Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

WMI encountered a problem updating .NET framework 3.5

14 views
Skip to first unread message

Quintin Willison

unread,
Oct 20, 2009, 4:03:01 AM10/20/09
to
This is starting to get very frustrating. I first tried a manual update
after several months of not updating on 14th October. Since that day I've
not been able to update with a WMI error coming up. Initially it seemed that
Microsoft would allow all the high priority updates to install together. Now
it inists on the first entry being installed solo [Microsoft .NET Framework
3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0
through 3.5 (KB951847) x86] but still fails!!

Screen shot here: http://www.twitpic.com/lh94t/full
Another here: http://www.twitpic.com/lh9g5/full

After reading a suggestion elsewhere I tried running WMIDiag v2.0 as
downloaded from Microsoft. It seems to spot 'problems' with WMI but offers
no suggestion as to how to fix them:

26290 06:43:32 (0) **
----------------------------------------------------------------------------------------------------------------------------------
26291 06:43:32 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment'
(Launch & Activation Permissions): ........................... MODIFIED.
26292 06:43:32 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has
been REMOVED!
26293 06:43:32 (0) ** - REMOVED ACE:
26294 06:43:32 (0) ** ACEType: &h0
26295 06:43:32 (0) ** ACCESS_ALLOWED_ACE_TYPE
26296 06:43:32 (0) ** ACEFlags: &h0
26297 06:43:32 (0) ** ACEMask: &h1
26298 06:43:32 (0) ** DCOM_RIGHT_EXECUTE
26299 06:43:32 (0) **
26300 06:43:32 (0) ** => The REMOVED ACE was part of the DEFAULT setup for
the trustee.
26301 06:43:32 (0) ** Removing default security will cause some
operations to fail!
26302 06:43:32 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the ACE.
26303 06:43:32 (0) ** For DCOM objects, this can be done with
'DCOMCNFG.EXE'.
26304 06:43:32 (0) **
26305 06:43:32 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment'
(Launch & Activation Permissions): ........................... MODIFIED.
26306 06:43:32 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has
been REMOVED!
26307 06:43:32 (0) ** - REMOVED ACE:
26308 06:43:32 (0) ** ACEType: &h0
26309 06:43:32 (0) ** ACCESS_ALLOWED_ACE_TYPE
26310 06:43:32 (0) ** ACEFlags: &h0
26311 06:43:32 (0) ** ACEMask: &h1
26312 06:43:32 (0) ** DCOM_RIGHT_EXECUTE
26313 06:43:32 (0) **
26314 06:43:32 (0) ** => The REMOVED ACE was part of the DEFAULT setup for
the trustee.
26315 06:43:32 (0) ** Removing default security will cause some
operations to fail!
26316 06:43:32 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the ACE.
26317 06:43:32 (0) ** For DCOM objects, this can be done with
'DCOMCNFG.EXE'.
26318 06:43:32 (0) **
26319 06:43:32 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment'
(Launch & Activation Permissions): ........................... MODIFIED.
26320 06:43:32 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been
REMOVED!
26321 06:43:32 (0) ** - REMOVED ACE:
26322 06:43:32 (0) ** ACEType: &h0
26323 06:43:32 (0) ** ACCESS_ALLOWED_ACE_TYPE
26324 06:43:32 (0) ** ACEFlags: &h0
26325 06:43:32 (0) ** ACEMask: &h1
26326 06:43:32 (0) ** DCOM_RIGHT_EXECUTE
26327 06:43:32 (0) **
26328 06:43:32 (0) ** => The REMOVED ACE was part of the DEFAULT setup for
the trustee.
26329 06:43:32 (0) ** Removing default security will cause some
operations to fail!
26330 06:43:32 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the ACE.
26331 06:43:32 (0) ** For DCOM objects, this can be done with
'DCOMCNFG.EXE'.
26332 06:43:32 (0) **
26333 06:43:32 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL':
.....................................................................
MODIFIED.
26334 06:43:32 (1) !! ERROR: Actual trustee 'NT AUTHORITY\NETWORK SERVICE'
DOES NOT match corresponding expected trustee rights (Actual->Default)
26335 06:43:32 (0) ** - ACTUAL ACE:
26336 06:43:32 (0) ** ACEType: &h0
26337 06:43:32 (0) ** ACCESS_ALLOWED_ACE_TYPE
26338 06:43:32 (0) ** ACEFlags: &h2
26339 06:43:32 (0) ** CONTAINER_INHERIT_ACE
26340 06:43:32 (0) ** ACEMask: &h1
26341 06:43:32 (0) ** WBEM_ENABLE
26342 06:43:32 (0) ** - EXPECTED ACE:
26343 06:43:32 (0) ** ACEType: &h0
26344 06:43:32 (0) ** ACCESS_ALLOWED_ACE_TYPE
26345 06:43:32 (0) ** ACEFlags: &h12
26346 06:43:32 (0) ** CONTAINER_INHERIT_ACE
26347 06:43:32 (0) ** INHERITED_ACE
26348 06:43:32 (0) ** ACEMask: &h13
26349 06:43:32 (0) ** WBEM_ENABLE
26350 06:43:32 (0) ** WBEM_METHOD_EXECUTE
26351 06:43:32 (0) ** WBEM_WRITE_PROVIDER
26352 06:43:32 (0) **
26353 06:43:32 (0) ** => The actual ACE has the right(s) '&h12
WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
26354 06:43:32 (0) ** This will cause some operations to fail!
26355 06:43:32 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the removed right.
26356 06:43:32 (0) ** For WMI namespaces, this can be done with
'WMIMGMT.MSC'.
26357 06:43:32 (0) ** Note: WMIDiag has no specific knowledge of this WMI
namespace.
26358 06:43:32 (0) ** The security diagnostic is based on the WMI
namespace expected defaults.
