registration
Query was: SELECT * FROM IANet_InternalErrorEvent
(Tue Sep 04 17:11:02 2007.41781) : Unable to add definition query
SELECT * FROM IANet_InternalErrorEvent to a provider proxy. Error
code: 80041002
(Tue Sep 04 17:11:02 2007.41781) : Skipping provider NcsCoreEvents
registration query SELECT * FROM IANet_InternalErrorEvent
failed to merge: 80041002
(Tue Sep 04 17:11:02 2007.41796) : Invalid event class
IANet_SessionEvent in provider registration
Query was: SELECT * FROM IANet_SessionEvent
(Tue Sep 04 17:11:02 2007.41796) : Unable to add definition query
SELECT * FROM IANet_SessionEvent to a provider proxy. Error code:
80041002
(Tue Sep 04 17:11:02 2007.41796) : Skipping provider NcsWmiEventProv
registration query SELECT * FROM IANet_SessionEvent
failed to merge: 80041002
(Tue Sep 04 17:11:02 2007.41796) : Invalid event class
IANet_802dot3AdapterEvent in provider registration
Query was: SELECT * FROM IANet_802dot3AdapterEvent
(Tue Sep 04 17:11:02 2007.41812) : Unable to add definition query
SELECT * FROM IANet_802dot3AdapterEvent to a provider proxy. Error
code: 80041002
(Tue Sep 04 17:11:02 2007.41812) : Skipping provider NcsWmiEventProv
registration query SELECT * FROM IANet_802dot3AdapterEvent
failed to merge: 80041002
(Tue Sep 04 17:11:02 2007.41812) : Invalid event class
IANet_802dot3TeamEvent in provider registration
Query was: SELECT * FROM IANet_802dot3TeamEvent
(Tue Sep 04 17:11:02 2007.41812) : Unable to add definition query
SELECT * FROM IANet_802dot3TeamEvent to a provider proxy. Error code:
80041002
(Tue Sep 04 17:11:02 2007.41812) : Skipping provider NcsWmiEventProv
registration query SELECT * FROM IANet_802dot3TeamEvent
failed to merge: 80041002
(Tue Sep 04 17:11:02 2007.41812) : Invalid event class
IANet_802dot3VlanEvent in provider registration
Query was: SELECT * FROM IANet_802dot3VlanEvent
(Tue Sep 04 17:11:02 2007.41812) : Unable to add definition query
SELECT * FROM IANet_802dot3VlanEvent to a provider proxy. Error code:
80041002
(Tue Sep 04 17:11:02 2007.41812) : Skipping provider NcsWmiEventProv
registration query SELECT * FROM IANet_802dot3VlanEvent
failed to merge: 80041002
(Tue Sep 04 17:11:02 2007.41812) : Invalid event class
IANet_InternalErrorEvent in provider registration
Query was: SELECT * FROM IANet_InternalErrorEvent
(Tue Sep 04 17:11:02 2007.41812) : Unable to add definition query
SELECT * FROM IANet_InternalErrorEvent to a provider proxy. Error
code: 80041002
(Tue Sep 04 17:11:02 2007.41812) : Skipping provider NcsWmiEventProv
registration query SELECT * FROM IANet_InternalErrorEvent
failed to merge: 80041002
(Tue Sep 04 17:12:05 2007.105343) : NT Event Log Consumer: could not
retrieve sid, 0x80041002
(Tue Sep 04 17:12:05 2007.105343) : NT Event Log Consumer: could not
retrieve sid, 0x80041002
(Tue Sep 04 17:12:06 2007.105859) : NT Event Log Consumer: could not
retrieve sid, 0x80041002
(Tue Sep 04 17:12:06 2007.105859) : NT Event Log Consumer: could not
retrieve sid, 0x80041002
(Tue Sep 04 17:12:07 2007.106718) : NT Event Log Consumer: could not
retrieve sid, 0x80041002
(Tue Sep 04 17:12:07 2007.106781) : NT Event Log Consumer: could not
retrieve sid, 0x80041002
(Tue Sep 04 17:12:07 2007.106781) : NT Event Log Consumer: could not
retrieve sid, 0x80041002
(Tue Sep 04 17:12:09 2007.109171) : NT Event Log Consumer: could not
retrieve sid, 0x80041002
(Tue Sep 04 17:12:10 2007.110656) : NT Event Log Consumer: could not
retrieve sid, 0x80041002
(Tue Sep 04 17:12:10 2007.110656) : NT Event Log Consumer: could not
retrieve sid, 0x80041002
(Tue Sep 04 17:12:13 2007.112890) : NT Event Log Consumer: could not
retrieve sid, 0x80041002
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
errors after yet another INSTALL of 12.2 driver. it took 10 minutes to
complete, then I "REPAIRED" it later on one more time to record
logs... notice the moment with syntax error.
(Tue Sep 04 17:25:19 2007.898984) : Parsing MOF file: ICmLn.mof
(Tue Sep 04 17:25:19 2007.899187) : Finished compiling file:ICmLn.mof
(Tue Sep 04 17:25:19 2007.899187) : Parsing MOF file: ICmENU.mfl
(Tue Sep 04 17:25:19 2007.899421) : Finished compiling file:ICmENU.mfl
(Tue Sep 04 17:25:19 2007.899437) : Parsing MOF file: ICmENU.mfl
(Tue Sep 04 17:25:19 2007.899625) : Finished compiling file:ICmENU.mfl
(Tue Sep 04 17:25:19 2007.899625) : Parsing MOF file: ICoreLn.mof
(Tue Sep 04 17:25:20 2007.899765) : Finished compiling
file:ICoreLn.mof
(Tue Sep 04 17:25:20 2007.899765) : Parsing MOF file: ICoreENU.mfl
(Tue Sep 04 17:25:20 2007.899890) : Finished compiling
file:ICoreENU.mfl
(Tue Sep 04 17:25:20 2007.899890) : Parsing MOF file: ICoreENU.mfl
(Tue Sep 04 17:25:20 2007.900000) : Finished compiling
file:ICoreENU.mfl
(Tue Sep 04 17:25:20 2007.900015) : Parsing MOF file: IDiagLn.mof
(Tue Sep 04 17:25:20 2007.900031) : Finished compiling
file:IDiagLn.mof
(Tue Sep 04 17:25:20 2007.900046) : Parsing MOF file: IDiagENU.mfl
(Tue Sep 04 17:25:20 2007.900078) : Finished compiling
file:IDiagENU.mfl
(Tue Sep 04 17:25:20 2007.900093) : Parsing MOF file: IDiagENU.mfl
(Tue Sep 04 17:25:20 2007.900125) : Finished compiling
file:IDiagENU.mfl
(Tue Sep 04 17:25:20 2007.900125) : Parsing MOF file: IBootLn.mof
(Tue Sep 04 17:25:20 2007.900156) : Finished compiling
file:IBootLn.mof
(Tue Sep 04 17:25:20 2007.900171) : Parsing MOF file: IBootENU.mfl
(Tue Sep 04 17:25:20 2007.900218) : Finished compiling
file:IBootENU.mfl
(Tue Sep 04 17:25:20 2007.900218) : Parsing MOF file: IBootENU.mfl
(Tue Sep 04 17:25:20 2007.900250) : Finished compiling
file:IBootENU.mfl
(Tue Sep 04 17:25:20 2007.900296) : Parsing MOF file: C2CmLn.mof
(Tue Sep 04 17:25:20 2007.900328) : Finished compiling file:C2CmLn.mof
(Tue Sep 04 17:25:20 2007.900328) : Parsing MOF file: C2CmENU.mfl
(Tue Sep 04 17:25:20 2007.900359) : Finished compiling
file:C2CmENU.mfl
(Tue Sep 04 17:25:20 2007.900375) : Parsing MOF file: C2CmENU.mfl
(Tue Sep 04 17:25:20 2007.900390) : Finished compiling
file:C2CmENU.mfl
(Tue Sep 04 17:25:20 2007.900406) : Parsing MOF file: C2CdLn.mof
(Tue Sep 04 17:25:20 2007.900437) : Finished compiling file:C2CdLn.mof
(Tue Sep 04 17:25:20 2007.900437) : Parsing MOF file: C2CdENU.mfl
(Tue Sep 04 17:25:20 2007.900484) : Finished compiling
file:C2CdENU.mfl
(Tue Sep 04 17:25:20 2007.900484) : Parsing MOF file: C2CdENU.mfl
(Tue Sep 04 17:25:20 2007.900546) : Finished compiling
file:C2CdENU.mfl
(Tue Sep 04 17:25:20 2007.900546) : Parsing MOF file: C2ICdLn.mof
(Tue Sep 04 17:25:20 2007.900609) : Finished compiling
file:C2ICdLn.mof
(Tue Sep 04 17:25:20 2007.900609) : Parsing MOF file: C2ICdENU.mfl
(Tue Sep 04 17:25:20 2007.900640) : Finished compiling
file:C2ICdENU.mfl
(Tue Sep 04 17:25:20 2007.900640) : Parsing MOF file: C2ICdENU.mfl
(Tue Sep 04 17:25:21 2007.900671) : Finished compiling
file:C2ICdENU.mfl
(Tue Sep 04 17:25:21 2007.900671) : Parsing MOF file: C2ICrLn.mof
(Tue Sep 04 17:25:21 2007.900734) : Finished compiling
file:C2ICrLn.mof
(Tue Sep 04 17:25:21 2007.900750) : Parsing MOF file: C2ICrENU.mfl
(Tue Sep 04 17:25:21 2007.900812) : Finished compiling
file:C2ICrENU.mfl
(Tue Sep 04 17:25:21 2007.900812) : Parsing MOF file: C2ICrENU.mfl
(Tue Sep 04 17:25:21 2007.901140) : Finished compiling
file:C2ICrENU.mfl
(Tue Sep 04 17:35:58 2007.1538640) : (1): error SYNTAX 0X8004401e:
This is not a valid MOF file
(Tue Sep 04 17:35:58 2007.1538640) : (1): error SYNTAX 0X8004401e:
This is not a valid MOF file
(Tue Sep 04 17:36:05 2007.1545031) : Parsing MOF file: ICmLn.mof
(Tue Sep 04 17:36:05 2007.1545156) : Finished compiling file:ICmLn.mof
(Tue Sep 04 17:36:05 2007.1545156) : Parsing MOF file: ICmENU.mfl
(Tue Sep 04 17:36:05 2007.1545406) : Finished compiling
file:ICmENU.mfl
(Tue Sep 04 17:36:05 2007.1545406) : Parsing MOF file: ICmENU.mfl
(Tue Sep 04 17:36:05 2007.1545593) : Finished compiling
file:ICmENU.mfl
(Tue Sep 04 17:36:05 2007.1545625) : Parsing MOF file: ICoreLn.mof
(Tue Sep 04 17:36:06 2007.1545718) : Finished compiling
file:ICoreLn.mof
(Tue Sep 04 17:36:06 2007.1545718) : Parsing MOF file: ICoreENU.mfl
(Tue Sep 04 17:36:06 2007.1545843) : Finished compiling
file:ICoreENU.mfl
(Tue Sep 04 17:36:06 2007.1545859) : Parsing MOF file: ICoreENU.mfl
(Tue Sep 04 17:36:06 2007.1545968) : Finished compiling
file:ICoreENU.mfl
(Tue Sep 04 17:36:06 2007.1545984) : Parsing MOF file: IDiagLn.mof
(Tue Sep 04 17:36:06 2007.1546000) : Finished compiling
file:IDiagLn.mof
(Tue Sep 04 17:36:06 2007.1546000) : Parsing MOF file: IDiagENU.mfl
(Tue Sep 04 17:36:06 2007.1546046) : Finished compiling
file:IDiagENU.mfl
(Tue Sep 04 17:36:06 2007.1546062) : Parsing MOF file: IDiagENU.mfl
(Tue Sep 04 17:36:06 2007.1546109) : Finished compiling
file:IDiagENU.mfl
(Tue Sep 04 17:36:06 2007.1546109) : Parsing MOF file: IBootLn.mof
(Tue Sep 04 17:36:06 2007.1546140) : Finished compiling
file:IBootLn.mof
(Tue Sep 04 17:36:06 2007.1546140) : Parsing MOF file: IBootENU.mfl
(Tue Sep 04 17:36:06 2007.1546234) : Finished compiling
file:IBootENU.mfl
(Tue Sep 04 17:36:06 2007.1546234) : Parsing MOF file: IBootENU.mfl
(Tue Sep 04 17:36:06 2007.1546265) : Finished compiling
file:IBootENU.mfl
(Tue Sep 04 17:36:06 2007.1546312) : Parsing MOF file: C2CmLn.mof
(Tue Sep 04 17:36:06 2007.1546328) : Finished compiling
file:C2CmLn.mof
(Tue Sep 04 17:36:06 2007.1546343) : Parsing MOF file: C2CmENU.mfl
(Tue Sep 04 17:36:06 2007.1546375) : Finished compiling
file:C2CmENU.mfl
(Tue Sep 04 17:36:06 2007.1546375) : Parsing MOF file: C2CmENU.mfl
(Tue Sep 04 17:36:06 2007.1546406) : Finished compiling
file:C2CmENU.mfl
(Tue Sep 04 17:36:06 2007.1546406) : Parsing MOF file: C2CdLn.mof
(Tue Sep 04 17:36:06 2007.1546437) : Finished compiling
file:C2CdLn.mof
(Tue Sep 04 17:36:06 2007.1546437) : Parsing MOF file: C2CdENU.mfl
(Tue Sep 04 17:36:06 2007.1546500) : Finished compiling
file:C2CdENU.mfl
(Tue Sep 04 17:36:06 2007.1546500) : Parsing MOF file: C2CdENU.mfl
(Tue Sep 04 17:36:06 2007.1546546) : Finished compiling
file:C2CdENU.mfl
(Tue Sep 04 17:36:06 2007.1546546) : Parsing MOF file: C2ICdLn.mof
(Tue Sep 04 17:36:06 2007.1546609) : Finished compiling
file:C2ICdLn.mof
(Tue Sep 04 17:36:06 2007.1546609) : Parsing MOF file: C2ICdENU.mfl
(Tue Sep 04 17:36:06 2007.1546640) : Finished compiling
file:C2ICdENU.mfl
(Tue Sep 04 17:36:06 2007.1546640) : Parsing MOF file: C2ICdENU.mfl
(Tue Sep 04 17:36:07 2007.1546671) : Finished compiling
file:C2ICdENU.mfl
(Tue Sep 04 17:36:07 2007.1546671) : Parsing MOF file: C2ICrLn.mof
(Tue Sep 04 17:36:07 2007.1546734) : Finished compiling
file:C2ICrLn.mof
(Tue Sep 04 17:36:07 2007.1546734) : Parsing MOF file: C2ICrENU.mfl
(Tue Sep 04 17:36:07 2007.1546812) : Finished compiling
file:C2ICrENU.mfl
(Tue Sep 04 17:36:07 2007.1546812) : Parsing MOF file: C2ICrENU.mfl
(Tue Sep 04 17:36:07 2007.1546875) : Finished compiling
file:C2ICrENU.mfl
(Tue Sep 04 17:09:46 2007.4008406) : Unable to register event source
'Service Control Manager' on server ''. Error code: 6B5
(Tue Sep 04 17:09:46 2007.4008406) : Event consumer provider is unable
to instantiate event consumer NTEventLogEventConsumer="SCM Event Log
Consumer": error code 0x80041001
(Tue Sep 04 17:09:46 2007.4008406) : Failed the first attempt to
retrieve the sink to deliver an event to event consumer
NTEventLogEventConsumer="SCM Event Log Consumer" with error code
80041001.
