locked
WMIdiag with multiple errors RRS feed

  • Question

  • Hello XP forums,

    I have recently encountered problems with wmi based apps and somewhere it was suggested I do a diagnostic of wmi repository, so I did. I get multiple "ERRORS" everywhere and I am not sure how to fix everything. Here is the logfile:

     

     

    20474 13:29:00 (0) ** WMIDiag v2.0 started on den 1 maj 2011 at 13:25.

    20475 13:29:00 (0) ** 

    20476 13:29:00 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - January 2007.

    20490 13:29:00 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

    20491 13:29:00 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------

    20492 13:29:00 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

    20493 13:29:00 (0) ** 

    20494 13:29:00 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

    20495 13:29:00 (0) ** Windows XP - No service pack - 32-bit (2600) - User 'SHUTTLE\MICKE' on computer 'SHUTTLE'.

    20496 13:29:00 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

    20497 13:29:00 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)!

    20498 13:29:00 (0) ** INFO: => 4 incorrect shutdown(s) detected on:

    20499 13:29:00 (0) **          - Shutdown on 26 March 2011 22:59:19 (GMT+1).

    20500 13:29:00 (0) **          - Shutdown on 26 March 2011 23:33:56 (GMT+1).

    20501 13:29:00 (0) **          - Shutdown on 18 April 2011 22:25:23 (GMT+2).

    20502 13:29:00 (0) **          - Shutdown on 18 April 2011 22:43:20 (GMT+2).

    20503 13:29:00 (0) ** 

    20504 13:29:00 (0) ** System drive: ....................................................................................................... C: (Disk nr 0 partition nr 0).

    20505 13:29:00 (0) ** Drive type: ......................................................................................................... IDE (ST3120023A).

    20506 13:29:00 (0) ** There are no missing WMI system files: .............................................................................. OK.

    20507 13:29:00 (0) ** There are no missing WMI repository files: .......................................................................... OK.

    20508 13:29:00 (0) ** WMI repository state: ............................................................................................... N/A.

    20509 13:29:00 (0) ** BEFORE running WMIDiag:

    20510 13:29:00 (0) ** The WMI repository has a size of: ................................................................................... 23 MB.

    20511 13:29:00 (0) ** - Disk free space on 'C:': .......................................................................................... 3048 MB.

    20512 13:29:00 (0) **   - INDEX.BTR,                     1499136 bytes,      2011-05-01 13:24:57

    20513 13:29:00 (0) **   - INDEX.MAP,                     756 bytes,          2011-05-01 13:24:57

    20514 13:29:00 (0) **   - OBJECTS.DATA,                  22724608 bytes,     2011-05-01 13:24:57

    20515 13:29:00 (0) **   - OBJECTS.MAP,                   11120 bytes,        2011-05-01 13:24:57

    20516 13:29:00 (0) ** AFTER running WMIDiag:

    20517 13:29:00 (0) ** The WMI repository has a size of: ................................................................................... 23 MB.

    20518 13:29:00 (0) ** - Disk free space on 'C:': .......................................................................................... 3046 MB.

    20519 13:29:00 (0) **   - INDEX.BTR,                     1499136 bytes,      2011-05-01 13:24:57

    20520 13:29:00 (0) **   - INDEX.MAP,                     756 bytes,          2011-05-01 13:24:57

    20521 13:29:00 (0) **   - OBJECTS.DATA,                  22724608 bytes,     2011-05-01 13:24:57

    20522 13:29:00 (0) **   - OBJECTS.MAP,                   11120 bytes,        2011-05-01 13:24:57

    20523 13:29:00 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

    20524 13:29:00 (0) ** Windows Firewall: ................................................................................................... NOT INSTALLED.

    20525 13:29:00 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

    20526 13:29:00 (0) ** DCOM Status: ........................................................................................................ OK.

    20527 13:29:00 (0) ** WMI registry setup: ................................................................................................. OK.

    20528 13:29:00 (0) ** WMI Service has no dependents: ...................................................................................... OK.

    20529 13:29:00 (0) ** RPCSS service: ...................................................................................................... OK (Already started).

    20530 13:29:00 (0) ** WINMGMT service: .................................................................................................... OK (Already started).

    20531 13:29:00 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

    20532 13:29:00 (0) ** WMI service DCOM setup: ............................................................................................. OK.

    20533 13:29:00 (0) ** WMI components DCOM registrations: .................................................................................. OK.

    20534 13:29:00 (0) ** WMI ProgID registrations: ........................................................................................... OK.

