locked
Vista security center broken RRS feed

  • Question

  • Hi,
    I've had problems with the Security Centre nearly since I've had Vista (Home Premium), and I have tried to fix it once before, without success. But now with SP1 available I want to either fix it or face a total re-install. Several security updates have failed before due to these issues, so I don't hold out much hope of SP1 being a knight in shining armour and fixing everything.

    It started with Vista freezing up during a reboot after installation of a ViewSonic monitor driver, and after that the Security Centre suddenly didn't recognising my anti-virus program (AVG). It's an issue like the one posted here. And like that post explains a few ways to fix the issue, I did the same. But the trouble is, it didn't work for me. I turned off Windows Management Instrumentation as in Method A, and instead of deleting, I renamed my Repository folder. But upon rebooting, it didn't create the folder again, and it didn't fix the underlying issues. Microsoft in all their wisdom suggested a repair install, but after 2 hours that failed as well.

    There is an image of my Security Centre here.

     
    At present my old repository folder is called old.repository.001 - this is the result of two attempts to get Windows to recreate it. I have trouble remembering exactly but I think I renamed it old. and another method renamed it .001 In any case, there is no other folder in system32/wbem/ called repository and all the files in the old.repository.001 seem to be as they were.

    I'd really like some good advice here. I don't want to do a clean install of Vista, but I'm almost sure that SP1 is not going to succeed while my Security centre is in such a state. I have scanned the system for viruses and it appears to be clean. I'm just not sure how to properly go about fixing the repository. The only other thing it seems to affect is setting system restore points. When Windows installs an update, it successfully creates a restore point, but if I try to do it manually it invariably fails and it gives me a "transient error" warning, suggesting that if I try again, it might work (which it doesn't).

    So this is last stop before reinstall but I'm reluctant to do that, as it takes a lot of time and annoyance.

    Thanks for your input. I appreciate it.

    Geoff
    Thursday, April 24, 2008 12:05 AM

Answers

  • Hi,

     

    The error code 0x8004100A may occurs for one of the following reasons:

     

    1. The PATH environment variable does not contain %windir%\system32\wbem.
    2. The Windows Management Instrumentation (WMI) registry subkeys are modified. For example, if registration for CLSID_WbemDefPath is missing, you will receive error code 0x8004100A.

     

    To resolve this issue, try the following methods in the order presented. If the first method does not resolve the issue go to the second one.

     

    Method 1:  Add %windir%\system32\wbem to the PATH environment variable

     

    1.  Click Start, right-click Computer, and then click Properties.

    2.  In the Computer name, domain, and workgroup settings area, click Change settings. If you are prompted for an administrator password or for confirmation, type your password, or click Continue.

    3.  Click the Advanced tab, and then click Environment Variables.

    4.  In the System variables section, click to select Path, and then click Edit.

    5.  Add the following at the end of the Variable value text box:
    ;%windir%\system32\wbem

    6.  Click OK three times.

    Note If you run setup from a cmd.exe window, you have to open a new cmd.exe window because the existing cmd.exe window will have the previous path value. If you run setup from Windows Explorer, it will work.

     

    Method 2:  Run the WMI Diagnosis Utility

     

    1.  Download the WMI Diagnosis Utility version 2.0 (WMIDiag.exe). To do this, visit the following Microsoft Web site:
    http://www.microsoft.com/downloads/details.aspx?familyid=d7ba3cd6-18d1-4d05-b11e-4c64192ae97d&displaylang=en

    2.  Double-click WMIDiag.exe to extract the files that include the WMIDiag.vbs file.

    3.  Click Start, and then type cmd in the Start Search box.

    4.  Right-click cmd in the Programs list, and then click Run as administrator. If you are prompted for an administrator password or for confirmation, type your password or click Continue. 
    5.  At the command prompt, type each of the following commands at a time. Press ENTER after each command.
    Drive :
    CD Path
    WMIDiag.vbs

    Note: Drive and Path is the placeholder for the drive and path where the WMIDiag.vbs file is extracted.

    6.  If the WMI Diagnosis Utility reports that WMI is not functioning correctly, follow the steps in the report to resolve the problem.

     

    Hope it helps.

    Tuesday, May 6, 2008 12:32 PM
  • Hi,

     

    You did the right steps. According to the report, you should re-register the WMIUTILS.DLL file by running the command:

     

    REGSVR32.EXE WMIUTILS.DLL


    You can ignore the diabled rules for Windows Firewall if you do not need the incoming WMI connectivity.


    Thanks.