WMI will reload and retry.
(Tue Sep 04 17:09:46 2007.4008421) : Unable to register event source
'Service Control Manager' on server ''. Error code: 6B5
(Tue Sep 04 17:09:46 2007.4008421) : Event consumer provider is unable
to instantiate event consumer NTEventLogEventConsumer="SCM Event Log
Consumer": error code 0x80041001
(Tue Sep 04 17:09:46 2007.4008421) : Failed the second attempt to
deliver an event to event consumer NTEventLogEventConsumer="SCM Event
Log Consumer" with error code 80041001.
This event is dropped for this consumer.
(Tue Sep 04 17:09:46 2007.4008421) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008421) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008421) : Unable to register event source
'Service Control Manager' on server ''. Error code: 6B5
(Tue Sep 04 17:09:46 2007.4008421) : Event consumer provider is unable
to instantiate event consumer NTEventLogEventConsumer="SCM Event Log
Consumer": error code 0x80041001
(Tue Sep 04 17:09:46 2007.4008421) : Failed the first attempt to
retrieve the sink to deliver an event to event consumer
NTEventLogEventConsumer="SCM Event Log Consumer" with error code
80041001.
WMI will reload and retry.
(Tue Sep 04 17:09:46 2007.4008421) : Unable to register event source
'Service Control Manager' on server ''. Error code: 6B5
(Tue Sep 04 17:09:46 2007.4008421) : Event consumer provider is unable
to instantiate event consumer NTEventLogEventConsumer="SCM Event Log
Consumer": error code 0x80041001
(Tue Sep 04 17:09:46 2007.4008421) : Failed the second attempt to
deliver an event to event consumer NTEventLogEventConsumer="SCM Event
Log Consumer" with error code 80041001.
This event is dropped for this consumer.
(Tue Sep 04 17:09:46 2007.4008421) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008500) : Unable to register event source
'Service Control Manager' on server ''. Error code: 6B5
(Tue Sep 04 17:09:46 2007.4008500) : Event consumer provider is unable
to instantiate event consumer NTEventLogEventConsumer="SCM Event Log
Consumer": error code 0x80041001
(Tue Sep 04 17:09:46 2007.4008500) : Failed the first attempt to
retrieve the sink to deliver an event to event consumer
NTEventLogEventConsumer="SCM Event Log Consumer" with error code
80041001.
WMI will reload and retry.
(Tue Sep 04 17:09:46 2007.4008500) : Unable to register event source
'Service Control Manager' on server ''. Error code: 6B5
(Tue Sep 04 17:09:46 2007.4008515) : Event consumer provider is unable
to instantiate event consumer NTEventLogEventConsumer="SCM Event Log
Consumer": error code 0x80041001
(Tue Sep 04 17:09:46 2007.4008515) : Failed the second attempt to
deliver an event to event consumer NTEventLogEventConsumer="SCM Event
Log Consumer" with error code 80041001.
This event is dropped for this consumer.
(Tue Sep 04 17:09:46 2007.4008515) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008515) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008515) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008515) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008515) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008515) : Unable to register event source
'Service Control Manager' on server ''. Error code: 6B5
(Tue Sep 04 17:09:46 2007.4008515) : Event consumer provider is unable
to instantiate event consumer NTEventLogEventConsumer="SCM Event Log
Consumer": error code 0x80041001
(Tue Sep 04 17:09:46 2007.4008515) : Failed the first attempt to
retrieve the sink to deliver an event to event consumer
NTEventLogEventConsumer="SCM Event Log Consumer" with error code
80041001.
WMI will reload and retry.
(Tue Sep 04 17:09:46 2007.4008531) : Unable to register event source
'Service Control Manager' on server ''. Error code: 6B5
(Tue Sep 04 17:09:46 2007.4008531) : Event consumer provider is unable
to instantiate event consumer NTEventLogEventConsumer="SCM Event Log
Consumer": error code 0x80041001
(Tue Sep 04 17:09:46 2007.4008531) : Failed the second attempt to
deliver an event to event consumer NTEventLogEventConsumer="SCM Event
Log Consumer" with error code 80041001.
This event is dropped for this consumer.
(Tue Sep 04 17:09:46 2007.4008531) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008531) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008531) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008531) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008531) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:09:46 2007.4008531) : Dropping event destined for event
consumer NTEventLogEventConsumer="SCM Event Log Consumer" in
namespace //./root/subscription
(Tue Sep 04 17:11:02 2007.41765) : Invalid event class
IANet_SessionEvent in provider registration
Query was: SELECT * FROM IANet_SessionEvent
(Tue Sep 04 17:11:02 2007.41781) : Unable to add definition query
SELECT * FROM IANet_SessionEvent to a provider proxy. Error code:
80041002
(Tue Sep 04 17:11:02 2007.41781) : Skipping provider NcsCoreEvents
registration query SELECT * FROM IANet_SessionEvent
failed to merge: 80041002
(Tue Sep 04 17:11:02 2007.41781) : Invalid event class
IANet_InternalErrorEvent in provider registration
Query was: SELECT * FROM IANet_InternalErrorEvent
(Tue Sep 04 17:11:02 2007.41781) : Unable to add definition query
SELECT * FROM IANet_InternalErrorEvent to a provider proxy. Error
code: 80041002
(Tue Sep 04 17:11:02 2007.41781) : Skipping provider NcsCoreEvents
registration query SELECT * FROM IANet_InternalErrorEvent
failed to merge: 80041002
(Tue Sep 04 17:11:02 2007.41796) : Invalid event class
IANet_SessionEvent in provider registration
Query was: SELECT * FROM IANet_SessionEvent
(Tue Sep 04 17:11:02 2007.41796) : Unable to add definition query
SELECT * FROM IANet_SessionEvent to a provider proxy. Error code:
80041002
(Tue Sep 04 17:11:02 2007.41796) : Skipping provider NcsWmiEventProv
registration query SELECT * FROM IANet_SessionEvent
failed to merge: 80041002
(Tue Sep 04 17:11:02 2007.41796) : Invalid event class
IANet_802dot3AdapterEvent in provider registration
Query was: SELECT * FROM IANet_802dot3AdapterEvent
(Tue Sep 04 17:11:02 2007.41812) : Unable to add definition query
SELECT * FROM IANet_802dot3AdapterEvent to a provider proxy. Error
code: 80041002
(Tue Sep 04 17:11:02 2007.41812) : Skipping provider NcsWmiEventProv
registration query SELECT * FROM IANet_802dot3AdapterEvent
failed to merge: 80041002
(Tue Sep 04 17:11:02 2007.41812) : Invalid event class
IANet_802dot3TeamEvent in provider registration
Query was: SELECT * FROM IANet_802dot3TeamEvent
(Tue Sep 04 17:11:02 2007.41812) : Unable to add definition query
SELECT * FROM IANet_802dot3TeamEvent to a provider proxy. Error code:
80041002
(Tue Sep 04 17:11:02 2007.41812) : Skipping provider NcsWmiEventProv
registration query SELECT * FROM IANet_802dot3TeamEvent
failed to merge: 80041002
(Tue Sep 04 17:11:02 2007.41812) : Invalid event class
IANet_802dot3VlanEvent in provider registration
Query was: SELECT * FROM IANet_802dot3VlanEvent
(Tue Sep 04 17:11:02 2007.41812) : Unable to add definition query
SELECT * FROM IANet_802dot3VlanEvent to a provider proxy. Error code:
80041002
(Tue Sep 04 17:11:02 2007.41812) : Skipping provider NcsWmiEventProv
registration query SELECT * FROM IANet_802dot3VlanEvent
failed to merge: 80041002
(Tue Sep 04 17:11:02 2007.41812) : Invalid event class
IANet_InternalErrorEvent in provider registration
Query was: SELECT * FROM IANet_InternalErrorEvent
(Tue Sep 04 17:11:02 2007.41812) : Unable to add definition query
SELECT * FROM IANet_InternalErrorEvent to a provider proxy. Error
code: 80041002
(Tue Sep 04 17:11:02 2007.41812) : Skipping provider NcsWmiEventProv
registration query SELECT * FROM IANet_InternalErrorEvent
failed to merge: 80041002
(Tue Sep 04 17:12:05 2007.105343) : NT Event Log Consumer: could not
retrieve sid, 0x80041002
(Tue Sep 04 17:12:05 2007.105343) : NT Event Log Consumer: could not
retrieve sid, 0x80041002
(Tue Sep 04 17:12:06 2007.105859) : NT Event Log Consumer: could not
retrieve sid, 0x80041002
(Tue Sep 04 17:12:06 2007.105859) : NT Event Log Consumer: could not
retrieve sid, 0x80041002
(Tue Sep 04 17:12:07 2007.106718) : NT Event Log Consumer: could not
retrieve sid, 0x80041002
(Tue Sep 04 17:12:07 2007.106781) : NT Event Log Consumer: could not
retrieve sid, 0x80041002
(Tue Sep 04 17:12:07 2007.106781) : NT Event Log Consumer: could not
retrieve sid, 0x80041002
(Tue Sep 04 17:12:09 2007.109171) : NT Event Log Consumer: could not
retrieve sid, 0x80041002
(Tue Sep 04 17:12:10 2007.110656) : NT Event Log Consumer: could not
retrieve sid, 0x80041002
(Tue Sep 04 17:12:10 2007.110656) : NT Event Log Consumer: could not
retrieve sid, 0x80041002
(Tue Sep 04 17:12:13 2007.112890) : NT Event Log Consumer: could not
retrieve sid, 0x80041002
(Tue Sep 04 17:24:26 2007.845843) : NT Event Log Consumer: could not
retrieve sid, 0x80041002
(Tue Sep 04 17:11:56 2007.95984) : ConnectViaDCOM, CoCreateInstanceEx
resulted in hr = 0x80010002
(Tue Sep 04 17:12:01 2007.101078) : ConnectViaDCOM, CoCreateInstanceEx
resulted in hr = 0x80010002
(Tue Sep 04 17:24:50 2007.870031) : NTLMLogin resulted in hr =
0x8004100e
(Tue Sep 04 17:24:50 2007.870046) : NTLMLogin resulted in hr =
0x8004100e
Login Warning - provider with that name already existed,
overridden with latest provider login (root
\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 09/04/2007
17:30:49.765 thread:3136 [d:\xpsprtm\admin\wmi\wbem\sdk\framedyn
\wbemglue.cpp.2252]
gianni
2007 at 18:21.
