locked
Constant wmiprvse.exe Errors RRS feed

  • Question

  • We have 5 Windows Server Datacenter Edition SP1 servers in a cluster.  At least one server per week starts getting the error below and once this occurs you can no longer add any new Virtual Machines to the cluster via SCVMM until you remove the affected server from the cluster.

    So far the only thing that has worked is a complete reinstall.  After the full reinstall we backup the WMI repository, turn on Shadow Copies and Create a Backup of the C: drive.  Once the error begins we have tried to restore the WMI Repository with no luck, restore the x32 and x64 wbeb and inf folders from our backups and a search through the Shadow Copy shows no modified files around the time the errors begin.

    We cannot find any change that causes this to start nor a fix for it.

    Anyone have a thought?

    Log Name:      Application
    Source:        Application Error
    Date:          2/19/2009 8:01:55 PM
    Event ID:      1000
    Task Category: (100)
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      SRV1.domain.net
    Description:
    Faulting application wmiprvse.exe, version 6.0.6001.18000, time stamp 0x4791950f, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791adec, exception code 0xc0000374, fault offset 0x00000000000a6e97, process id 0x5f4, application start time 0x01c9930f5a8798a6.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Application Error" />
        <EventID Qualifiers="0">1000</EventID>
        <Level>2</Level>
        <Task>100</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2009-02-20T04:01:55.000Z" />
        <EventRecordID>1886</EventRecordID>
        <Channel>Application</Channel>
        <Computer>SRV1.domain.net</Computer>
        <Security />
      </System>
      <EventData>
        <Data>wmiprvse.exe</Data>
        <Data>6.0.6001.18000</Data>
        <Data>4791950f</Data>
        <Data>ntdll.dll</Data>
        <Data>6.0.6001.18000</Data>
        <Data>4791adec</Data>
        <Data>c0000374</Data>
        <Data>00000000000a6e97</Data>
        <Data>5f4</Data>
        <Data>01c9930f5a8798a6</Data>
      </EventData>
    </Event>
    Friday, February 20, 2009 4:45 AM

Answers

  • Hi,

     

    Please verify that various WMI namespaces can be connected to, then update WMI on all involved Windows 2008 machines.

     

    1.    Verify WMI namspace on each machine involved:

     

    1.1 Using wbemtest

    - Click the 'Start' button

    - Start> Run> wbemtest

    - Click 'Connect' and enter 'root\cimv2' then click 'Connect' again. This should not prompt with an error

    - Click 'Connect' and enter 'root\default' then click 'Connect' again. This should not prompt with an error

    On a Hyper-V server, this should also work

    - Click 'Connect' and enter 'root\virtualization' then click 'Connect' again.

    This should not prompt with an error

    On an SCVMM Server (Host) this should also work

    - Click 'Connect' and enter 'root\scvmm' then click 'Connect' again. This should not prompt with an error

    - Close 'wbemtest'

     

    1.2 Using command line

    - From an elevated command prompt type 'wmic nic' and press Enter

    - This should return information, not an error. If there is an error, and all other tests work, this is likely due to NIC TEAMING. Uninstall all NIC Teaming software, reboot and try again

    - From an elevated command prompt type 'wmic diskdrive list brief' and press Enter

    - This should return information, not an error

     

     

    2.    Install WMI Updates and Hotfixes

    Currently the following updates have been tested and confirmed. If you have other WMI updates that you have confirmed please notify me or update this article.

     

    Each requires a reboot:

     

    954563 Memory corruption may occur with the Windows Management Instrumentation (WMI) service on a computer that is running Windows Server 2008 or Windows Vista Service Pack 1

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;954563

     

    958124 A wmiprvse.exe process may leak memory when a WMI notification query is used heavily on a Windows Server 2008-based or Windows Vista-based computer

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;958124

     

    955805 Certain applications become very slow on a Windows Server 2008-based or Windows Vista SP1-based computer when a certificate with SIA extension is installed

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;955805

     

     

    Best regards,

    Vincent Hu

     

    • Marked as answer by Vincent Hu Friday, February 27, 2009 9:40 AM
    Monday, February 23, 2009 9:13 AM

All replies

  • Hi,

     

    Please verify that various WMI namespaces can be connected to, then update WMI on all involved Windows 2008 machines.

     

    1.    Verify WMI namspace on each machine involved:

     

    1.1 Using wbemtest

    - Click the 'Start' button

    - Start> Run> wbemtest

    - Click 'Connect' and enter 'root\cimv2' then click 'Connect' again. This should not prompt with an error

    - Click 'Connect' and enter 'root\default' then click 'Connect' again. This should not prompt with an error

    On a Hyper-V server, this should also work

    - Click 'Connect' and enter 'root\virtualization' then click 'Connect' again.

    This should not prompt with an error

    On an SCVMM Server (Host) this should also work

    - Click 'Connect' and enter 'root\scvmm' then click 'Connect' again. This should not prompt with an error

    - Close 'wbemtest'

     

    1.2 Using command line

    - From an elevated command prompt type 'wmic nic' and press Enter

    - This should return information, not an error. If there is an error, and all other tests work, this is likely due to NIC TEAMING. Uninstall all NIC Teaming software, reboot and try again

    - From an elevated command prompt type 'wmic diskdrive list brief' and press Enter

    - This should return information, not an error

     

     

    2.    Install WMI Updates and Hotfixes

    Currently the following updates have been tested and confirmed. If you have other WMI updates that you have confirmed please notify me or update this article.

     

    Each requires a reboot:

     

    954563 Memory corruption may occur with the Windows Management Instrumentation (WMI) service on a computer that is running Windows Server 2008 or Windows Vista Service Pack 1

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;954563

     

    958124 A wmiprvse.exe process may leak memory when a WMI notification query is used heavily on a Windows Server 2008-based or Windows Vista-based computer

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;958124

     

    955805 Certain applications become very slow on a Windows Server 2008-based or Windows Vista SP1-based computer when a certificate with SIA extension is installed

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;955805

     

     

    Best regards,

    Vincent Hu

     

    • Marked as answer by Vincent Hu Friday, February 27, 2009 9:40 AM
    Monday, February 23, 2009 9:13 AM
  • Can you help me solve this problem please? I have 100% CPU usage. wmiprvse.exe takes 70% and spoolsv.exe takes 30%. Thank you.
    Wednesday, March 23, 2011 11:56 PM
  • That is a really good post, however all of those hotfixes say "This update does not apply to your system".

    Microsoft Windows Server 2008 Standard

    Version 6.0 (Build 6002: Service Pack 2)

    Still get occasional errors in this win improvise file, faulted module ntdll.dll.  It is not an issue nothing is broken, just annoying to see the "WMI provider has stopped working" dialog box when connecting to this box.  Also the unnecessary logs in eventvwr.  At least we rarely ever have to connect onto this machine.  It just churns away and runs in autopilot normally.

    Wednesday, April 25, 2012 1:39 PM
  • Yes, because maybe you are trying to install on a Windows Server 2008 R2, I get the same message (on Win 2k8 R2).

    The KBs are compatible just with Windows Server 2008.

    Friday, January 19, 2018 2:01 PM