none
WMI - Root/CIMV2, Win32_PerfFormattedData_TermService_TerminalServices, 0x80041002

    Question

  • We are using a program that uses WMI to retrieve information about the machines on local and remote sites.

    Vista SP1 machines are not collecting Performance Counter data. Non-SP1 machines work fine.

     

    This is confirmed to be a problem with Vista SP1, These same errors have shown up on several machines with SP1.

    All Non-SP1 machines are working fine with no errors from WMIDiag.

     

    28314 16:51:36 (0) ** WMI CONNECTIONS: .................................................................................................... OK.
    28315 16:51:36 (1) !! ERROR: WMI GET operation errors reported: ........................................................................... 2 ERROR(S)!
    28316 16:51:36 (0) ** - Root/CIMV2, Win32_PerfFormattedData_TermService_TerminalServices, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
    28317 16:51:36 (0) **   MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
    28318 16:51:36 (0) ** - Root/CIMV2, Win32_PerfRawData_TermService_TerminalServices, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
    28319 16:51:36 (0) **   MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
    28320 16:51:36 (0) ** => When a WMI performance class is missing (i.e. 'Win32_PerfRawData_TermService_TerminalServices'), it is generally due to
    28321 16:51:36 (0) **    a lack of buffer refresh of the WMI class provider exposing the WMI performance counters.
    28322 16:51:36 (0) **    You can refresh the WMI class provider buffer with the following command:

    I have tried the following

     

    1. At the command line, type net stop winmgmt. You may get a warning that other services need to be stopped as well; type Y and continue.
    2. Open Explorer and go to the folder called %SystemRoot%\System32\WBEM\Repository.
    3. Delete that folder and everything in it.
    4. Reboot the system normally.
    5. On the next login, open a command prompt and type the following commands in this order:
    winmgmt /clearadap
    winmgmt /kill
    winmgmt /unregserver
    winmgmt /regserver
    winmgmt /resyncperf

     

    I have re-registered all dlls in "C:\Windows\System32\wbem"

    I have also recompliled all the .MLF and .MOF files

     

    Any help with this would be greatly appriciated.

     

    Here is the full WMIDiag Report Text.......................

    NOTE: The DCOM Warning below has been fixed.....

     