21965 18:26:42 (0) **
21966 18:26:42 (0) ** Copyright (c) Microsoft Corporation. All rights
reserved - January 2007.
21967 18:26:42 (0) **
21968 18:26:42 (0) ** This script is not supported under any Microsoft
standard support program or service.
21969 18:26:42 (0) ** The script is provided AS IS without warranty of
any kind. Microsoft further disclaims all
21970 18:26:42 (0) ** implied warranties including, without
limitation, any implied warranties of merchantability
21971 18:26:42 (0) ** or of fitness for a particular purpose. The
entire risk arising out of the use or performance
21972 18:26:42 (0) ** of the scripts and documentation remains with
you. In no event shall Microsoft, its authors,
21973 18:26:42 (0) ** or anyone else involved in the creation,
production, or delivery of the script be liable for
21974 18:26:42 (0) ** any damages whatsoever (including, without
limitation, damages for loss of business profits,
21975 18:26:42 (0) ** business interruption, loss of business
information, or other pecuniary loss) arising out of
21976 18:26:42 (0) ** the use of or inability to use the script or
documentation, even if Microsoft has been advised
21977 18:26:42 (0) ** of the possibility of such damages.
21978 18:26:42 (0) **
21979 18:26:42 (0) **
21980 18:26:42 (0) **
----------------------------------------------------------------------------------------------------------------------------------
21981 18:26:42 (0) **
----------------------------------------------------- WMI REPORT:
BEGIN ----------------------------------------------------------
21982 18:26:42 (0) **
----------------------------------------------------------------------------------------------------------------------------------
21983 18:26:42 (0) **
21984 18:26:42 (0) **
----------------------------------------------------------------------------------------------------------------------------------
21985 18:26:42 (0) ** Windows XP - Service pack 2 - 32-bit (2600) -
User 'USR-B405AA75F52\USR' on computer 'USR-B405AA75F52'.
21986 18:26:42 (0) **
----------------------------------------------------------------------------------------------------------------------------------
21987 18:26:42 (0) ** INFO:
Environment: ..................................................................................................
1 ITEM(S)!
21988 18:26:42 (0) ** INFO: => 1 incorrect shutdown(s) detected on:
21989 18:26:42 (0) ** - Shutdown on 31 August 2007 14:55:45
(GMT+2).
21990 18:26:42 (0) **
21991 18:26:42 (0) ** System
drive: .......................................................................................................
C: (Disk #0 Partition #0).
21992 18:26:42 (0) ** Drive
type: .........................................................................................................
IDE (WDC WD4000AAKS-00TMA0).
21993 18:26:42 (0) ** There are no missing WMI system
files: ..............................................................................
OK.
21994 18:26:42 (0) ** There are no missing WMI repository
files: ..........................................................................
OK.
21995 18:26:42 (0) ** WMI repository
state: ...............................................................................................
NOT TESTED.
21996 18:26:42 (0) ** BEFORE running WMIDiag:
21997 18:26:42 (0) ** The WMI repository has a size
of: ...................................................................................
27 MB.
21998 18:26:42 (0) ** - Disk free space on
'C:': ..........................................................................................
33973 MB.
21999 18:26:42 (0) ** - INDEX.BTR, 2269184
bytes, 9/4/2007 6:20:47 PM
22000 18:26:42 (0) ** - INDEX.MAP, 1360
bytes, 9/4/2007 6:20:47 PM
22001 18:26:42 (0) ** - MAPPING.VER, 4
bytes, 9/4/2007 6:20:47 PM
22002 18:26:42 (0) ** - MAPPING1.MAP, 16172
bytes, 9/4/2007 6:20:47 PM
22003 18:26:42 (0) ** - MAPPING2.MAP, 16172
bytes, 9/4/2007 6:20:40 PM
22004 18:26:42 (0) ** - OBJECTS.DATA, 25845760
bytes, 9/4/2007 6:20:47 PM
22005 18:26:42 (0) ** - OBJECTS.MAP, 14832
bytes, 9/4/2007 6:20:47 PM
22006 18:26:42 (0) ** AFTER running WMIDiag:
22007 18:26:42 (0) ** The WMI repository has a size
of: ...................................................................................
27 MB.
22008 18:26:42 (0) ** - Disk free space on
'C:': ..........................................................................................
34017 MB.
22009 18:26:42 (0) ** - INDEX.BTR, 2269184
bytes, 9/4/2007 6:20:47 PM
22010 18:26:42 (0) ** - INDEX.MAP, 1360
bytes, 9/4/2007 6:20:47 PM
22011 18:26:42 (0) ** - MAPPING.VER, 4
bytes, 9/4/2007 6:20:47 PM
22012 18:26:42 (0) ** - MAPPING1.MAP, 16172
bytes, 9/4/2007 6:20:47 PM
22013 18:26:42 (0) ** - MAPPING2.MAP, 16172
bytes, 9/4/2007 6:20:40 PM
22014 18:26:42 (0) ** - OBJECTS.DATA, 25845760
bytes, 9/4/2007 6:20:47 PM
22015 18:26:42 (0) ** - OBJECTS.MAP, 14832
bytes, 9/4/2007 6:20:47 PM
22016 18:26:42 (0) **
----------------------------------------------------------------------------------------------------------------------------------
22017 18:26:42 (0) ** INFO: Windows Firewall
status: ......................................................................................
ENABLED.
22018 18:26:42 (0) ** Windows Firewall
Profile: ...........................................................................................
STANDARD.
22019 18:26:42 (0) ** Windows Firewall 'RemoteAdmin'
status: ..............................................................................
DISABLED.
22020 18:26:42 (0) ** => This will prevent any WMI remote connectivity
to this machine.
22021 18:26:42 (0) ** - You can adjust the configuration by
executing the following command:
22022 18:26:42 (0) ** i.e. 'NETSH.EXE FIREWALL SET SERVICE
REMOTEADMIN ENABLE SUBNET'
22023 18:26:42 (0) **
22024 18:26:42 (0) ** Windows Firewall application exception for
'UNSECAPP.EXE': ..........................................................
MISSING.
22025 18:26:42 (0) ** => This will prevent any script and MMC
application asynchronous callbacks to this machine.
22026 18:26:42 (0) ** - You can adjust the configuration by
executing the following command:
22027 18:26:42 (0) ** i.e. 'NETSH.EXE FIREWALL SET ALLOWEDPROGRAM C:
\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE WMICALLBACKS ENABLE'
22028 18:26:42 (0) **
22029 18:26:42 (0) **
----------------------------------------------------------------------------------------------------------------------------------
22030 18:26:42 (0) ** DCOM
Status: ........................................................................................................
OK.
22031 18:26:42 (0) ** WMI registry
setup: .................................................................................................
OK.
22032 18:26:42 (0) ** INFO: WMI service has
dependents: ...................................................................................
3 SERVICE(S)!
22033 18:26:42 (0) ** - Security Center (WSCSVC,
StartMode='Automatic')
22034 18:26:42 (0) ** - Windows Firewall/Internet Connection Sharing
(ICS) (SHAREDACCESS, StartMode='Automatic')
22035 18:26:42 (0) ** - IPv6 Helper Service (6TO4,
StartMode='Automatic')
22036 18:26:42 (0) ** => If the WMI service is stopped, the listed
service(s) will have to be stopped as well.
22037 18:26:42 (0) ** Note: If the service is marked with (*), it
means that the service/application uses WMI but
22038 18:26:42 (0) ** there is no hard dependency on WMI.
However, if the WMI service is stopped,
22039 18:26:42 (0) ** this can prevent the service/
application to work as expected.
22040 18:26:42 (0) **
22041 18:26:42 (0) ** RPCSS
service: ......................................................................................................
OK (Already started).
22042 18:26:42 (0) ** WINMGMT
service: ....................................................................................................
OK (Already started).
22043 18:26:42 (0) **
----------------------------------------------------------------------------------------------------------------------------------
22044 18:26:42 (0) ** WMI service DCOM
setup: .............................................................................................
OK.
22045 18:26:42 (0) ** WMI components DCOM
registrations: ..................................................................................
OK.
22046 18:26:42 (0) ** WMI ProgID
registrations: ...........................................................................................
OK.
22047 18:26:42 (2) !! WARNING: WMI provider DCOM registrations missing
for the following provider(s): ..................................... 1
WARNING(S)!
22048 18:26:42 (0) ** - ROOT/CIMV2, NcsWmiEventProv
({E4E01430-7348-467D-B2B8-170D716EF5C4})
22049 18:26:42 (0) ** Provider DLL: 'WMI information not available
(This could be the case for an external application or a third party
WMI provider)'
22050 18:26:42 (0) ** => This is an issue because there are still some
WMI classes referencing this list of providers
22051 18:26:42 (0) ** while the DCOM registration is wrong or
missing. This can be due to:
22052 18:26:42 (0) ** - a de-installation of the software.
22053 18:26:42 (0) ** - a deletion of some registry key data.
22054 18:26:42 (0) ** - a registry corruption.
22055 18:26:42 (0) ** => You can correct the DCOM configuration by:
22056 18:26:42 (0) ** - Executing the 'REGSVR32.EXE <Provider.DLL>'
command.
22057 18:26:42 (0) ** Note: You can build a list of classes in
relation with their WMI provider and MOF file with WMIDiag.
22058 18:26:42 (0) ** (This list can be built on a similar
and working WMI Windows installation)
22059 18:26:42 (0) ** The following command line must be
used:
22060 18:26:42 (0) ** i.e. 'WMIDiag
CorrelateClassAndProvider'
22061 18:26:42 (2) !! WARNING: Re-registering with REGSVR32.EXE all
DLL from 'C:\WINDOWS\SYSTEM32\WBEM\'
22062 18:26:42 (0) ** may not solve the problem as the DLL
supporting the WMI class(es)
22063 18:26:42 (0) ** can be located in a different folder.
22064 18:26:42 (0) ** You must refer to the class name to
determine the software delivering the related DLL.
22065 18:26:42 (0) ** => If the software has been de-installed
intentionally, then this information must be
22066 18:26:42 (0) ** removed from the WMI repository. You can use
the 'WMIC.EXE' command to remove
22067 18:26:42 (0) ** the provider registration data.
22068 18:26:42 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT\CIMV2 path
__Win32Provider Where Name='NcsWmiEventProv' DELETE'
22069 18:26:42 (0) ** => If the namespace was ENTIRELY dedicated to
the intentionally de-installed software,
22070 18:26:42 (0) ** the namespace and ALL its content can be
ENTIRELY deleted.
22071 18:26:42 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT path
__NAMESPACE Where Name='CIMV2' DELETE'
22072 18:26:42 (0) ** - Re-installing the software.
22073 18:26:42 (0) **
22074 18:26:42 (0) ** WMI provider CIM
registrations: .....................................................................................
OK.
22075 18:26:42 (0) ** WMI provider
CLSIDs: ................................................................................................