    Thursday, May 8, 2008 11:55 AM
  • Friday, May 9, 2008 7:08 PM

All replies

  • Hi Geoff,


    It seems Windows Vista does not detect the third-party antivirus.

     

    This feature only provides a notification to ask customer to install antivirus software. If you have ensured the antivirus software has been installed, you can safely ignore it.

     

    You can click show me my available options under virus protection. In the pop up window, choose I have an antivirus program that I will monitor it myself to close the alert complain.

     

    Also, you can try to reinstall software and update software to the latest to see if it do the trick. If this problem still remain, we recommend to contact third-party manufacturer to see if any update at their sides, which let Windows Vista detect it.
     

    Hope this helps.

    Friday, April 25, 2008 8:44 AM
  •  Yog Li - MSFT wrote:

    It seems Windows Vista does not detect the third-party antivirus.

     

    At least, Dr.Web and Avast I used on Vista Ultimate were identified quite correctly.

    Friday, April 25, 2008 8:51 AM
  • Thanks for the reply Yog Li, but Vista not recognising my anti virus is only a small and insignificant problem for me. I can live with that, and I'd imagine SP1 would fix that if it was a known issue. The bigger issues for me are that Windows Defender is broken and won't update, certain secuity updates won't install, and I can't make a restore point. All of this becuase the repository is not working correctly.

    I could try and install SP1, but I feel almost certain parts of it will fail becuase the repository is not in order. I get the feeling I have to either fix it or re-install Windows.

    What do you think?
    Saturday, April 26, 2008 1:56 AM
  • Hi Geoff,

     

    Did you get any error code while uodating the Windows Defender? This is perhaps due to some setting in Windows update. Follow the steps mentioned below to resolve the same:
     
    1. Click Start, All Programs, Windows Update.
     
    If the update engine is taking you to Microsoft Update, you should change it to Windows Update.
     
    2. Click Change Settings option in the left pane.

    3. Uncheck "Use Microsoft Update".
     
    This should resolve the issue. If the problem persists, perform the steps mentioned in the following KB articles:
     
    http://support.microsoft.com/default.aspx/kb/934562/en-us
    http://support.microsoft.com/kb/918355
     
    Also, you can manually download and install the Windows Defender definitions. Visit the following link and download 32-bit or 64-bit based on the version of your Windows Operating system:
     
    http://www.microsoft.com/security/portal/ADL.aspx
     
    Incase of any problems with downloading the definition, or running the program due to severe virus/malware attach, perform a PC safety scan. Visit:
     
    http://onecare.live.com/site/en-us/default.htm
     
    This will remove any Virus, Malware, or spyware from the system and allows you to continue with your task.

     

    If there's any other problem, click the link below for more information.

     

    Troubleshooting Windows Defender
    http://support.microsoft.com/kb/555957/en-us

     

    Thanks.

    Tuesday, April 29, 2008 9:42 AM
  • Thanks Yog-Li.
    But none of this appears to be my issue.
    I checked the update, and it's all good - goes to Wiondows Update. Also, I just had an automatic update and it was a Defender definition and it installed OK.
    But Defender will still not run.
    I found this KB article on the issue:
    http://support.microsoft.com/kb/555962/en-us
    and when I followed the instructions to go to cmd and type winmgmt /verifyrepository, in there I got an error code of 0x8004100A
    Looking that up I get this:
    WBEM_E_CRITICAL_ERROR 0x8004100A

    So there's clearly a problem with the repository. Is it terminal? Does the system need a reinstall? I have tried repairing the repository before, but I can't seem to get that to work either.

    I realise computers need patience, but this is getting ridiculous Smile
    Saturday, May 3, 2008 2:20 AM
  • After getting that error message (0x8004100A) and doing a bit of searching, I found this post: http://forums.microsoft.com/technet/ShowPost.aspx?postid=3047697&isthread=true&siteid=17

    So like that guy, I got the WMDiag.exe and generated a report, and in there, there are all sorts of errors with the WBEM area (I knew that already Smile)

    But at least I'm a step further. There is clealry a critical error in the Security section of this Vista installation, but it would appear from the other post that it CAN be repaired. I so much don't want to re-install at this time. I have already tried repairing the repository, and I've even tried an in place re-install of Vista (Microsoft's own solution). So far, everything has failed, and I'm sure that the SP1 will not work at this time.

    So if anyone would like to step in and help me at this point, I would greatly appreciate it. I obviously need a very knowledgeable techie person to go through the report and see what it is I might be able to do to rescue this install. The error itself says to refer this to Microsoft technical support. I would just prefer a better response than reinstall Windows...