    28195 16:51:36 (0) ** WMIDiag v2.0 started on Tuesday, April 22, 2008 at 16:41.
    28196 16:51:36 (0) **
    28197 16:51:36 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - January 2007.
    28198 16:51:36 (0) **
    28199 16:51:36 (0) ** This script is not supported under any Microsoft standard support program or service.
    28200 16:51:36 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
    28201 16:51:36 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
    28202 16:51:36 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
    28203 16:51:36 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
    28204 16:51:36 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
    28205 16:51:36 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
    28206 16:51:36 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
    28207 16:51:36 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
    28208 16:51:36 (0) ** of the possibility of such damages.
    28209 16:51:36 (0) **
    28210 16:51:36 (0) **
    28211 16:51:36 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    28212 16:51:36 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
    28213 16:51:36 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    28214 16:51:36 (0) **
    28215 16:51:36 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    28216 16:51:36 (0) ** Windows Vista - Service pack 1 - 32-bit (6001) - User '???????\???????' on computer '??????????'.
    28217 16:51:36 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    28218 16:51:36 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)!
    28219 16:51:36 (0) ** INFO: => 5 incorrect shutdown(s) detected on:
    28220 16:51:36 (0) **          - Shutdown on 14 April 2008 16:38:43 (GMT-0).
    28221 16:51:36 (0) **          - Shutdown on 07 April 2008 15:13:33 (GMT-0).
    28222 16:51:36 (0) **          - Shutdown on 07 April 2008 14:19:53 (GMT-0).
    28223 16:51:36 (0) **          - Shutdown on 07 April 2008 13:43:14 (GMT-0).
    28224 16:51:36 (0) **          - Shutdown on 02 April 2008 16:05:21 (GMT-0).
    28225 16:51:36 (0) **
    28226 16:51:36 (0) ** System drive: ....................................................................................................... C: (Disk #2 Partition #0).
    28227 16:51:36 (0) ** Drive type: ......................................................................................................... IDE (Maxtor 6L250S0 ATA Device).
    28228 16:51:36 (0) ** There are no missing WMI system files: .............................................................................. OK.
    28229 16:51:36 (0) ** There are no missing WMI repository files: .......................................................................... OK.
    28230 16:51:36 (0) ** WMI repository state: ............................................................................................... CONSISTENT.
    28231 16:51:36 (0) ** BEFORE running WMIDiag:
    28232 16:51:36 (0) ** The WMI repository has a size of: ................................................................................... 26 MB.
    28233 16:51:36 (0) ** - Disk free space on 'C:': .......................................................................................... 39506 MB.
    28234 16:51:36 (0) **   - INDEX.BTR,                     2654208 bytes,      4/22/2008 4:36:30 PM
    28235 16:51:36 (0) **   - MAPPING1.MAP,                  73092 bytes,        4/22/2008 4:35:00 PM
    28236 16:51:36 (0) **   - MAPPING2.MAP,                  73092 bytes,        4/22/2008 4:36:30 PM
    28237 16:51:36 (0) **   - OBJECTS.DATA,                  24199168 bytes,     4/22/2008 4:36:30 PM
    28238 16:51:36 (0) ** AFTER running WMIDiag:
    28239 16:51:36 (0) ** The WMI repository has a size of: ................................................................................... 26 MB.
    28240 16:51:36 (0) ** - Disk free space on 'C:': .......................................................................................... 39503 MB.
    28241 16:51:36 (0) **   - INDEX.BTR,                     2654208 bytes,      4/22/2008 4:36:30 PM
    28242 16:51:36 (0) **   - MAPPING1.MAP,                  73092 bytes,        4/22/2008 4:35:00 PM
    28243 16:51:36 (0) **   - MAPPING2.MAP,                  73092 bytes,        4/22/2008 4:36:30 PM
    28244 16:51:36 (0) **   - OBJECTS.DATA,                  24199168 bytes,     4/22/2008 4:36:30 PM
    28245 16:51:36 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    28246 16:51:36 (0) ** INFO: Windows Firewall status: ...................................................................................... ENABLED.
    28247 16:51:36 (0) ** Windows Firewall Profile: ........................................................................................... DOMAIN.
    28248 16:51:36 (0) ** Inbound connections that do not match a rule BLOCKED: ............................................................... ENABLED.
    28249 16:51:36 (0) ** => This will prevent any WMI remote connectivity to this computer except
    28250 16:51:36 (0) **    if the following three inbound rules are ENABLED and non-BLOCKING:
    28251 16:51:36 (0) **    - 'Windows Management Instrumentation (DCOM-In)'
    28252 16:51:36 (0) **    - 'Windows Management Instrumentation (WMI-In)'
    28253 16:51:36 (0) **    - 'Windows Management Instrumentation (ASync-In)'
    28254 16:51:36 (0) **    Verify the reported status for each of these three inbound rules below.
    28255 16:51:36 (0) **
    28256 16:51:36 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI)' GROUP rule: ............................................. ENABLED.
    28257 16:51:36 (0) ** Windows Firewall 'Windows Management Instrumentation (ASync-In)' rule: .............................................. ENABLED.
    28258 16:51:36 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-Out)' rule: ............................................... ENABLED.