OK.
22076 18:26:42 (0) ** WMI providers EXE/DLL
availability: .................................................................................
OK.
22077 18:26:42 (0) **
----------------------------------------------------------------------------------------------------------------------------------
22078 18:26:42 (0) ** WMI namespace security for 'ROOT/
SERVICEMODEL': .....................................................................
MODIFIED.
22079 18:26:42 (1) !! ERROR: Actual trustee 'NT AUTHORITY\NETWORK
SERVICE' DOES NOT match corresponding expected trustee rights (Actual-
>Default)
22080 18:26:42 (0) ** - ACTUAL ACE:
22081 18:26:42 (0) ** ACEType: &h0
22082 18:26:42 (0) ** ACCESS_ALLOWED_ACE_TYPE
22083 18:26:42 (0) ** ACEFlags: &h2
22084 18:26:42 (0) ** CONTAINER_INHERIT_ACE
22085 18:26:42 (0) ** ACEMask: &h1
22086 18:26:42 (0) ** WBEM_ENABLE
22087 18:26:42 (0) ** - EXPECTED ACE:
22088 18:26:42 (0) ** ACEType: &h0
22089 18:26:42 (0) ** ACCESS_ALLOWED_ACE_TYPE
22090 18:26:42 (0) ** ACEFlags: &h12
22091 18:26:42 (0) ** CONTAINER_INHERIT_ACE
22092 18:26:42 (0) ** INHERITED_ACE
22093 18:26:42 (0) ** ACEMask: &h13
22094 18:26:42 (0) ** WBEM_ENABLE
22095 18:26:42 (0) ** WBEM_METHOD_EXECUTE
22096 18:26:42 (0) ** WBEM_WRITE_PROVIDER
22097 18:26:42 (0) **
22098 18:26:42 (0) ** => The actual ACE has the right(s) '&h12
WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
22099 18:26:42 (0) ** This will cause some operations to fail!
22100 18:26:42 (0) ** It is possible to fix this issue by editing
the security descriptor and adding the removed right.
22101 18:26:42 (0) ** For WMI namespaces, this can be done with
'WMIMGMT.MSC'.
22102 18:26:42 (0) ** Note: WMIDiag has no specific knowledge of this
WMI namespace.
22103 18:26:42 (0) ** The security diagnostic is based on the
WMI namespace expected defaults.
22104 18:26:42 (0) ** A specific WMI application can always
require a security setup different
22105 18:26:42 (0) ** than the WMI security defaults.
22106 18:26:42 (0) **
22107 18:26:42 (0) ** WMI namespace security for 'ROOT/
SERVICEMODEL': .....................................................................
MODIFIED.
22108 18:26:42 (1) !! ERROR: Actual trustee 'NT AUTHORITY\LOCAL
SERVICE' DOES NOT match corresponding expected trustee rights (Actual-
>Default)
22109 18:26:42 (0) ** - ACTUAL ACE:
22110 18:26:42 (0) ** ACEType: &h0
22111 18:26:42 (0) ** ACCESS_ALLOWED_ACE_TYPE
22112 18:26:42 (0) ** ACEFlags: &h2
22113 18:26:42 (0) ** CONTAINER_INHERIT_ACE
22114 18:26:42 (0) ** ACEMask: &h1
22115 18:26:42 (0) ** WBEM_ENABLE
22116 18:26:42 (0) ** - EXPECTED ACE:
22117 18:26:42 (0) ** ACEType: &h0
22118 18:26:42 (0) ** ACCESS_ALLOWED_ACE_TYPE
22119 18:26:42 (0) ** ACEFlags: &h12
22120 18:26:42 (0) ** CONTAINER_INHERIT_ACE
22121 18:26:42 (0) ** INHERITED_ACE
22122 18:26:42 (0) ** ACEMask: &h13
22123 18:26:42 (0) ** WBEM_ENABLE
22124 18:26:42 (0) ** WBEM_METHOD_EXECUTE
22125 18:26:42 (0) ** WBEM_WRITE_PROVIDER
22126 18:26:42 (0) **
22127 18:26:42 (0) ** => The actual ACE has the right(s) '&h12
WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
22128 18:26:42 (0) ** This will cause some operations to fail!
22129 18:26:42 (0) ** It is possible to fix this issue by editing
the security descriptor and adding the removed right.
22130 18:26:42 (0) ** For WMI namespaces, this can be done with
'WMIMGMT.MSC'.
22131 18:26:42 (0) ** Note: WMIDiag has no specific knowledge of this
WMI namespace.
22132 18:26:42 (0) ** The security diagnostic is based on the
WMI namespace expected defaults.
22133 18:26:42 (0) ** A specific WMI application can always
require a security setup different
22134 18:26:42 (0) ** than the WMI security defaults.
22135 18:26:42 (0) **
22136 18:26:42 (0) ** WMI namespace security for 'ROOT/
SERVICEMODEL': .....................................................................
MODIFIED.
22137 18:26:42 (1) !! ERROR: Default trustee 'EVERYONE' has been
REMOVED!
22138 18:26:42 (0) ** - REMOVED ACE:
22139 18:26:42 (0) ** ACEType: &h0
22140 18:26:42 (0) ** ACCESS_ALLOWED_ACE_TYPE
22141 18:26:42 (0) ** ACEFlags: &h12
22142 18:26:42 (0) ** CONTAINER_INHERIT_ACE
22143 18:26:42 (0) ** INHERITED_ACE
22144 18:26:42 (0) ** ACEMask: &h13
22145 18:26:42 (0) ** WBEM_ENABLE
22146 18:26:42 (0) ** WBEM_METHOD_EXECUTE
22147 18:26:42 (0) ** WBEM_WRITE_PROVIDER
22148 18:26:42 (0) **
22149 18:26:42 (0) ** => The REMOVED ACE was part of the DEFAULT setup
for the trustee.
22150 18:26:42 (0) ** Removing default security will cause some
operations to fail!
22151 18:26:42 (0) ** It is possible to fix this issue by editing
the security descriptor and adding the ACE.
22152 18:26:42 (0) ** For WMI namespaces, this can be done with
'WMIMGMT.MSC'.
22153 18:26:42 (0) ** Note: WMIDiag has no specific knowledge of this
WMI namespace.
22154 18:26:42 (0) ** The security diagnostic is based on the
WMI namespace expected defaults.
22155 18:26:42 (0) ** A specific WMI application can always
require a security setup different
22156 18:26:42 (0) ** than the WMI security defaults.
22157 18:26:42 (0) **
22158 18:26:42 (0) **
22159 18:26:42 (0) ** DCOM security warning(s)
detected: ..................................................................................
0.
22160 18:26:42 (0) ** DCOM security error(s)
detected: ....................................................................................
0.
22161 18:26:42 (0) ** WMI security warning(s)
detected: ...................................................................................
0.
22162 18:26:42 (0) ** WMI security error(s)
detected: .....................................................................................
3.
22163 18:26:42 (0) **
22164 18:26:42 (0) ** Overall DCOM security
status: .......................................................................................
OK.
22165 18:26:42 (1) !! ERROR: Overall WMI security
status: .................................................................................
ERROR!
22166 18:26:42 (0) ** - Started at 'Root'
--------------------------------------------------------------------------------------------------------------
22167 18:26:42 (0) ** INFO: WMI permanent
SUBSCRIPTION(S): ................................................................................
2.
22168 18:26:42 (0) ** - ROOT/SUBSCRIPTION,
MSFT_UCScenarioControl.Name="Microsoft WMI Updating Consumer Scenario
Control".
22169 18:26:42 (0) ** 'SELECT * FROM __InstanceOperationEvent WHERE
TargetInstance ISA 'MSFT_UCScenario''
22170 18:26:42 (0) ** - ROOT/SUBSCRIPTION,
NTEventLogEventConsumer.Name="SCM Event Log Consumer".
22171 18:26:42 (0) ** 'select * from MSFT_SCMEventLogEvent'
22172 18:26:42 (0) **
22173 18:26:42 (0) ** WMI TIMER
instruction(s): ...........................................................................................
NONE.
22174 18:26:42 (0) ** WMI ADAP
status: ....................................................................................................
OK.
22175 18:26:42 (0) ** INFO: WMI namespace(s) requiring PACKET
PRIVACY: ....................................................................
1 NAMESPACE(S)!
22176 18:26:42 (0) ** - ROOT/SERVICEMODEL.
22177 18:26:42 (0) ** => When remotely connecting, the namespace(s)
listed require(s) the WMI client to
22178 18:26:42 (0) ** use an encrypted connection by specifying the
PACKET PRIVACY authentication level.
22179 18:26:42 (0) ** (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy
flags)
22180 18:26:42 (0) ** i.e. 'WMIC.EXE /NODE:"USR-B405AA75F52" /
AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class
__SystemSecurity'
22181 18:26:42 (0) **
22182 18:26:42 (0) ** WMI MONIKER
CONNECTIONS: ............................................................................................
OK.
22183 18:26:42 (0) ** WMI
CONNECTIONS: ....................................................................................................
OK.
22184 18:26:42 (0) ** WMI GET
operations: .................................................................................................
OK.
22185 18:26:42 (0) ** WMI MOF
representations: ............................................................................................
OK.
22186 18:26:42 (0) ** WMI QUALIFIER access
operations: ....................................................................................
OK.
22187 18:26:42 (0) ** WMI ENUMERATION
operations: .........................................................................................
OK.
22188 18:26:42 (0) ** WMI EXECQUERY
operations: ...........................................................................................
OK.
22189 18:26:42 (0) ** WMI GET VALUE
operations: ...........................................................................................
OK.
22190 18:26:42 (0) ** WMI WRITE
operations: ...............................................................................................
NOT TESTED.
22191 18:26:42 (0) ** WMI PUT
operations: .................................................................................................
NOT TESTED.
22192 18:26:42 (0) ** WMI DELETE
operations: ..............................................................................................
NOT TESTED.
22193 18:26:42 (0) ** WMI static instances
retrieved: .....................................................................................
746.
22194 18:26:42 (0) ** WMI dynamic instances
retrieved: ....................................................................................
0.
22195 18:26:42 (0) ** WMI instance request cancellations (to limit
performance
impact): ................................................... 0.
22196 18:26:42 (0) **
----------------------------------------------------------------------------------------------------------------------------------
22197 18:26:42 (0) ** # of Event Log events BEFORE WMIDiag execution
since the last 20 day(s):
22198 18:26:42 (0) **
DCOM: .............................................................................................................
10.
22199 18:26:42 (0) **
WINMGMT: ..........................................................................................................
213.
22200 18:26:42 (0) **
WMIADAPTER: .......................................................................................................
0.
22201 18:26:42 (0) ** => Verify the WMIDiag LOG at line #20130 for
more details.
22202 18:26:42 (0) **
22203 18:26:42 (0) ** # of additional Event Log events AFTER WMIDiag
execution:
22204 18:26:42 (0) **
DCOM: .............................................................................................................
0.
22205 18:26:42 (0) **
WINMGMT: ..........................................................................................................
0.
22206 18:26:42 (0) **
WMIADAPTER: .......................................................................................................
0.
22207 18:26:42 (0) **
----------------------------------------------------------------------------------------------------------------------------------
22208 18:26:42 (0) ** WMI Registry key
setup: .............................................................................................
OK.
22209 18:26:42 (0) **
----------------------------------------------------------------------------------------------------------------------------------
22210 18:26:42 (0) **
----------------------------------------------------------------------------------------------------------------------------------
22211 18:26:42 (0) **
----------------------------------------------------------------------------------------------------------------------------------
22212 18:26:42 (0) **
----------------------------------------------------------------------------------------------------------------------------------
22213 18:26:42 (0) **
22214 18:26:42 (0) **
----------------------------------------------------------------------------------------------------------------------------------
22215 18:26:42 (0) **
------------------------------------------------------ WMI REPORT: END
-----------------------------------------------------------
22216 18:26:42 (0) **
----------------------------------------------------------------------------------------------------------------------------------
22217 18:26:42 (0) **
22218 18:26:42 (0) ** WARNING: WMIDiag determined that WMI works
CORRECTLY. HOWEVER, some issues were detected. Check 'C:\DOCUMENTS
AND SETTINGS\USR\LOCAL SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.SP2.32_USR-
B405AA75F52_2007.09.04_18.21.54.LOG' for details.
