Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

WMI failures and exchange issues possibly related

458 views
Skip to first unread message

R. Love

unread,
Sep 15, 2008, 2:40:01 PM9/15/08
to
I am getting this error every 10 seconds. There seems to be a correlation
with our inability to send emails to certain domains, except when the server
is rebooted.

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 9/15/2008
Time: 11:23:14 AM
User: N/A
Computer: SERVER
Description:
Faulting application wmiprvse.exe, version 5.2.3790.3959, faulting module
ntdll.dll, version 5.2.3790.3959, fault address 0x0001a379.

Could adding RAM be the solutin as I've seen on another post? This server
currently has 2 gigs.

Thanks in advance.


Robbin Meng [MSFT]

unread,
Sep 16, 2008, 7:59:52 AM9/16/08
to
Hello,

Thank you for your post.

When did this issue begin to occur? Have you installed/uninstalled any 3rd
hardware or software recently that may caused this issue?

Please check and make sure the latest "Windows Server 2003 Service Pack 2"
is installed. If the SBS server has already installed Windows Server 2003
Service Pack 2, try to perform a Clean Boot. Here are related articles:

1. The Wmiprvse.exe process stops unexpectedly, and event ID 1000 is logged
in the Application log in Windows Server 2003
http://support.microsoft.com/kb/914831/en-us

2. If possible, please also reboot SBS server into "clean boot" mode to see
whether this issue continues. Please refer to the following KB article to
test if the issue persists in "clean boot" state.

How to configure Windows XP to start in a "clean boot"
statehttp://support.microsoft.com/kb/310353/en-us (Note: this article also
works for Windows Server 2003 computer)

Hope this helps.


Best regards,
Robbin Meng(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security

R. Love

unread,
Sep 18, 2008, 9:19:00 PM9/18/08
to
Hi Robbin,

This has been an ongoing issue. I followed several different posts and noe
of the suggested solutions fixed our issue. This server is sbs 2003 R2 with
all the latest sp and updates. So I don't think the first article applies.
For the second suggestion... I restarted the server in a clean boot and the
following events were logged.

This one several times -
Event ID: 1004
Description:
Reporting queued error: faulting application wmiprvse.exe, version

5.2.3790.3959, faulting module ntdll.dll, version 5.2.3790.3959, fault
address 0x0001a379.

Associated with this one -
Event ID: 1001
Description:
Fault bucket 396289288

This one I hadn't noticed before -
Event Type: Warning
Event Source: WinMgmt
Event ID: 5603
User: NT AUTHORITY\SYSTEM
Description:
A provider, PerfProv, has been registered in the WMI namespace,
ROOT\CIMV2\MicrosoftHealthMonitor\PerfMon, but did not specify the
HostingModel property. This provider will be run using the LocalSystem
account. This account is privileged and the provider may cause a security
violation if it does not correctly impersonate user requests. Ensure that
provider has been reviewed for security behavior and update the HostingModel
property of the provider registration to an account with the least privileges
possible for the required functionality.

And I saw this one for the first time -
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Description:
The following boot-start or system-start driver(s) failed to load:
ZetSFD

I will use these to do more resaerch to see if they are all or in part
related. In the meantime do you have additional thoughts?

Thanks
Rob

Robbin Meng [MSFT]

unread,
Sep 21, 2008, 4:49:31 AM9/21/08
to
Hello,

Thanks for your response.

Regarding the error messages, I performed some research and would like you
try the following steps:

Suggestion 1: Check and make sure installed Windows Server 2003 Service
Pack 2.

Best practices and known issues when you install Windows Server 2003
Service Pack 2 on a Windows Small Business Server 2003-based computer
http://support.microsoft.com/kb/939421/en-us


Suggestion 2: Register WMI components

Please open CMD command prompt window, type the following commands step by
step:

1. net stop winmgmt /y

2. cd %windir%\system32\wbem

for /f %%s in ('dir /b *.dll') do regsvr32 /s %%s

3. regsvr32 %windir%\system32\tscfgwmi.dll

4. wmiprvse /regserver
5. winmgmt /regserver
6. net start winmgmt


Suggeston 3: As the issue also occur in Safe Mode, I'd like you unplug all
non-essential hardware peripheral devices if possible, and also perform a
complete hard disk scan by checkdisk tool.

As for the ZetSFD error, for your reference, it may related to the Zetera
Storage Class (Zetsfd.sys) filter driver that is installed on the computer.
The Zetera Storage Class (Zetsfd.sys) filter driver is installed on the
computer.


Best regards,

Robbin Meng(MSFT)

0 new messages