    28259 16:51:36 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-In)' rule: ................................................ ENABLED.
    28260 16:51:36 (0) ** Windows Firewall 'Windows Management Instrumentation (DCOM-In)' rule: ............................................... ENABLED.
    28261 16:51:36 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    28262 16:51:36 (2) !! WARNING: DCOM Status: ............................................................................................... WARNING!
    28263 16:51:36 (2) !! WARNING: => The DCOM Default Impersonation is NOT set to 'Identify'.
    28264 16:51:36 (0) **    This could prevent WMI to work correctly.
    28265 16:51:36 (0) **    You can fix the DCOM configuration by:
    28266 16:51:36 (0) **    - Executing the 'DCOMCNFG.EXE' command.
    28267 16:51:36 (0) **    - Expanding 'Component Services' and 'Computers' nodes.
    28268 16:51:36 (0) **    - Editing properties of 'My Computer' node.
    28269 16:51:36 (0) **    - Editing the 'Default properties' tab.
    28270 16:51:36 (0) **    - Set the 'Default Impersonation level' listbox to 'Identify'.
    28271 16:51:36 (0) **    From the command line, the DCOM configuration can be corrected with the following command:
    28272 16:51:36 (0) **    i.e. 'REG.EXE Add HKLM\SOFTWARE\Microsoft\Ole /v LegacyImpersonationLevel /t REG_DWORD /d 2 /f'
    28273 16:51:36 (0) **
    28274 16:51:36 (0) ** WMI registry setup: ................................................................................................. OK.
    28275 16:51:36 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)!
    28276 16:51:36 (0) ** - Security Center (WSCSVC, StartMode='Automatic')
    28277 16:51:36 (0) ** - Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Disabled')
    28278 16:51:36 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
    28279 16:51:36 (0) **    Note: If the service is marked with (*), it means that the service/application uses WMI but
    28280 16:51:36 (0) **          there is no hard dependency on WMI. However, if the WMI service is stopped,
    28281 16:51:36 (0) **          this can prevent the service/application to work as expected.
    28282 16:51:36 (0) **
    28283 16:51:36 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
    28284 16:51:36 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
    28285 16:51:36 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    28286 16:51:36 (0) ** WMI service DCOM setup: ............................................................................................. OK.
    28287 16:51:36 (0) ** WMI components DCOM registrations: .................................................................................. OK.
    28288 16:51:36 (0) ** WMI ProgID registrations: ........................................................................................... OK.
    28289 16:51:36 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
    28290 16:51:36 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
    28291 16:51:36 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
    28292 16:51:36 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
    28293 16:51:36 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    28294 16:51:36 (0) ** INFO: User Account Control (UAC): ................................................................................... DISABLED.
    28295 16:51:36 (0) ** INFO: Local Account Filtering: ...................................................................................... DISABLED.
    28296 16:51:36 (0) ** Overall DCOM security status: ....................................................................................... OK.
    28297 16:51:36 (0) ** Overall WMI security status: ........................................................................................ OK.
    28298 16:51:36 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
    28299 16:51:36 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 1.
    28300 16:51:36 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer".
    28301 16:51:36 (0) **   'select * from MSFT_SCMEventLogEvent'
    28302 16:51:36 (0) **
    28303 16:51:36 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
    28304 16:51:36 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: .................................................................... 3 NAMESPACE(S)!
    28305 16:51:36 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTTPM.
    28306 16:51:36 (0) ** - ROOT/CIMV2/TERMINALSERVICES.
    28307 16:51:36 (0) ** - ROOT/SERVICEMODEL.
    28308 16:51:36 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to
    28309 16:51:36 (0) **    use an encrypted connection by specifying the PACKET PRIVACY authentication level.
    28310 16:51:36 (0) **    (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags)
    28311 16:51:36 (0) **    i.e. 'WMIC.EXE /NODE:"????????" /AUTHLEVELStick out tonguektprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class __SystemSecurity'
    28312 16:51:36 (0) **
    28313 16:51:36 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK.
    28314 16:51:36 (0) ** WMI CONNECTIONS: .................................................................................................... OK.
    28315 16:51:36 (1) !! ERROR: WMI GET operation errors reported: ........................................................................... 2 ERROR(S)!
    28316 16:51:36 (0) ** - Root/CIMV2, Win32_PerfFormattedData_TermService_TerminalServices, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
    28317 16:51:36 (0) **   MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
    28318 16:51:36 (0) ** - Root/CIMV2, Win32_PerfRawData_TermService_TerminalServices, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
    28319 16:51:36 (0) **   MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
    28320 16:51:36 (0) ** => When a WMI performance class is missing (i.e. 'Win32_PerfRawData_TermService_TerminalServices'), it is generally due to
    28321 16:51:36 (0) **    a lack of buffer refresh of the WMI class provider exposing the WMI performance counters.