22219 18:26:42 (0) **
22220 18:26:42 (0) ** WMIDiag v2.0 ended on Tuesday, September 04,
2007 at 18:26 (W:111 E:5 S:2).
gianni
2007 at 18:33.
22022 18:38:48 (0) **
22023 18:38:48 (0) ** Copyright (c) Microsoft Corporation. All rights
reserved - January 2007.
22024 18:38:48 (0) **
22025 18:38:48 (0) ** This script is not supported under any Microsoft
standard support program or service.
any kind. Microsoft further disclaims all
limitation, any implied warranties of merchantability
entire risk arising out of the use or performance
you. In no event shall Microsoft, its authors,
production, or delivery of the script be liable for
limitation, damages for loss of business profits,
information, or other pecuniary loss) arising out of
documentation, even if Microsoft has been advised
22035 18:38:48 (0) **
22036 18:38:48 (0) **
22037 18:38:48 (0) **
----------------------------------------------------------------------------------------------------------------------------------
22038 18:38:48 (0) **
----------------------------------------------------- WMI REPORT:
BEGIN ----------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------
22040 18:38:48 (0) **
22041 18:38:48 (0) **
----------------------------------------------------------------------------------------------------------------------------------
22042 18:38:48 (0) ** Windows XP - Service pack 2 - 32-bit (2600) -
User 'USR-B405AA75F52\USR' on computer 'USR-B405AA75F52'.
----------------------------------------------------------------------------------------------------------------------------------
22044 18:38:48 (0) ** INFO:
Environment: ..................................................................................................
1 ITEM(S)!
22045 18:38:48 (0) ** INFO: => 1 incorrect shutdown(s) detected on:
22046 18:38:48 (0) ** - Shutdown on 31 August 2007 14:55:45
(GMT+2).
22047 18:38:48 (0) **
22048 18:38:48 (0) ** System
drive: .......................................................................................................
C: (Disk #0 Partition #0).
type: .........................................................................................................
IDE (WDC WD4000AAKS-00TMA0).
files: ..............................................................................
OK.
22051 18:38:48 (0) ** There are no missing WMI repository
files: ..........................................................................
OK.
22052 18:38:48 (0) ** WMI repository
state: ...............................................................................................
NOT TESTED.
22053 18:38:48 (0) ** BEFORE running WMIDiag:
22054 18:38:48 (0) ** The WMI repository has a size
of: ...................................................................................
27 MB.
22055 18:38:48 (0) ** - Disk free space on
'C:': ..........................................................................................
34055 MB.
22056 18:38:48 (0) ** - INDEX.BTR, 2269184
bytes, 9/4/2007 6:32:42 PM
22057 18:38:48 (0) ** - INDEX.MAP, 1360
bytes, 9/4/2007 6:32:42 PM
22058 18:38:48 (0) ** - MAPPING.VER, 4
bytes, 9/4/2007 6:32:42 PM
22059 18:38:48 (0) ** - MAPPING1.MAP, 16172
bytes, 9/4/2007 6:32:42 PM
22060 18:38:48 (0) ** - MAPPING2.MAP, 16172
bytes, 9/4/2007 6:32:34 PM
22061 18:38:48 (0) ** - OBJECTS.DATA, 25845760
bytes, 9/4/2007 6:32:42 PM
22062 18:38:48 (0) ** - OBJECTS.MAP, 14832
bytes, 9/4/2007 6:32:42 PM
22063 18:38:48 (0) ** AFTER running WMIDiag:
22064 18:38:48 (0) ** The WMI repository has a size
of: ...................................................................................
27 MB.
22065 18:38:48 (0) ** - Disk free space on
'C:': ..........................................................................................
34053 MB.
22066 18:38:48 (0) ** - INDEX.BTR, 2269184
bytes, 9/4/2007 6:32:42 PM
22067 18:38:48 (0) ** - INDEX.MAP, 1360
bytes, 9/4/2007 6:32:42 PM
22068 18:38:48 (0) ** - MAPPING.VER, 4
bytes, 9/4/2007 6:32:42 PM
22069 18:38:48 (0) ** - MAPPING1.MAP, 16172
bytes, 9/4/2007 6:32:42 PM
22070 18:38:48 (0) ** - MAPPING2.MAP, 16172
bytes, 9/4/2007 6:32:34 PM
22071 18:38:48 (0) ** - OBJECTS.DATA, 25845760
bytes, 9/4/2007 6:32:42 PM
22072 18:38:48 (0) ** - OBJECTS.MAP, 14832
bytes, 9/4/2007 6:32:42 PM
22073 18:38:48 (0) **
----------------------------------------------------------------------------------------------------------------------------------
22074 18:38:48 (0) ** INFO: Windows Firewall
status: ......................................................................................
ENABLED.
22075 18:38:48 (0) ** Windows Firewall
Profile: ...........................................................................................
STANDARD.
22076 18:38:48 (0) ** Windows Firewall 'RemoteAdmin'
status: ..............................................................................
DISABLED.
22077 18:38:48 (0) ** => This will prevent any WMI remote connectivity
to this machine.
22078 18:38:48 (0) ** - You can adjust the configuration by
executing the following command:
22079 18:38:48 (0) ** i.e. 'NETSH.EXE FIREWALL SET SERVICE
REMOTEADMIN ENABLE SUBNET'
22080 18:38:48 (0) **
22081 18:38:48 (0) ** Windows Firewall application exception for
'UNSECAPP.EXE': ..........................................................
MISSING.
22082 18:38:48 (0) ** => This will prevent any script and MMC
application asynchronous callbacks to this machine.
executing the following command:
22084 18:38:48 (0) ** i.e. 'NETSH.EXE FIREWALL SET ALLOWEDPROGRAM C:
\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE WMICALLBACKS ENABLE'
22086 18:38:48 (0) **
----------------------------------------------------------------------------------------------------------------------------------
22087 18:38:48 (0) ** DCOM
Status: ........................................................................................................
OK.
22088 18:38:48 (0) ** WMI registry
setup: .................................................................................................
OK.
22089 18:38:48 (0) ** INFO: WMI service has
dependents: ...................................................................................
3 SERVICE(S)!
22090 18:38:48 (0) ** - Security Center (WSCSVC,
StartMode='Automatic')
22091 18:38:48 (0) ** - Windows Firewall/Internet Connection Sharing
(ICS) (SHAREDACCESS, StartMode='Automatic')
StartMode='Automatic')
22093 18:38:48 (0) ** => If the WMI service is stopped, the listed
service(s) will have to be stopped as well.
means that the service/application uses WMI but
However, if the WMI service is stopped,
application to work as expected.
22098 18:38:48 (0) ** RPCSS
service: ......................................................................................................
OK (Already started).
service: ....................................................................................................
OK (Already started).
----------------------------------------------------------------------------------------------------------------------------------
22101 18:38:48 (0) ** WMI service DCOM
setup: .............................................................................................
OK.
22102 18:38:48 (0) ** WMI components DCOM
registrations: ..................................................................................
OK.
22103 18:38:48 (0) ** WMI ProgID
registrations: ...........................................................................................
OK.
22104 18:38:48 (2) !! WARNING: WMI provider DCOM registrations missing
for the following provider(s): ..................................... 1
WARNING(S)!
({E4E01430-7348-467D-B2B8-170D716EF5C4})
22106 18:38:48 (0) ** Provider DLL: 'WMI information not available
(This could be the case for an external application or a third party
WMI provider)'
WMI classes referencing this list of providers
missing. This can be due to:
22110 18:38:48 (0) ** - a deletion of some registry key data.
22111 18:38:48 (0) ** - a registry corruption.
22112 18:38:48 (0) ** => You can correct the DCOM configuration by:
22113 18:38:48 (0) ** - Executing the 'REGSVR32.EXE <Provider.DLL>'
command.
22114 18:38:48 (0) ** Note: You can build a list of classes in
relation with their WMI provider and MOF file with WMIDiag.
and working WMI Windows installation)
used:
22117 18:38:48 (0) ** i.e. 'WMIDiag
CorrelateClassAndProvider'
22118 18:38:48 (2) !! WARNING: Re-registering with REGSVR32.EXE all
DLL from 'C:\WINDOWS\SYSTEM32\WBEM\'
supporting the WMI class(es)
22120 18:38:48 (0) ** can be located in a different folder.
22121 18:38:48 (0) ** You must refer to the class name to
determine the software delivering the related DLL.
intentionally, then this information must be
the 'WMIC.EXE' command to remove
22125 18:38:48 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT\CIMV2 path
__Win32Provider Where Name='NcsWmiEventProv' DELETE'
the intentionally de-installed software,
22127 18:38:48 (0) ** the namespace and ALL its content can be
ENTIRELY deleted.
22128 18:38:48 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT path
__NAMESPACE Where Name='CIMV2' DELETE'
22130 18:38:48 (0) **
22131 18:38:48 (0) ** WMI provider CIM
registrations: .....................................................................................
OK.
22132 18:38:48 (0) ** WMI provider
CLSIDs: ................................................................................................
OK.
22133 18:38:48 (0) ** WMI providers EXE/DLL
availability: .................................................................................
OK.
22134 18:38:48 (0) **
----------------------------------------------------------------------------------------------------------------------------------
22135 18:38:48 (0) ** WMI namespace security for 'ROOT/
SERVICEMODEL': .....................................................................
MODIFIED.
22136 18:38:48 (1) !! ERROR: Actual trustee 'NT AUTHORITY\NETWORK
SERVICE' DOES NOT match corresponding expected trustee rights (Actual-
>Default)
22138 18:38:48 (0) ** ACEType: &h0
22139 18:38:48 (0) ** ACCESS_ALLOWED_ACE_TYPE
22140 18:38:48 (0) ** ACEFlags: &h2
22141 18:38:48 (0) ** CONTAINER_INHERIT_ACE
22142 18:38:48 (0) ** ACEMask: &h1
22143 18:38:48 (0) ** WBEM_ENABLE
22144 18:38:48 (0) ** - EXPECTED ACE:
22145 18:38:48 (0) ** ACEType: &h0
22146 18:38:48 (0) ** ACCESS_ALLOWED_ACE_TYPE
22147 18:38:48 (0) ** ACEFlags: &h12
22148 18:38:48 (0) ** CONTAINER_INHERIT_ACE
22149 18:38:48 (0) ** INHERITED_ACE
22150 18:38:48 (0) ** ACEMask: &h13
22151 18:38:48 (0) ** WBEM_ENABLE
22152 18:38:48 (0) ** WBEM_METHOD_EXECUTE
22153 18:38:48 (0) ** WBEM_WRITE_PROVIDER
22154 18:38:48 (0) **
22155 18:38:48 (0) ** => The actual ACE has the right(s) '&h12
WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
22156 18:38:48 (0) ** This will cause some operations to fail!
22157 18:38:48 (0) ** It is possible to fix this issue by editing
the security descriptor and adding the removed right.
'WMIMGMT.MSC'.
22159 18:38:48 (0) ** Note: WMIDiag has no specific knowledge of this
WMI namespace.
22160 18:38:48 (0) ** The security diagnostic is based on the
WMI namespace expected defaults.
22161 18:38:48 (0) ** A specific WMI application can always
require a security setup different
22163 18:38:48 (0) **
22164 18:38:48 (0) ** WMI namespace security for 'ROOT/
SERVICEMODEL': .....................................................................
MODIFIED.
22165 18:38:48 (1) !! ERROR: Actual trustee 'NT AUTHORITY\LOCAL
SERVICE' DOES NOT match corresponding expected trustee rights (Actual-
>Default)
22167 18:38:48 (0) ** ACEType: &h0
22168 18:38:48 (0) ** ACCESS_ALLOWED_ACE_TYPE
22169 18:38:48 (0) ** ACEFlags: &h2
22170 18:38:48 (0) ** CONTAINER_INHERIT_ACE
22171 18:38:48 (0) ** ACEMask: &h1
22172 18:38:48 (0) ** WBEM_ENABLE
22173 18:38:48 (0) ** - EXPECTED ACE:
22174 18:38:48 (0) ** ACEType: &h0
22175 18:38:48 (0) ** ACCESS_ALLOWED_ACE_TYPE
22176 18:38:48 (0) ** ACEFlags: &h12
22177 18:38:48 (0) ** CONTAINER_INHERIT_ACE
22178 18:38:48 (0) ** INHERITED_ACE
22179 18:38:48 (0) ** ACEMask: &h13
22180 18:38:48 (0) ** WBEM_ENABLE
22181 18:38:48 (0) ** WBEM_METHOD_EXECUTE
22182 18:38:48 (0) ** WBEM_WRITE_PROVIDER
22183 18:38:48 (0) **
22184 18:38:48 (0) ** => The actual ACE has the right(s) '&h12
WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
22185 18:38:48 (0) ** This will cause some operations to fail!