    20535 13:29:00 (0) ** WMI provider DCOM registrations: .................................................................................... OK.

    20536 13:29:00 (0) ** WMI provider CIM registrations: ..................................................................................... OK.

    20537 13:29:00 (0) ** WMI provider CLSIDs: ................................................................................................ OK.

    20538 13:29:00 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.

    20539 13:29:00 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

    20540 13:29:00 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED.

    20541 13:29:00 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!

    20542 13:29:00 (0) **        - REMOVED ACE:

    20543 13:29:00 (0) **          ACEType:  &h0

    20544 13:29:00 (0) **                    ACCESS_ALLOWED_ACE_TYPE

    20545 13:29:00 (0) **          ACEFlags: &h0

    20546 13:29:00 (0) **          ACEMask:  &h1

    20547 13:29:00 (0) **                    DCOM_RIGHT_EXECUTE

    20548 13:29:00 (0) ** 

    20549 13:29:00 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.

    20550 13:29:00 (0) **    Removing default security will cause some operations to fail!

    20551 13:29:00 (0) **    It is possible to fix this issue by editing the security descriptor and adding the ACE.

    20552 13:29:00 (0) **    For DCOM objects, this can be done with 'DCOMCNFG.EXE'.

    20553 13:29:00 (0) ** 

    20554 13:29:00 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED.

    20555 13:29:00 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED!

    20556 13:29:00 (0) **        - REMOVED ACE:

    20557 13:29:00 (0) **          ACEType:  &h0

    20558 13:29:00 (0) **                    ACCESS_ALLOWED_ACE_TYPE

    20559 13:29:00 (0) **          ACEFlags: &h0

    20560 13:29:00 (0) **          ACEMask:  &h1

    20561 13:29:00 (0) **                    DCOM_RIGHT_EXECUTE

    20562 13:29:00 (0) ** 

    20563 13:29:00 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.

    20564 13:29:00 (0) **    Removing default security will cause some operations to fail!

    20565 13:29:00 (0) **    It is possible to fix this issue by editing the security descriptor and adding the ACE.

    20566 13:29:00 (0) **    For DCOM objects, this can be done with 'DCOMCNFG.EXE'.

    20567 13:29:00 (0) ** 

    20568 13:29:00 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED.

    20569 13:29:00 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED!

    20570 13:29:00 (0) **        - REMOVED ACE:

    20571 13:29:00 (0) **          ACEType:  &h0

    20572 13:29:00 (0) **                    ACCESS_ALLOWED_ACE_TYPE

    20573 13:29:00 (0) **          ACEFlags: &h0

    20574 13:29:00 (0) **          ACEMask:  &h1

    20575 13:29:00 (0) **                    DCOM_RIGHT_EXECUTE

    20576 13:29:00 (0) ** 

    20577 13:29:00 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.

    20578 13:29:00 (0) **    Removing default security will cause some operations to fail!

    20579 13:29:00 (0) **    It is possible to fix this issue by editing the security descriptor and adding the ACE.

    20580 13:29:00 (0) **    For DCOM objects, this can be done with 'DCOMCNFG.EXE'.

    20581 13:29:00 (0) ** 

     

     

    Here comes a great number of same type of error like: 

     

    20569 13:29:00 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED!

     

    I have removed 90% of them because I did not have enough room in the post. After that here is the continuation of the logs:

     

    22313 13:29:00 (0) **    Removing default security will cause some operations to fail!

    22314 13:29:00 (0) **    It is possible to fix this issue by editing the security descriptor and adding the ACE.

    22315 13:29:00 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.

    22316 13:29:00 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace.

    22317 13:29:00 (0) **       The security diagnostic is based on the WMI namespace expected defaults.

    22318 13:29:00 (0) **       A specific WMI application can always require a security setup different

    22319 13:29:00 (0) **       than the WMI security defaults.

    22320 13:29:00 (0) ** 

    22321 13:29:00 (0) ** 

    22322 13:29:00 (0) ** DCOM security warning(s) detected: .................................................................................. 0.

    22323 13:29:00 (0) ** DCOM security error(s) detected: .................................................................................... 12.

    22324 13:29:00 (0) ** WMI security warning(s) detected: ................................................................................... 0.

    22325 13:29:00 (0) ** WMI security error(s) detected: ..................................................................................... 81.

    22326 13:29:00 (0) ** 

    22327 13:29:00 (1) !! ERROR: Overall DCOM security status: ................................................................................ ERROR!