    Thanks



    Saturday, May 3, 2008 6:44 AM
  • Hi,

     

    The error code 0x8004100A may occurs for one of the following reasons:

     

    1. The PATH environment variable does not contain %windir%\system32\wbem.
    2. The Windows Management Instrumentation (WMI) registry subkeys are modified. For example, if registration for CLSID_WbemDefPath is missing, you will receive error code 0x8004100A.

     

    To resolve this issue, try the following methods in the order presented. If the first method does not resolve the issue go to the second one.

     

    Method 1:  Add %windir%\system32\wbem to the PATH environment variable

     

    1.  Click Start, right-click Computer, and then click Properties.

    2.  In the Computer name, domain, and workgroup settings area, click Change settings. If you are prompted for an administrator password or for confirmation, type your password, or click Continue.

    3.  Click the Advanced tab, and then click Environment Variables.

    4.  In the System variables section, click to select Path, and then click Edit.

    5.  Add the following at the end of the Variable value text box:
    ;%windir%\system32\wbem

    6.  Click OK three times.

    Note If you run setup from a cmd.exe window, you have to open a new cmd.exe window because the existing cmd.exe window will have the previous path value. If you run setup from Windows Explorer, it will work.

     

    Method 2:  Run the WMI Diagnosis Utility

     

    1.  Download the WMI Diagnosis Utility version 2.0 (WMIDiag.exe). To do this, visit the following Microsoft Web site:
    http://www.microsoft.com/downloads/details.aspx?familyid=d7ba3cd6-18d1-4d05-b11e-4c64192ae97d&displaylang=en

    2.  Double-click WMIDiag.exe to extract the files that include the WMIDiag.vbs file.

    3.  Click Start, and then type cmd in the Start Search box.

    4.  Right-click cmd in the Programs list, and then click Run as administrator. If you are prompted for an administrator password or for confirmation, type your password or click Continue. 
    5.  At the command prompt, type each of the following commands at a time. Press ENTER after each command.
    Drive :
    CD Path
    WMIDiag.vbs

    Note: Drive and Path is the placeholder for the drive and path where the WMIDiag.vbs file is extracted.

    6.  If the WMI Diagnosis Utility reports that WMI is not functioning correctly, follow the steps in the report to resolve the problem.

     

    Hope it helps.

    Tuesday, May 6, 2008 12:32 PM
  • OK, thanks for that Yog Li.

    I started with Method 1. and after I'd done that I went into the security center and tried to turn Defender on. To my surprise, it started to download the definitions and said it was installing them. But it finished without any message that it was finished, and it didn't turn on. I tried a second time, and it gave me a message that there were no new definitions to download. On a side note, if I go into the Control Panel and open Defender directly from it's icon, it opens and appears to be running normally.

    Then I went on to Method 2. I was unsure what you meant by section 5, but I extracted the WMIDiag.vbs to my desktop, ran cmd as administrator, and cd'ed to the desktop and ran WMDiag.vbs. It gave me a report, and looking at that, there are errors, and there are warnings. It's a bit long to post the whole report, but here are the warnings

    .2046 09:04:53 (0) ** WMI service DCOM setup: ............................................................................................. OK.
    .2047 09:04:53 (2) !! WARNING: WMI DCOM components registration is missing for the following EXE/DLLs: .................................... 3 WARNING(S)!
    .2048 09:04:53 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WMIUTILS.DLL (\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InProcServer32)
    .2049 09:04:53 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WMIUTILS.DLL (\CLSID\{EAC8A024-21E2-4523-AD73-A71A0AA2F56A}\InProcServer32)
    .2050 09:04:53 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WMIUTILS.DLL (\CLSID\{EB87E1BD-3233-11D2-AEC9-00C04FB68820}\InProcServer32)
    .2051 09:04:53 (0) ** => WMI System components are not properly registered as COM objects, which could make WMI to
    .2052 09:04:53 (0) **    fail depending on the operation requested.
    .2053 09:04:53 (0) ** => For a .DLL, you can correct the DCOM configuration by executing the 'REGSVR32.EXE <Filename.DLL>' command.