22186 18:38:48 (0) ** It is possible to fix this issue by editing
the security descriptor and adding the removed right.
'WMIMGMT.MSC'.
22188 18:38:48 (0) ** Note: WMIDiag has no specific knowledge of this
WMI namespace.
22189 18:38:48 (0) ** The security diagnostic is based on the
WMI namespace expected defaults.
22190 18:38:48 (0) ** A specific WMI application can always
require a security setup different
22192 18:38:48 (0) **
22193 18:38:48 (0) ** WMI namespace security for 'ROOT/
SERVICEMODEL': .....................................................................
MODIFIED.
22194 18:38:48 (1) !! ERROR: Default trustee 'EVERYONE' has been
REMOVED!
22195 18:38:48 (0) ** - REMOVED ACE:
22196 18:38:48 (0) ** ACEType: &h0
22197 18:38:48 (0) ** ACCESS_ALLOWED_ACE_TYPE
22198 18:38:48 (0) ** ACEFlags: &h12
22199 18:38:48 (0) ** CONTAINER_INHERIT_ACE
22200 18:38:48 (0) ** INHERITED_ACE
22201 18:38:48 (0) ** ACEMask: &h13
22202 18:38:48 (0) ** WBEM_ENABLE
22203 18:38:48 (0) ** WBEM_METHOD_EXECUTE
22204 18:38:48 (0) ** WBEM_WRITE_PROVIDER
22205 18:38:48 (0) **
22206 18:38:48 (0) ** => The REMOVED ACE was part of the DEFAULT setup
for the trustee.
22207 18:38:48 (0) ** Removing default security will cause some
operations to fail!
22208 18:38:48 (0) ** It is possible to fix this issue by editing
the security descriptor and adding the ACE.
'WMIMGMT.MSC'.
22210 18:38:48 (0) ** Note: WMIDiag has no specific knowledge of this
WMI namespace.
22211 18:38:48 (0) ** The security diagnostic is based on the
WMI namespace expected defaults.
22212 18:38:48 (0) ** A specific WMI application can always
require a security setup different
22214 18:38:48 (0) **
22215 18:38:48 (0) **
22216 18:38:48 (0) ** DCOM security warning(s)
detected: ..................................................................................
0.
22217 18:38:48 (0) ** DCOM security error(s)
detected: ....................................................................................
0.
22218 18:38:48 (0) ** WMI security warning(s)
detected: ...................................................................................
0.
22219 18:38:48 (0) ** WMI security error(s)
detected: .....................................................................................
3.
22220 18:38:48 (0) **
22221 18:38:48 (0) ** Overall DCOM security
status: .......................................................................................
OK.
22222 18:38:48 (1) !! ERROR: Overall WMI security
status: .................................................................................
ERROR!
22223 18:38:48 (0) ** - Started at 'Root'
--------------------------------------------------------------------------------------------------------------
22224 18:38:48 (0) ** INFO: WMI permanent
SUBSCRIPTION(S): ................................................................................
2.
22225 18:38:48 (0) ** - ROOT/SUBSCRIPTION,
MSFT_UCScenarioControl.Name="Microsoft WMI Updating Consumer Scenario
Control".
TargetInstance ISA 'MSFT_UCScenario''
22227 18:38:48 (0) ** - ROOT/SUBSCRIPTION,
NTEventLogEventConsumer.Name="SCM Event Log Consumer".
22229 18:38:48 (0) **
22230 18:38:48 (0) ** WMI TIMER
instruction(s): ...........................................................................................
NONE.
22231 18:38:48 (0) ** WMI ADAP
status: ....................................................................................................
OK.
22232 18:38:48 (0) ** INFO: WMI namespace(s) requiring PACKET
PRIVACY: ....................................................................
1 NAMESPACE(S)!
22233 18:38:48 (0) ** - ROOT/SERVICEMODEL.
22234 18:38:48 (0) ** => When remotely connecting, the namespace(s)
listed require(s) the WMI client to
PACKET PRIVACY authentication level.
22236 18:38:48 (0) ** (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy
flags)
22237 18:38:48 (0) ** i.e. 'WMIC.EXE /NODE:"USR-B405AA75F52" /
AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class
__SystemSecurity'
22239 18:38:48 (0) ** WMI MONIKER
CONNECTIONS: ............................................................................................
OK.
22240 18:38:48 (0) ** WMI
CONNECTIONS: ....................................................................................................
OK.
22241 18:38:48 (0) ** WMI GET
operations: .................................................................................................
OK.
22242 18:38:48 (0) ** WMI MOF
representations: ............................................................................................
OK.
22243 18:38:48 (0) ** WMI QUALIFIER access
operations: ....................................................................................
OK.
22244 18:38:48 (0) ** WMI ENUMERATION
operations: .........................................................................................
OK.
22245 18:38:48 (0) ** WMI EXECQUERY
operations: ...........................................................................................
OK.
22246 18:38:48 (0) ** WMI GET VALUE
operations: ...........................................................................................
OK.
22247 18:38:48 (0) ** WMI WRITE
operations: ...............................................................................................
NOT TESTED.
22248 18:38:48 (0) ** WMI PUT
operations: .................................................................................................
NOT TESTED.
22249 18:38:48 (0) ** WMI DELETE
operations: ..............................................................................................
NOT TESTED.
22250 18:38:48 (0) ** WMI static instances
retrieved: .....................................................................................
746.
22251 18:38:48 (0) ** WMI dynamic instances
retrieved: ....................................................................................
0.
22252 18:38:48 (0) ** WMI instance request cancellations (to limit
performance
impact): ................................................... 0.
22253 18:38:48 (0) **
----------------------------------------------------------------------------------------------------------------------------------
22254 18:38:48 (0) ** # of Event Log events BEFORE WMIDiag execution
since the last 20 day(s):
DCOM: .............................................................................................................
10.
22256 18:38:48 (0) **
WINMGMT: ..........................................................................................................
220.
22257 18:38:48 (0) **
WMIADAPTER: .......................................................................................................
0.
22258 18:38:48 (0) ** => Verify the WMIDiag LOG at line #20159 for
more details.
22259 18:38:48 (0) **
22260 18:38:48 (0) ** # of additional Event Log events AFTER WMIDiag
execution:
22261 18:38:48 (0) **
DCOM: .............................................................................................................
0.
22262 18:38:48 (0) **
WINMGMT: ..........................................................................................................
0.
22263 18:38:48 (0) **
WMIADAPTER: .......................................................................................................
0.
22264 18:38:48 (0) **
----------------------------------------------------------------------------------------------------------------------------------
22265 18:38:48 (0) ** WMI Registry key
setup: .............................................................................................
OK.
22266 18:38:48 (0) **
----------------------------------------------------------------------------------------------------------------------------------
22267 18:38:48 (0) **
----------------------------------------------------------------------------------------------------------------------------------
22268 18:38:48 (0) **
----------------------------------------------------------------------------------------------------------------------------------
22269 18:38:48 (0) **
----------------------------------------------------------------------------------------------------------------------------------
22270 18:38:48 (0) **
22271 18:38:48 (0) **
----------------------------------------------------------------------------------------------------------------------------------
22272 18:38:48 (0) **
------------------------------------------------------ WMI REPORT: END
-----------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------
22274 18:38:48 (0) **
22275 18:38:48 (0) ** WARNING: WMIDiag determined that WMI works
CORRECTLY. HOWEVER, some issues were detected. Check 'C:\DOCUMENTS
AND SETTINGS\USR\LOCAL SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.SP2.32_USR-
22276 18:38:48 (0) **
22277 18:38:48 (0) ** WMIDiag v2.0 ended on Tuesday, September 04,
2007 at 18:38 (W:112 E:5 S:2).
gianni
08/04/2004 02:56 AM 1,352,192 cimwin32.dll
08/04/2004 02:56 AM 45,568 CmdEvTgProv.dll
08/23/2001 04:00 PM 120,320 dsprov.dll
08/04/2004 02:56 AM 247,808 esscli.dll
08/04/2004 02:56 AM 22,016 evntrprv.dll
08/04/2004 02:56 AM 472,064 fastprox.dll
08/04/2004 02:56 AM 185,856 framedyn.dll
08/23/2001 04:00 PM 53,248 fwdprov.dll
08/04/2004 02:56 AM 24,576 krnlprov.dll
08/04/2004 02:56 AM 123,904 mofd.dll
08/23/2001 04:00 PM 273,920 msiprov.dll
08/04/2004 02:56 AM 47,104 ncprov.dll
08/04/2004 02:56 AM 212,992 ntevt.dll
08/04/2004 02:56 AM 92,672 policman.dll
08/04/2004 02:56 AM 237,056 provthrd.dll
08/04/2004 02:56 AM 177,152 repdrvfs.dll
08/23/2001 04:00 PM 40,960 smtpcons.dll
08/04/2004 02:56 AM 86,528 stdprov.dll
08/23/2001 04:00 PM 61,952 tmplprov.dll
08/23/2001 04:00 PM 59,904 trnsprov.dll
08/23/2001 04:00 PM 116,224 updprov.dll
08/04/2004 02:56 AM 131,584 viewprov.dll
08/23/2001 04:00 PM 12,288 wbemads.dll
08/04/2004 02:56 AM 196,608 wbemcntl.dll
08/04/2004 02:56 AM 214,528 wbemcomn.dll
08/04/2004 02:56 AM 71,680 wbemcons.dll
08/04/2004 02:56 AM 530,944 wbemcore.dll
08/04/2004 02:56 AM 178,176 wbemdisp.dll
08/04/2004 02:56 AM 273,920 wbemess.dll
08/04/2004 02:56 AM 43,008 wbemperf.dll
08/04/2004 02:56 AM 18,944 wbemprox.dll
08/04/2004 02:56 AM 43,520 wbemsvc.dll
08/04/2004 02:56 AM 197,120 wbemupgd.dll
08/23/2001 04:00 PM 16,384 winmgmtr.dll
08/04/2004 02:56 AM 6,656 wmiapres.dll
08/04/2004 02:56 AM 89,088 wmiaprpl.dll
08/04/2004 02:56 AM 60,928 wmicookr.dll
08/04/2004 02:56 AM 140,800 wmidcprv.dll
08/23/2001 04:00 PM 61,440 wmimsg.dll
08/04/2004 02:56 AM 156,672 wmipcima.dll
08/04/2004 02:56 AM 132,096 wmipdskq.dll
08/23/2001 04:00 PM 75,264 wmipicmp.dll
08/04/2004 02:56 AM 62,464 wmipiprt.dll
08/04/2004 02:56 AM 62,976 wmipjobj.dll
08/04/2004 02:56 AM 144,896 wmiprov.dll
08/04/2004 02:56 AM 437,248 wmiprvsd.dll
08/04/2004 02:56 AM 41,472 wmipsess.dll
08/04/2004 02:56 AM 144,896 wmisvc.dll
08/23/2001 04:00 PM 52,224 wmitimep.dll
08/04/2004 02:56 AM 95,232 wmiutils.dll
50 File(s) 7,747,072 bytes
0 Dir(s) 35,704,152,064 bytes free
gianni
C:\WINDOWS\system32\wbem>REGSVR32.EXE cimwin32.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE CmdEvTgProv.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE dsprov.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE esscli.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE evntrprv.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE fastprox.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE framedyn.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE fwdprov.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE krnlprov.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE mofd.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE msiprov.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE ncprov.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE ntevt.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE policman.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE provthrd.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE repdrvfs.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE smtpcons.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE stdprov.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE tmplprov.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE trnsprov.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE updprov.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE viewprov.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wbemads.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wbemcntl.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wbemcomn.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wbemcons.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wbemcore.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wbemdisp.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wbemess.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wbemperf.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wbemprox.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wbemsvc.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wbemupgd.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE winmgmtr.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wmiapres.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wmiaprpl.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wmicookr.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wmidcprv.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wmimsg.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wmipcima.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wmipdskq.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wmipicmp.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wmipiprt.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wmipjobj.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wmiprov.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wmiprvsd.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wmipsess.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wmisvc.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wmitimep.dll
C:\WINDOWS\system32\wbem>REGSVR32.EXE wmiutils.dll
Setting environment for using Microsoft Visual Studio 2005 x86 tools.