    22328 13:29:00 (1) !! ERROR: Overall WMI security status: ................................................................................. ERROR!

    22329 13:29:00 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------

    22330 13:29:00 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 2.

    22331 13:29:00 (0) ** - ROOT/SUBSCRIPTION, MSFT_UCScenarioControl.Name="Microsoft WMI Updating Consumer Scenario Control".

    22332 13:29:00 (0) **   'SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario''

    22333 13:29:00 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer".

    22334 13:29:00 (0) **   'select * from MSFT_SCMEventLogEvent'

    22335 13:29:00 (0) ** 

    22336 13:29:00 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.

    22337 13:29:00 (0) ** WMI ADAP status: .................................................................................................... OK.

    22338 13:29:00 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: .................................................................... 1 NAMESPACE(S)!

    22339 13:29:00 (0) ** - ROOT/SERVICEMODEL.

    22340 13:29:00 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to

    22341 13:29:00 (0) **    use an encrypted connection by specifying the PACKET PRIVACY authentication level.

    22342 13:29:00 (0) **    (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags)

    22343 13:29:00 (0) **    i.e. 'WMIC.EXE /NODE:"SHUTTLE" /AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class __SystemSecurity'

    22344 13:29:00 (0) ** 

    22345 13:29:00 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK.

    22346 13:29:00 (0) ** WMI CONNECTIONS: .................................................................................................... OK.

    22347 13:29:00 (0) ** WMI GET operations: ................................................................................................. OK.

    22348 13:29:00 (0) ** WMI MOF representations: ............................................................................................ OK.

    22349 13:29:00 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.

    22350 13:29:00 (0) ** WMI ENUMERATION operations: ......................................................................................... OK.

    22351 13:29:00 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.

    22352 13:29:00 (0) ** WMI GET VALUE operations: ........................................................................................... OK.

    22353 13:29:00 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.

    22354 13:29:00 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.

    22355 13:29:00 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.

    22356 13:29:00 (0) ** WMI static instances retrieved: ..................................................................................... 677.

    22357 13:29:00 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.

    22358 13:29:00 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 0.

    22359 13:29:00 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

    22360 13:29:00 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):

    22361 13:29:00 (0) **   DCOM: ............................................................................................................. 3.

    22362 13:29:00 (0) **   WINMGMT: .......................................................................................................... 14.

    22363 13:29:00 (0) **   WMIADAPTER: ....................................................................................................... 1.

    22364 13:29:00 (0) ** => Verify the WMIDiag LOG at line #18346 for more details.

    22365 13:29:00 (0) ** 

    22366 13:29:00 (0) ** # of additional Event Log events AFTER WMIDiag execution:

    22367 13:29:00 (0) **   DCOM: ............................................................................................................. 0.

    22368 13:29:00 (0) **   WINMGMT: .......................................................................................................... 0.

    22369 13:29:00 (0) **   WMIADAPTER: ....................................................................................................... 0.

    22370 13:29:00 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

    22371 13:29:00 (0) ** WMI Registry key setup: ............................................................................................. OK.

    22372 13:29:00 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

    22373 13:29:00 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

    22374 13:29:00 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

    22375 13:29:00 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

    22376 13:29:00 (0) ** 

    22377 13:29:00 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

    22378 13:29:00 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------

    22379 13:29:00 (0) ** ----------------------------------------------------------------------------------------------------------------------------------

    22380 13:29:00 (0) ** 

    22381 13:29:00 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!.  Check 'C:\DOCUMENTS AND SETTINGS\MICKE\LOKALA INSTÄLLNINGAR\TEMP\WMIDIAG-V2.0_XP___.CLI.RTM.32_SHUTTLE_2011.05.01_13.25.44.LOG' for details.

    22382 13:29:00 (0) ** 

    22383 13:29:00 (0) ** WMIDiag v2.0 ended on den 1 maj 2011 at 13:29 (W:245 E:95 S:1).

     

     


    Sunday, May 1, 2011 11:40 AM

All replies

  • Using WMIMGMT.MSC  and DCOMCNFG.EXE, you need to set the ACE (security descriptors) back to the way they should be.  The only reliable way to do this is to copy the settings from a working XP machine (where WMIDiag does not fail).

    I've been down this road, and it's hard.  Consider re-installing Windows.

    • Proposed as answer by Bigteddy Wednesday, August 3, 2011 9:48 AM
    Wednesday, June 1, 2011 4:24 PM