    and the errors

    .2076 09:04:53 (0) ** Overall WMI security status: ........................................................................................ OK.
    .2077 09:04:53 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
    .2078 09:04:53 (0) ** WMI permanent SUBSCRIPTION(S): ...................................................................................... NONE.
    .2079 09:04:53 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
    .2080 09:04:53 (1) !! ERROR: WMI MONIKER CONNECTION errors occured for the following namespaces: .......................................... 1 ERROR(S)!
    .2081 09:04:53 (0) ** - Root, 0x80041021 - (WBEM_E_INVALID_SYNTAX) Query is syntactically invalid.
    .2082 09:04:53 (0) **
    .2083 09:04:53 (1) !! ERROR: WMI CONNECTION errors occured for the following namespaces: .................................................. 16 ERROR(S)!
    .2084 09:04:53 (0) ** - Root, 0x80041008 - (WBEM_E_INVALID_PARAMETER) One of the parameters to the call is not correct.
    .2085 09:04:53 (0) ** - Root, 0x80041008 - (WBEM_E_INVALID_PARAMETER) One of the parameters to the call is not correct.
    .2086 09:04:53 (0) ** - Root/subscription, 0x80041008 - (WBEM_E_INVALID_PARAMETER) One of the parameters to the call is not correct.
    .2087 09:04:53 (0) ** - Root/DEFAULT, 0x80041008 - (WBEM_E_INVALID_PARAMETER) One of the parameters to the call is not correct.
    .2088 09:04:53 (0) ** - Root/CIMV2, 0x80041008 - (WBEM_E_INVALID_PARAMETER) One of the parameters to the call is not correct.
    .2089 09:04:53 (0) ** - Root/CIMV2/Security, 0x80041008 - (WBEM_E_INVALID_PARAMETER) One of the parameters to the call is not correct.
    .2090 09:04:53 (0) ** - Root/CIMV2/Applications, 0x80041008 - (WBEM_E_INVALID_PARAMETER) One of the parameters to the call is not correct.
    .2091 09:04:53 (0) ** - Root/nap, 0x80041008 - (WBEM_E_INVALID_PARAMETER) One of the parameters to the call is not correct.
    .2092 09:04:53 (0) ** - Root/SECURITY, 0x80041008 - (WBEM_E_INVALID_PARAMETER) One of the parameters to the call is not correct.
    .2093 09:04:53 (0) ** - Root/WMI, 0x80041008 - (WBEM_E_INVALID_PARAMETER) One of the parameters to the call is not correct.
    .2094 09:04:53 (0) ** - Root/directory, 0x80041008 - (WBEM_E_INVALID_PARAMETER) One of the parameters to the call is not correct.
    .2095 09:04:53 (0) ** - Root/directory/LDAP, 0x80041008 - (WBEM_E_INVALID_PARAMETER) One of the parameters to the call is not correct.
    .2096 09:04:53 (0) ** - Root/SecurityCenter, 0x80041008 - (WBEM_E_INVALID_PARAMETER) One of the parameters to the call is not correct.
    .2097 09:04:53 (0) ** - Root/Microsoft, 0x80041008 - (WBEM_E_INVALID_PARAMETER) One of the parameters to the call is not correct.
    .2098 09:04:53 (0) ** - Root/Microsoft/HomeNet, 0x80041008 - (WBEM_E_INVALID_PARAMETER) One of the parameters to the call is not correct.
    .2099 09:04:53 (0) ** - Root/aspnet, 0x80041008 - (WBEM_E_INVALID_PARAMETER) One of the parameters to the call is not correct.
    .2100 09:04:53 (0) **

    and there are things disabled, which I have no idea if it's a problem or not.

