none
WMI namespace security for 'ROOT/RSOP' - 6 errors

    Question

  • I have 2 laptops running Windows XP SP3 - same Toshiba models purchased same time.  Something has gone wrong with the configuration on one.  I have tried rolling back the restore points to before I observed the problem.  I cannot start the service for my backup software client (Retrospect client) - permission problem (error 1920), hence I cannot backup or recover to an earlier time.  I tried to install Norton Ghost to back it up, but installation fails.  And the Toshiba Power Saver tool fails with 0x5!

    Running Computer Associates Security Suite 2009 with current subscription and updates.  Problem seemed to occur right after configuring Outlook 2007 for email and elected not to set up the small business contact manager.  The other laptop is not using Outlook and it has Symantec AV corporate edition.

    Whenever I start an Office 2007 component, the setup.exe is launched and it errors out!  setup.exe is also launched with I start IE7 and when I go to Control Panel via Start -> Settings.

    Web search for error 1920 shows hits on virus topics; I wonder if CA missed something that came through Outlook.

    I have run Aaron Stebner's scripts with the SubInAcl tool to reset registry key permissions.  That fixed a problem on another machine that repeatedly failed to update .NET 2.x, so I figured it was worth a try.

    Now I have errors in the WMIDiag report.  Since I have two systems I can compare, I looked at WMIMGMT.MSC side by side - which reminds me, I see events 58 and 59 in the event log, which are SXS SideBySide errors!

    On the system having trouble, the WMI Control panel is missing items like aspnet and a couple more.

    WMIDiag reports 6 errors related to RSOP - they all start with 'ROOT/RSOP'.  I'll list their names and show details for one.

    19442 23:32:28 (0) ** WMI namespace security for 'ROOT/RSOP':
    19443 23:32:28 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED!

    19465 23:32:28 (0) ** WMI namespace security for 'ROOT/RSOP':
    19466 23:32:28 (1) !! ERROR: Default trustee 'NT AUTHORITY\AUTHENTICATED USERS' has been REMOVED!

    19484 23:32:28 (0) ** WMI namespace security for 'ROOT/RSOP/USER':
    19485 23:32:28 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED!

    19507 23:32:28 (0) ** WMI namespace security for 'ROOT/RSOP/USER':
    19508 23:32:28 (1) !! ERROR: Default trustee 'NT AUTHORITY\AUTHENTICATED USERS' has been REMOVED!

    19526 23:32:28 (0) ** WMI namespace security for 'ROOT/RSOP/COMPUTER':
    19527 23:32:28 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED!

    19549 23:32:28 (0) ** WMI namespace security for 'ROOT/RSOP/COMPUTER':
    19550 23:32:28 (1) !! ERROR: Default trustee 'NT AUTHORITY\AUTHENTICATED USERS' has been REMOVED!
    19551 23:32:28 (0) **        - REMOVED ACE:
    19552 23:32:28 (0) **          ACEType:  &h0
    19553 23:32:28 (0) **                    ACCESS_ALLOWED_ACE_TYPE
    19554 23:32:28 (0) **          ACEFlags: &h12
    19555 23:32:28 (0) **                    CONTAINER_INHERIT_ACE
    19556 23:32:28 (0) **                    INHERITED_ACE
    19557 23:32:28 (0) **          ACEMask:  &h20023
    19558 23:32:28 (0) **                    WBEM_ENABLE
    19559 23:32:28 (0) **                    WBEM_METHOD_EXECUTE
    19560 23:32:28 (0) **                    WBEM_REMOTE_ACCESS
    19561 23:32:28 (0) **                    WBEM_READ_CONTROL
    19562 23:32:28 (0) **
    19563 23:32:28 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
    19564 23:32:28 (0) **    Removing default security will cause some operations to fail!
    19565 23:32:28 (0) **    It is possible to fix this issue by editing the security descriptor and adding the ACE.
    19566 23:32:28 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
    19567 23:32:28 (0) **
    19568 23:32:28 (0) **
    19569 23:32:28 (0) ** DCOM security warning(s) detected: .................................................................................. 0.
    19570 23:32:28 (0) ** DCOM security error(s) detected: .................................................................................... 0.
    19571 23:32:28 (0) ** WMI security warning(s) detected: ................................................................................... 0.
    19572 23:32:28 (0) ** WMI security error(s) detected: ..................................................................................... 6.
    19573 23:32:28 (0) **
    19574 23:32:28 (0) ** Overall DCOM security status: ....................................................................................... OK.
    19575 23:32:28 (1) !! ERROR: Overall WMI security status: ................................................................................. ERROR!
    19576 23:32:28 (0) ** - Started at 'Root'
    .
    .
    .

    I have no idea how to fix these problems.  Guidance would be greatly appreciated.  I have been working on this since 5/9/09 when I tried to do a backup and the client would not start.

    Thank you,
    Wayne
    Wednesday, May 27, 2009 11:17 PM

All replies

  • After examining log files more closely last night, trying to rebuild the repository, it appears that all of the wbem\*.mof files were compiled okay.  The C:\WINDOWS\system32\wbem\Logs\setup.log shows errors compiling just the files related to the MICROSOFT.NET\FRAMEWORK\V[1,2,3]*\ -- ASPNET.MOF, CLR.MOF, SERVICEMODEL.MOF, and a couple others.

    I think this explains why on the system having trouble, the WMI Control panel is missing items like aspnet, etc.

    The timestamps in the log on 5/14/09 coincide with when I was installing MS Office 2007 SP2!  Something apparently went awry during the final steps.

    Now that I have rebuilt the repository, windows update shows that MS Office 2007 SP2 is ready for download, even though the office components say they are at the SP2 level.

    This morning I repaired the .NET Framework 3.5 from the Add/Remove panel, and then had to leave for work.  I'll make sure the .NET framework parts are healthy; may have to uninstall and reinstall.  And then will apply Office 2007 SP2.

    /wws

    Thursday, May 28, 2009 3:15 PM