Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

WMI Performance Adapter service stops and starts repeatedly

2,125 views

Skip to first unread message

Frank Burleigh

unread,

Apr 20, 2007, 2:12:18 PM4/20/07

to Sparks, Randall A

This doesn't look like an administration group, but I don't see a better
place for this question. Redirect me to a better place if there is one.

A Windows Server 2003 box's event log shows a pattern of stopping and
starting the "WMI Performance Adapter service:"

7035 from SCM starts WMI Adapter service
7036 from SCM WMI Adapter service enters running state
7036 from SCM WMI Adapter service enters stop state

A few minutes later this cycle will begin again.

I "reset" WMI, recompiled the mof files, reset performance counters, and
even turned on verbose logging. I don't see an obvious problem but then
I don't know what I'd be looking for. I'm rather guessing some sort of
RPC issue, since I saw what I think is an RPC login or impersonation
failure.

Some extracts from wbem logs follow.

wbemcore.log:

(Fri Apr 20 13:15:57 2007.151235187) : Query Engine request: querying
dyn provider with <select * from Win32_Processor where __CLASS =
"Win32_Processor">
(Fri Apr 20 13:15:57 2007.151235187) : Query Engine actual: querying dyn
provider with <select * from Win32_Processor where __CLASS =
"Win32_Processor">
(Fri Apr 20 13:15:57 2007.151235187) : CALL CWbemNamespace::GetObject
BSTR ObjectPath = Win32_Processor
long lFlags = 0
IWbemClassObject ** pObj = 0x295F938
(Fri Apr 20 13:15:59 2007.151237218) : Error 80041002 occured executing
request for CancelProvAsyncCall for sink 05BC4BC0
(Fri Apr 20 13:15:59 2007.151237218) : CAsyncReq_CancelProvAsyncCall
call failed
(Fri Apr 20 13:15:59 2007.151237218) : CALL CWbemNamespace::GetObject
BSTR ObjectPath = Win32_WMISetting=@
long lFlags = 0
IWbemClassObject ** pObj = 0x1B5F938

from wbemess.log:

(Fri Apr 20 13:15:06 2007.151184203) : NCProv: NCMSG_PREPPED_EVENT index 30
(Fri Apr 20 13:15:06 2007.151184218) : NT Event Log Consumer: could not
retrieve property 'sid' 0x80041002
(Fri Apr 20 13:15:06 2007.151184562) : NCProv: NCMSG_PREPPED_EVENT index 29
(Fri Apr 20 13:15:06 2007.151184562) : NCProv: NCMSG_PREPPED_EVENT index 30
(Fri Apr 20 13:15:06 2007.151184562) : NCProv: NCMSG_PREPPED_EVENT index 30
(Fri Apr 20 13:15:06 2007.151184578) : NT Event Log Consumer: could not
retrieve property 'sid' 0x80041002
(Fri Apr 20 13:15:06 2007.151184578) : NT Event Log Consumer: could not
retrieve property 'sid' 0x80041002

jamesfroio

unread,

Jul 17, 2007, 11:04:28 AM7/17/07

Start the 'WMI Performance Adapter' service manually and set its startup to 'automatic' so it continues to always be running in the case of a reboot. I could not find and method of suppressing the 7035/7036 events that were filling our System log that were generated on our Windows 2003 servers due to our SiteScope monitoring and the above did the trick.

EggHeadCafe.com - .NET Developer Portal of Choice
http://www.eggheadcafe.com

0 new messages