C:\Program Files\Microsoft Visual Studio 8\VC>NETSH.EXE FIREWALL SET
SERVICE REM
OTEADMIN ENABLE SUBNET
Ok.
C:\Program Files\Microsoft Visual Studio 8\VC>NETSH.EXE FIREWALL SET
ALLOWEDPROG
RAM C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE WMICALLBACKS ENABLE
Ok.
C:\Program Files\Microsoft Visual Studio 8\VC>WMIC.EXE /NAMESPACE:\
\ROOT\CIMV2 p
ath __Win32Provider Where Name='NcsWmiEventProv' DELETE
Deleting instance \\USR-B405AA75F52\ROOT
\cimv2:__Win32Provider.Name="NcsWmiEvent
Prov"
Instance deletion successful.
C:\Program Files\Microsoft Visual Studio 8\VC>WMIC.EXE /NAMESPACE:\
\ROOT path __
NAMESPACE Where Name='IntelNCS' DELETE
Deleting instance \\USR-B405AA75F52\ROOT:__NAMESPACE.Name="IntelNCS"
Instance deletion successful.
C:\Program Files\Microsoft Visual Studio 8\VC>WMIC.EXE /NAMESPACE:\
\ROOT path __
NAMESPACE Where Name='IntelNCS2' DELETE
Deleting instance \\USR-B405AA75F52\ROOT:__NAMESPACE.Name="IntelNCS2"
Instance deletion successful.
C:\Program Files\Microsoft Visual Studio 8\VC>WMIMGMT.MSC
C:\Program Files\Microsoft Visual Studio 8\VC>WMIMGMT.MSC
C:\Program Files\Microsoft Visual Studio 8\VC>WMIC.EXE /NODE:"USR-
B405AA75F52" /
AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class
__SystemSecurity
<DIV CLASS="mofclass">
<SPAN CLASS="mofqualifierset"> <br /></SPAN>
<SPAN CLASS="mofkeyword">class</SPAN>
__SystemSecurity
<BR />
<SPAN CLASS="mofsymbol">{</SPAN><BR />
<DIV CLASS="mofmethod">
<SPAN CLASS="mofqualifierset"> </SPAN>
<SPAN CLASS="mofkeyword">uint32</SPAN>
<SPAN CLASS="mofmethod">GetSD</SPAN>
<SPAN CLASS="mofsymbol">(</SPAN>
<SPAN CLASS="mofsymbol">);</SPAN>
</DIV>
<DIV CLASS="mofmethod">
<SPAN CLASS="mofqualifierset"> </SPAN>
<SPAN CLASS="mofkeyword">uint32</SPAN>
<SPAN CLASS="mofmethod">Get9XUserList</SPAN>
<SPAN CLASS="mofsymbol">(</SPAN>
<SPAN CLASS="mofsymbol">);</SPAN>
</DIV>
<DIV CLASS="mofmethod">
<SPAN CLASS="mofqualifierset"> </SPAN>
<SPAN CLASS="mofkeyword">uint32</SPAN>
<SPAN CLASS="mofmethod">SetSD</SPAN>
<SPAN CLASS="mofsymbol">(</SPAN>
<SPAN CLASS="mofsymbol">);</SPAN>
</DIV>
<DIV CLASS="mofmethod">
<SPAN CLASS="mofqualifierset"> </SPAN>
<SPAN CLASS="mofkeyword">uint32</SPAN>
<SPAN CLASS="mofmethod">Set9XUserList</SPAN>
<SPAN CLASS="mofsymbol">(</SPAN>
<SPAN CLASS="mofsymbol">);</SPAN>
</DIV>
<DIV CLASS="mofmethod">
<SPAN CLASS="mofqualifierset"> </SPAN>
<SPAN CLASS="mofkeyword">uint32</SPAN>
<SPAN CLASS="mofmethod">GetCallerAccessRights</SPAN>
<SPAN CLASS="mofsymbol">(</SPAN>
<SPAN CLASS="mofsymbol">);</SPAN>
</DIV>
<SPAN CLASS="mofsymbol">};</SPAN>
</DIV>
gianni
2007 at 19:21.
21041 19:26:58 (0) **
reserved - January 2007.
21043 19:26:58 (0) **
standard support program or service.
any kind. Microsoft further disclaims all
limitation, any implied warranties of merchantability
entire risk arising out of the use or performance
you. In no event shall Microsoft, its authors,
production, or delivery of the script be liable for
limitation, damages for loss of business profits,
information, or other pecuniary loss) arising out of
documentation, even if Microsoft has been advised
21054 19:26:58 (0) **
----------------------------------------------------------------------------------------------------------------------------------
21057 19:26:58 (0) **
----------------------------------------------------- WMI REPORT:
BEGIN ----------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------
21059 19:26:58 (0) **
21060 19:26:58 (0) **
----------------------------------------------------------------------------------------------------------------------------------
21061 19:26:58 (0) ** Windows XP - Service pack 2 - 32-bit (2600) -
User 'USR-B405AA75F52\USR' on computer 'USR-B405AA75F52'.
21063 19:26:58 (0) ** INFO:
Environment: ..................................................................................................
1 ITEM(S)!
21064 19:26:58 (0) ** INFO: => 1 incorrect shutdown(s) detected on:
21065 19:26:58 (0) ** - Shutdown on 31 August 2007 14:55:45
(GMT+2).
21066 19:26:58 (0) **
21067 19:26:58 (0) ** System
drive: .......................................................................................................
C: (Disk #0 Partition #0).
type: .........................................................................................................
IDE (WDC WD4000AAKS-00TMA0).
files: ..............................................................................
OK.
21070 19:26:58 (0) ** There are no missing WMI repository
files: ..........................................................................
OK.
21071 19:26:58 (0) ** WMI repository
state: ...............................................................................................
NOT TESTED.
21072 19:26:58 (0) ** BEFORE running WMIDiag:
21073 19:26:58 (0) ** The WMI repository has a size
of: ...................................................................................
35 MB.
21074 19:26:58 (0) ** - Disk free space on
'C:': ..........................................................................................
34030 MB.
21075 19:26:58 (0) ** - INDEX.BTR, 2269184
bytes, 9/4/2007 7:15:08 PM
21076 19:26:58 (0) ** - INDEX.MAP, 1360
bytes, 9/4/2007 7:15:08 PM
21077 19:26:58 (0) ** - MAPPING.VER, 4
bytes, 9/4/2007 7:15:08 PM
21078 19:26:58 (0) ** - MAPPING1.MAP, 20220
bytes, 9/4/2007 7:15:08 PM
21079 19:26:58 (0) ** - MAPPING2.MAP, 20220
bytes, 9/4/2007 7:14:08 PM
21080 19:26:58 (0) ** - OBJECTS.DATA, 34201600
bytes, 9/4/2007 7:15:08 PM
21081 19:26:58 (0) ** - OBJECTS.MAP, 18884
bytes, 9/4/2007 7:15:08 PM
21082 19:26:58 (0) ** AFTER running WMIDiag:
21083 19:26:58 (0) ** The WMI repository has a size
of: ...................................................................................
35 MB.
21084 19:26:58 (0) ** - Disk free space on
'C:': ..........................................................................................
34027 MB.
21085 19:26:58 (0) ** - INDEX.BTR, 2269184
bytes, 9/4/2007 7:15:08 PM
21086 19:26:58 (0) ** - INDEX.MAP, 1360
bytes, 9/4/2007 7:21:24 PM
21087 19:26:58 (0) ** - MAPPING.VER, 4
bytes, 9/4/2007 7:21:24 PM
21088 19:26:58 (0) ** - MAPPING1.MAP, 20220
bytes, 9/4/2007 7:15:08 PM
21089 19:26:58 (0) ** - MAPPING2.MAP, 20220
bytes, 9/4/2007 7:21:24 PM
21090 19:26:58 (0) ** - OBJECTS.DATA, 34201600
bytes, 9/4/2007 7:21:24 PM
21091 19:26:58 (0) ** - OBJECTS.MAP, 18884
bytes, 9/4/2007 7:21:24 PM
21092 19:26:58 (0) **
21093 19:26:58 (0) ** INFO: Windows Firewall
status: ......................................................................................
ENABLED.
21094 19:26:58 (0) ** Windows Firewall
Profile: ...........................................................................................
STANDARD.
21095 19:26:58 (0) **
21096 19:26:58 (0) ** DCOM
Status: ........................................................................................................
OK.
21097 19:26:58 (0) ** WMI registry
setup: .................................................................................................
OK.
21098 19:26:58 (0) ** INFO: WMI service has
dependents: ...................................................................................
3 SERVICE(S)!
21099 19:26:58 (0) ** - Security Center (WSCSVC,
StartMode='Automatic')
21100 19:26:58 (0) ** - Windows Firewall/Internet Connection Sharing
(ICS) (SHAREDACCESS, StartMode='Automatic')
StartMode='Automatic')
21102 19:26:58 (0) ** => If the WMI service is stopped, the listed
service(s) will have to be stopped as well.
means that the service/application uses WMI but
However, if the WMI service is stopped,
application to work as expected.
service: ......................................................................................................
OK (Already started).
service: ....................................................................................................
OK (Already started).
21110 19:26:58 (0) ** WMI service DCOM
setup: .............................................................................................
OK.
21111 19:26:58 (0) ** WMI components DCOM
registrations: ..................................................................................
OK.
21112 19:26:58 (0) ** WMI ProgID
registrations: ...........................................................................................
OK.
21113 19:26:58 (0) ** WMI provider DCOM
registrations: ....................................................................................
OK.
21114 19:26:58 (0) ** WMI provider CIM
registrations: .....................................................................................
OK.
21115 19:26:58 (0) ** WMI provider
CLSIDs: ................................................................................................
OK.
21116 19:26:58 (0) ** WMI providers EXE/DLL
availability: .................................................................................
OK.
21117 19:26:58 (0) **
----------------------------------------------------------------------------------------------------------------------------------
status: .......................................................................................
OK.
21119 19:26:58 (0) ** Overall WMI security
status: ........................................................................................
OK.
21120 19:26:58 (0) ** - Started at 'Root'
--------------------------------------------------------------------------------------------------------------
21121 19:26:58 (0) ** INFO: WMI permanent
SUBSCRIPTION(S): ................................................................................
2.
21122 19:26:58 (0) ** - ROOT/SUBSCRIPTION,
MSFT_UCScenarioControl.Name="Microsoft WMI Updating Consumer Scenario
Control".
TargetInstance ISA 'MSFT_UCScenario''
21124 19:26:58 (0) ** - ROOT/SUBSCRIPTION,
NTEventLogEventConsumer.Name="SCM Event Log Consumer".
21126 19:26:58 (0) **
21127 19:26:58 (0) ** WMI TIMER
instruction(s): ...........................................................................................
NONE.
21128 19:26:58 (0) ** WMI ADAP
status: ....................................................................................................
OK.
21129 19:26:58 (0) ** INFO: WMI namespace(s) requiring PACKET
PRIVACY: ....................................................................
1 NAMESPACE(S)!
21130 19:26:58 (0) ** - ROOT/SERVICEMODEL.
21131 19:26:58 (0) ** => When remotely connecting, the namespace(s)
listed require(s) the WMI client to
PACKET PRIVACY authentication level.
21133 19:26:58 (0) ** (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy
flags)
21134 19:26:58 (0) ** i.e. 'WMIC.EXE /NODE:"USR-B405AA75F52" /
AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class
21135 19:26:58 (0) **
CONNECTIONS: ............................................................................................
OK.
21137 19:26:58 (0) ** WMI
CONNECTIONS: ....................................................................................................
OK.
21138 19:26:58 (0) ** WMI GET
operations: .................................................................................................
OK.
21139 19:26:58 (0) ** WMI MOF
representations: ............................................................................................
OK.
21140 19:26:58 (0) ** WMI QUALIFIER access
operations: ....................................................................................