    .1993 09:04:53 (0) ** INFO: Windows Firewall status: ...................................................................................... ENABLED.
    .1994 09:04:53 (0) ** Windows Firewall Profile: ........................................................................................... PRIVATE.
    .1995 09:04:53 (0) ** Inbound connections that do not match a rule BLOCKED: ............................................................... ENABLED.
    .1996 09:04:53 (0) ** => This will prevent any WMI remote connectivity to this computer except
    .1997 09:04:53 (0) **    if the following three inbound rules are ENABLED and non-BLOCKING:
    .1998 09:04:53 (0) **    - 'Windows Management Instrumentation (DCOM-In)'
    .1999 09:04:53 (0) **    - 'Windows Management Instrumentation (WMI-In)'
    .2000 09:04:53 (0) **    - 'Windows Management Instrumentation (ASync-In)'
    .2001 09:04:53 (0) **    Verify the reported status for each of these three inbound rules below.
    .2002 09:04:53 (0) **
    .2003 09:04:53 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI)' group rule: ............................................. DISABLED.
    .2004 09:04:53 (0) ** => This will prevent any WMI remote connectivity to/from this machine.
    .2005 09:04:53 (0) **    - You can adjust the configuration by executing the following command:
    .2006 09:04:53 (0) **    i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE GROUP="Windows Management Instrumentation (WMI)" NEW ENABLE=YES'
    .2007 09:04:53 (0) ** Note: With this command all inbound and outbound WMI rules are activated at once!
    .2008 09:04:53 (0) **       You can also enable each individual rule instead of activating the group rule.
    .2009 09:04:53 (0) **
    .2010 09:04:53 (0) ** Windows Firewall 'Windows Management Instrumentation (ASync-In)' rule: .............................................. DISABLED.
    .2011 09:04:53 (0) ** => This will prevent any WMI asynchronous inbound connectivity to this machine.
    .2012 09:04:53 (0) **    - You can adjust the configuration of this rule by executing the following command:
    .2013 09:04:53 (0) **    i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (ASync-In)" NEW ENABLE=YES'
    .2014 09:04:53 (0) **
    .2015 09:04:53 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-Out)' rule: ............................................... DISABLED.
    .2016 09:04:53 (0) ** => This will prevent any WMI asynchronous outbound connectivity from this machine.
    .2017 09:04:53 (0) **    - You can adjust the configuration of this rule by executing the following command:
    .2018 09:04:53 (0) **    i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (WMI-Out)" NEW ENABLE=YES'
    .2019 09:04:53 (0) **
    .2020 09:04:53 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-In)' rule: ................................................ DISABLED.
    .2021 09:04:53 (0) ** => This will prevent any WMI inbound connectivity to this machine.
    .2022 09:04:53 (0) ** Note: The rule 'Windows Management Instrumentation (WMI-In)' rule must be ENABLED to allow incoming WMI connectivity.
    .2023 09:04:53 (0) **    - You can adjust the configuration of this rule by executing the following command:
    .2024 09:04:53 (0) **    i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (WMI-In)" NEW ENABLE=YES'
    .2025 09:04:53 (0) **
    .2026 09:04:53 (0) ** Windows Firewall 'Windows Management Instrumentation (DCOM-In)' rule: ............................................... DISABLED.
    .2027 09:04:53 (0) ** => This will prevent any DCOM WMI inbound connectivity to this machine.
    .2028 09:04:53 (0) ** Note: The rule 'Windows Management Instrumentation (DCOM-In)' rule must be ENABLED to allow incoming DCOM WMI connectivity.
    .2029 09:04:53 (0) **    - You can adjust the configuration of this rule by executing the following command:
    .2030 09:04:53 (0) **    i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (DCOM-In)" NEW ENABLE=YES'
    .2031 09:04:53 (0) **

    I hope you can help me with some specific instructions as to what to do from here. I am not a system administrator or anything, I'm just a curious and experienced home user.

    Thanks for your advice.
    Wednesday, May 7, 2008 11:17 PM
  • Hi,

     

    You did the right steps. According to the report, you should re-register the WMIUTILS.DLL file by running the command:

     

    REGSVR32.EXE WMIUTILS.DLL


    You can ignore the diabled rules for Windows Firewall if you do not need the incoming WMI connectivity.


    Thanks.

    Thursday, May 8, 2008 11:55 AM
  • OK, I did that, and it gave me a messge that it succesfully registered them, but nothing seems to have changed. Still the same problems with Defender, Restore point, etc...Is a reboot neccesary or would that not make a difference? I'll reboot and run another report shall I....
    Thursday, May 8, 2008 10:46 PM
  • Friday, May 9, 2008 7:08 PM
  • Thank you so much guys, it worked! I went back and did the salvage repository thing, and it came up as saying it was consistent. No errors! Smile

    After a final reboot I could turn on Defender, it recognised AVG, I could make a system restore point, and my computer information showed up again in the system properties. Everything appears to be fixed. I installed a few Vista updates and now SP1 has returned to my updates, and now I feel it will be sucessful when I install that. I sure hope so.

    Anyway, thank you Yog Li, and Ramesh. Good work.
    Saturday, May 10, 2008 4:24 AM
  • I also have a probelm with vista security center, as a virrus accessed my computer and when I tried to go onto online, a page opened up from microsoft security center, telling me that my computer was at harm and to download anti-spyware. It provide a link to a website to buy the software. I brought the software and it go rid of the virrus, however the probelm is I still cant get onto the internet, as the microsoft security center page still kepts opening up and telling me to download the software, when I have already done this.

     

    What do I do, as I really need to get this fixed.

    Monday, November 3, 2008 12:16 AM
  • Thank you! Thank you! Thank you! I have been searching far and wide for an answer to this same issue! You have helped me out a great deal. Thanks again!

     

    Friday, December 5, 2008 5:35 AM