26359 06:43:32 (0) ** A specific WMI application can always require a
security setup different
26360 06:43:32 (0) ** than the WMI security defaults.
26361 06:43:32 (0) **
26362 06:43:32 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL':
.....................................................................
MODIFIED.
26363 06:43:32 (1) !! ERROR: Actual trustee 'NT AUTHORITY\LOCAL SERVICE'
DOES NOT match corresponding expected trustee rights (Actual->Default)
26364 06:43:32 (0) ** - ACTUAL ACE:
26365 06:43:32 (0) ** ACEType: &h0
26366 06:43:32 (0) ** ACCESS_ALLOWED_ACE_TYPE
26367 06:43:32 (0) ** ACEFlags: &h2
26368 06:43:32 (0) ** CONTAINER_INHERIT_ACE
26369 06:43:32 (0) ** ACEMask: &h1
26370 06:43:32 (0) ** WBEM_ENABLE
26371 06:43:32 (0) ** - EXPECTED ACE:
26372 06:43:32 (0) ** ACEType: &h0
26373 06:43:32 (0) ** ACCESS_ALLOWED_ACE_TYPE
26374 06:43:32 (0) ** ACEFlags: &h12
26375 06:43:32 (0) ** CONTAINER_INHERIT_ACE
26376 06:43:32 (0) ** INHERITED_ACE
26377 06:43:32 (0) ** ACEMask: &h13
26378 06:43:32 (0) ** WBEM_ENABLE
26379 06:43:32 (0) ** WBEM_METHOD_EXECUTE
26380 06:43:32 (0) ** WBEM_WRITE_PROVIDER
26381 06:43:32 (0) **
26382 06:43:32 (0) ** => The actual ACE has the right(s) '&h12
WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
26383 06:43:32 (0) ** This will cause some operations to fail!
26384 06:43:32 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the removed right.
26385 06:43:32 (0) ** For WMI namespaces, this can be done with
'WMIMGMT.MSC'.
26386 06:43:32 (0) ** Note: WMIDiag has no specific knowledge of this WMI
namespace.
26387 06:43:32 (0) ** The security diagnostic is based on the WMI
namespace expected defaults.
26388 06:43:32 (0) ** A specific WMI application can always require a
security setup different
26389 06:43:32 (0) ** than the WMI security defaults.
26390 06:43:32 (0) **
26391 06:43:32 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL':
.....................................................................
MODIFIED.
26392 06:43:32 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED!
26393 06:43:32 (0) ** - REMOVED ACE:
26394 06:43:32 (0) ** ACEType: &h0
26395 06:43:32 (0) ** ACCESS_ALLOWED_ACE_TYPE
26396 06:43:32 (0) ** ACEFlags: &h12
26397 06:43:32 (0) ** CONTAINER_INHERIT_ACE
26398 06:43:32 (0) ** INHERITED_ACE
26399 06:43:32 (0) ** ACEMask: &h13
26400 06:43:32 (0) ** WBEM_ENABLE
26401 06:43:32 (0) ** WBEM_METHOD_EXECUTE
26402 06:43:32 (0) ** WBEM_WRITE_PROVIDER
26403 06:43:32 (0) **
26404 06:43:32 (0) ** => The REMOVED ACE was part of the DEFAULT setup for
the trustee.
26405 06:43:32 (0) ** Removing default security will cause some
operations to fail!
26406 06:43:32 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the ACE.
26407 06:43:32 (0) ** For WMI namespaces, this can be done with
'WMIMGMT.MSC'.
26408 06:43:32 (0) ** Note: WMIDiag has no specific knowledge of this WMI
namespace.
26409 06:43:32 (0) ** The security diagnostic is based on the WMI
namespace expected defaults.
26410 06:43:32 (0) ** A specific WMI application can always require a
security setup different
26411 06:43:32 (0) ** than the WMI security defaults.
26412 06:43:32 (0) **
26413 06:43:32 (0) **
26414 06:43:32 (0) ** DCOM security warning(s) detected:
.................................................................................. 0.
26415 06:43:32 (0) ** DCOM security error(s) detected:
.................................................................................... 3.
26416 06:43:32 (0) ** WMI security warning(s) detected:
................................................................................... 0.
26417 06:43:32 (0) ** WMI security error(s) detected:
..................................................................................... 3.
26418 06:43:32 (0) **
26419 06:43:32 (1) !! ERROR: Overall DCOM security status:
................................................................................ ERROR!
26420 06:43:32 (1) !! ERROR: Overall WMI security status:
................................................................................. ERROR!
26421 06:43:32 (0) ** - Started at 'Root'
--------------------------------------------------------------------------------------------------------------


It's obviously not well! Is there a tool out there to 'fix' WMI security
settings? My current option seems to be OS reinstall.

Any ideas appreciated.

Thanks.

PA Bear [MS MVP]

unread,
Oct 20, 2009, 11:48:46 AM10/20/09
to
Please state your full Windows version (e.g., WinXP SP3; Vista 64-bit SP2;
Win7 RC; Win7 RTM) when posting in a forum or newsgroup.

> ...after several months of not updating...

Why haven't you been updating for "several months?"

Is Automatic Updates enabled?

What anti-virus application or security suite is installed and is your
subscription current? What anti-spyware applications (other than Defender)?
What third-party firewall (if any)?

Has a(another) Norton or McAfee application ever been installed on this
machine (e.g., a free-trial version that came preinstalled when you bought
it)?
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002

0 new messages