OK.
21141 19:26:58 (0) ** WMI ENUMERATION
operations: .........................................................................................
OK.
21142 19:26:58 (0) ** WMI EXECQUERY
operations: ...........................................................................................
OK.
21143 19:26:58 (0) ** WMI GET VALUE
operations: ...........................................................................................
OK.
21144 19:26:58 (0) ** WMI WRITE
operations: ...............................................................................................
NOT TESTED.
21145 19:26:58 (0) ** WMI PUT
operations: .................................................................................................
NOT TESTED.
21146 19:26:58 (0) ** WMI DELETE
operations: ..............................................................................................
NOT TESTED.
21147 19:26:58 (0) ** WMI static instances
retrieved: .....................................................................................
737.
21148 19:26:58 (0) ** WMI dynamic instances
retrieved: ....................................................................................
0.
21149 19:26:58 (0) ** WMI instance request cancellations (to limit
performance
impact): ................................................... 0.
21150 19:26:58 (0) **
----------------------------------------------------------------------------------------------------------------------------------
21151 19:26:58 (0) ** # of Event Log events BEFORE WMIDiag execution
since the last 20 day(s):
10.
21153 19:26:58 (0) **
231.
21154 19:26:58 (0) **
0.
21155 19:26:58 (0) ** => Verify the WMIDiag LOG at line #19224 for
more details.
21156 19:26:58 (0) **
21157 19:26:58 (0) ** # of additional Event Log events AFTER WMIDiag
execution:
21158 19:26:58 (0) **
0.
21159 19:26:58 (0) **
0.
21160 19:26:58 (0) **
WMIADAPTER: .......................................................................................................
0.
21161 19:26:58 (0) **
----------------------------------------------------------------------------------------------------------------------------------
21162 19:26:58 (0) ** WMI Registry key
setup: .............................................................................................
OK.
21163 19:26:58 (0) **
21164 19:26:58 (0) **
21165 19:26:58 (0) **
21166 19:26:58 (0) **
21167 19:26:58 (0) **
21169 19:26:58 (0) **
------------------------------------------------------ WMI REPORT: END
-----------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------
21171 19:26:58 (0) **
21172 19:26:58 (0) ** SUCCESS: WMIDiag determined that WMI works
CORRECTLY.
21173 19:26:58 (0) **
2007 at 19:26 (W:97 E:0 S:0).
gianni
\Securitymodel and added user "Everyone" with usual... gave ASP.NET
and networkservice and localservice full rights...
gianni
we find some clues in the wmdiag2.0 log file (longest of three). This
is a small portion; comments follow.
16076 15:33:48 (0) ** Verifying WMI namespace 'ROOT/DIRECTORY/
LDAP' (L=3).
16077 15:33:48 (3) Retrieving WMI system class(es) static
information.
16078 15:33:49 (3) 45/45 system class(es) found.
16079 15:33:49 (3) Verifying Permanent subscription(s) for 'ROOT/
DIRECTORY/LDAP'.
16080 15:33:57 (3) 0 permanent subscription(s) in 'ROOT/DIRECTORY/
LDAP' namespace.
16081 15:33:57 (3) 0 Timer instruction(s) in 'ROOT/DIRECTORY/LDAP'
namespace.
16082 15:33:57 (3) Deciphering WMI namespace security for 'ROOT/
DIRECTORY/LDAP'
16083 15:33:57 (4) +- Security Descriptor
------------------------------------------------------------------------------------------
16084 15:33:57 (4) | Owner: .................................
BUILTIN\ADMINISTRATORS
16085 15:33:57 (4) | Group: .................................
BUILTIN\ADMINISTRATORS
16086 15:33:57 (4) | Revision: .............................. 1
16087 15:33:57 (4) | Control: ...............................
&h8004
16088 15:33:57 (4)
SE_DACL_PRESENT
16089 15:33:57 (4)
SE_SELF_RELATIVE
16090 15:33:57 (4) |+- DiscretionaryAcl
--------------------------------------------------------------------------------------------
16091 15:33:57 (4) ||+- ACE #01
----------------------------------------------------------------------------------------------------
16092 15:33:57 (4) ||| Trustee: .............................
BUILTIN\ADMINISTRATORS
16093 15:33:57 (4) ||| AceType: ............................. &h0
16094 15:33:57 (4)
ACCESS_ALLOWED_ACE_TYPE
16095 15:33:57 (4) ||| AceFlags: ............................
&h12
16096 15:33:57 (4)
CONTAINER_INHERIT_ACE
16097 15:33:57 (4)
INHERITED_ACE
16098 15:33:57 (4) ||| AccessMask: ..........................
&h6003F
16099 15:33:57 (4)
WBEM_ENABLE
16100 15:33:57 (4)
WBEM_METHOD_EXECUTE
16101 15:33:57 (4)
WBEM_FULL_WRITE_REP
16102 15:33:57 (4)
WBEM_PARTIAL_WRITE_REP
16103 15:33:57 (4)
WBEM_WRITE_PROVIDER
16104 15:33:57 (4)
WBEM_REMOTE_ACCESS
16105 15:33:57 (4)
WBEM_WRITE_DAC
16106 15:33:57 (4)
WBEM_READ_CONTROL
16107 15:33:57 (4) ||
+--------------------------------------------------------------------------------------------------------------
16108 15:33:57 (4) ||+- ACE #02
----------------------------------------------------------------------------------------------------
16109 15:33:57 (4) ||| Trustee: .............................
EVERYONE
16110 15:33:57 (4) ||| AceType: ............................. &h0
16111 15:33:57 (4)
ACCESS_ALLOWED_ACE_TYPE
16112 15:33:57 (4) ||| AceFlags: ............................
&h12
16113 15:33:57 (4)
CONTAINER_INHERIT_ACE
16114 15:33:57 (4)
INHERITED_ACE
16115 15:33:57 (4) ||| AccessMask: ..........................
&h6003F
16116 15:33:57 (4)
WBEM_ENABLE
16117 15:33:57 (4)
WBEM_METHOD_EXECUTE
16118 15:33:57 (4)
WBEM_FULL_WRITE_REP
16119 15:33:57 (4)
WBEM_PARTIAL_WRITE_REP
16120 15:33:57 (4)
WBEM_WRITE_PROVIDER
16121 15:33:57 (4)
WBEM_REMOTE_ACCESS
16122 15:33:57 (4)
WBEM_WRITE_DAC
16123 15:33:57 (4)
WBEM_READ_CONTROL
16124 15:33:57 (4) ||
+--------------------------------------------------------------------------------------------------------------
16125 15:33:57 (4) ||+- ACE #03
----------------------------------------------------------------------------------------------------
16126 15:33:57 (4) ||| Trustee: ............................. NT
AUTHORITY\LOCAL SERVICE
16127 15:33:57 (4) ||| AceType: ............................. &h0
16128 15:33:57 (4)
ACCESS_ALLOWED_ACE_TYPE
16129 15:33:57 (4) ||| AceFlags: ............................
&h12
16130 15:33:57 (4)
CONTAINER_INHERIT_ACE
16131 15:33:57 (4)
INHERITED_ACE
16132 15:33:57 (4) ||| AccessMask: ..........................
&h6003F
16133 15:33:57 (4)
WBEM_ENABLE
16134 15:33:57 (4)
WBEM_METHOD_EXECUTE
16135 15:33:57 (4)
WBEM_FULL_WRITE_REP
16136 15:33:57 (4)
WBEM_PARTIAL_WRITE_REP
16137 15:33:57 (4)
WBEM_WRITE_PROVIDER
16138 15:33:57 (4)
WBEM_REMOTE_ACCESS
16139 15:33:57 (4)
WBEM_WRITE_DAC
16140 15:33:57 (4)
WBEM_READ_CONTROL
16141 15:33:57 (4) ||
+--------------------------------------------------------------------------------------------------------------
16142 15:33:57 (4) ||+- ACE #04
----------------------------------------------------------------------------------------------------
16143 15:33:57 (4) ||| Trustee: ............................. NT
AUTHORITY\NETWORK SERVICE
16144 15:33:57 (4) ||| AceType: ............................. &h0
16145 15:33:57 (4)
ACCESS_ALLOWED_ACE_TYPE
16146 15:33:57 (4) ||| AceFlags: ............................
&h12
16147 15:33:57 (4)
CONTAINER_INHERIT_ACE
16148 15:33:57 (4)
INHERITED_ACE
16149 15:33:57 (4) ||| AccessMask: ..........................
&h6003F
16150 15:33:57 (4)
WBEM_ENABLE
16151 15:33:57 (4)
WBEM_METHOD_EXECUTE
16152 15:33:57 (4)
WBEM_FULL_WRITE_REP
16153 15:33:57 (4)
WBEM_PARTIAL_WRITE_REP
16154 15:33:57 (4)
WBEM_WRITE_PROVIDER
16155 15:33:57 (4)
WBEM_REMOTE_ACCESS
16156 15:33:57 (4)
WBEM_WRITE_DAC
16157 15:33:57 (4)
WBEM_READ_CONTROL
16158 15:33:57 (4) ||
+--------------------------------------------------------------------------------------------------------------
16159 15:33:57 (4) |
+---------------------------------------------------------------------------------------------------------------
16160 15:33:57 (4)
+-----------------------------------------------------------------------------------------------------------------
16161 15:33:57 (3) Searching if namespace 'ROOT/DIRECTORY/LDAP'
security analysis must be SKIPPED ...
16162 15:33:57 (3) Searching if namespace 'ROOT/DIRECTORY/LDAP'
security settings use a SYSTEM specific security ...
16163 15:33:57 (3) Namespace 'ROOT/DIRECTORY/LDAP' uses a SYSTEM
specific namespace security.
16164 15:33:57 (3) Verifying actual trustees in ACEs against the
default trustees in ACEs to locate actual trustee additions.
16165 15:33:57 (2) !! WARNING: Actual trustee 'EVERYONE' DOES NOT
match corresponding expected trustee rights for ACE #2.
16166 15:33:57 (3) The ACE has the right(s)
'&h6002C,WBEM_FULL_WRITE_REP,WBEM_PARTIAL_WRITE_REP,WBEM_REMOTE_ACCESS,WBEM_WRITE_DAC,WBEM_READ_CONTROL'
added!
16167 15:33:57 (2) !! WARNING: Actual trustee 'NT AUTHORITY\LOCAL
SERVICE' DOES NOT match corresponding expected trustee rights for ACE
#3.
16168 15:33:57 (3) The ACE has the right(s)
'&h6002C,WBEM_FULL_WRITE_REP,WBEM_PARTIAL_WRITE_REP,WBEM_REMOTE_ACCESS,WBEM_WRITE_DAC,WBEM_READ_CONTROL'
added!
16169 15:33:57 (2) !! WARNING: Actual trustee 'NT AUTHORITY\NETWORK
SERVICE' DOES NOT match corresponding expected trustee rights for ACE
#4.
16170 15:33:57 (3) The ACE has the right(s)
'&h6002C,WBEM_FULL_WRITE_REP,WBEM_PARTIAL_WRITE_REP,WBEM_REMOTE_ACCESS,WBEM_WRITE_DAC,WBEM_READ_CONTROL'
added!
16171 15:33:57 (3) Verifying default trustee in ACEs against the
actual trustees in ACEs to locate default trustee removals.
16172 15:33:57 (3)
What we are seeing here is that I allowed all sort of permissions in
WMI properties - but which was done afterwards with no effect except
to see the same message. I don't understand what it means that "actual
trustee doesn't match expected trustee rights for ACE". I never messed
with anything to begin with so?
gianni
allowed local service to log on as service
allowed local and network service to impersonate a client
~~~~~~~~~~~~~~~~~~
analyzed log entry:
#000915: DCOM (10016) - Error - 03 September 2007 01:19:18 (GMT+2)
19349 15:35:03 (3) The application-specific permission
settings do not grant Local Launch
19350 15:35:03 (3) permission for the COM Server
application with CLSID {D851F103-8C90-4321-AFF0-58BA5BD421C2}
19351 15:35:03 (3) to the user NT AUTHORITY\SYSTEM SID
(S-1-5-18). This security permission
19352 15:35:03 (3) can be modified using the Component
Services administrative tool.
....and DCOM security was loosened.... before I saw there is no such
application so the registry entry was removed. I don't know how
exactly to grant local launch.