    28322 16:51:36 (0) **    You can refresh the WMI class provider buffer with the following command:
    28323 16:51:36 (0) **
    28324 16:51:36 (0) **    i.e. 'WINMGMT.EXE /SYNCPERF'
    28325 16:51:36 (0) **
    28326 16:51:36 (0) ** WMI MOF representations: ............................................................................................ OK.
    28327 16:51:36 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
    28328 16:51:36 (0) ** WMI ENUMERATION operations: ......................................................................................... OK.
    28329 16:51:36 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
    28330 16:51:36 (0) ** WMI GET VALUE operations: ........................................................................................... OK.
    28331 16:51:36 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
    28332 16:51:36 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
    28333 16:51:36 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
    28334 16:51:36 (0) ** WMI static instances retrieved: ..................................................................................... 1622.
    28335 16:51:36 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
    28336 16:51:36 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 1.
    28337 16:51:36 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    28338 16:51:36 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
    28339 16:51:36 (0) **   DCOM: ............................................................................................................. 0.
    28340 16:51:36 (0) **   WINMGMT: .......................................................................................................... 0.
    28341 16:51:36 (0) **   WMIADAPTER: ....................................................................................................... 0.
    28342 16:51:36 (0) **
    28343 16:51:36 (0) ** # of additional Event Log events AFTER WMIDiag execution:
    28344 16:51:36 (0) **   DCOM: ............................................................................................................. 0.
    28345 16:51:36 (0) **   WINMGMT: .......................................................................................................... 0.
    28346 16:51:36 (0) **   WMIADAPTER: ....................................................................................................... 0.
    28347 16:51:36 (0) **
    28348 16:51:36 (0) ** 2 error(s) 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found
    28349 16:51:36 (0) ** => This error is typically a WMI error. This WMI error is due to:
    28350 16:51:36 (0) **    - a missing WMI class definition or object.
    28351 16:51:36 (0) **      (See any GET, ENUMERATION, EXECQUERY and GET VALUE operation failures).
    28352 16:51:36 (0) **      You can correct the missing class definitions by:
    28353 16:51:36 (0) **      - Manually recompiling the MOF file(s) with the 'MOFCOMP <FileName.MOF>' command.
    28354 16:51:36 (0) **      Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag.
    28355 16:51:36 (0) **            (This list can be built on a similar and working WMI Windows installation)
    28356 16:51:36 (0) **            The following command line must be used:
    28357 16:51:36 (0) **            i.e. 'WMIDiag CorrelateClassAndProvider'
    28358 16:51:36 (0) **      Note: When a WMI performance class is missing, you can manually resynchronize performance counters
    28359 16:51:36 (0) **            with WMI by starting the ADAP process.
    28360 16:51:36 (0) **    - a WMI repository corruption.
    28361 16:51:36 (0) **      In such a case, you must rerun WMIDiag with 'WriteInRepository' parameter
    28362 16:51:36 (0) **      to validate the WMI repository operations.
    28363 16:51:36 (0) **    Note: ENSURE you are an administrator with FULL access to WMI EVERY namespaces of the computer before
    28364 16:51:36 (0) **          executing the WriteInRepository command. To write temporary data from the Root namespace, use:
    28365 16:51:36 (0) **          i.e. 'WMIDiag WriteInRepository=Root'
    28366 16:51:36 (0) **    - If the WriteInRepository command fails, while being an Administrator with ALL accesses to ALL namespaces
    28367 16:51:36 (0) **      the WMI repository must be reconstructed.
    28368 16:51:36 (0) **    Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository,
    28369 16:51:36 (0) **          otherwise some applications may fail after the reconstruction.
    28370 16:51:36 (0) **          This can be achieved with the following command:
    28371 16:51:36 (0) **          i.e. 'WMIDiag ShowMOFErrors'
    28372 16:51:36 (0) **    Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing
    28373 16:51:36 (0) **          ALL fixes previously mentioned.
    28374 16:51:36 (2) !! WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory)
    28375 16:51:36 (0) **
    28376 16:51:36 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    28377 16:51:36 (0) ** WMI Registry key setup: ............................................................................................. OK.
    28378 16:51:36 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    28379 16:51:36 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    28380 16:51:36 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    28381 16:51:36 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    28382 16:51:36 (0) **
    28383 16:51:36 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    28384 16:51:36 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
    28385 16:51:36 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    28386 16:51:36 (0) **
    28387 16:51:36 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!.  Check 'C:\USERS\TECHPC\APPDATA\LOCAL\TEMP\WMIDIAG-V2.0_VISTA.CLI.SP1.32_?????????_2008.04.22_16.41.14.LOG' for details.
    28388 16:51:36 (0) **
    28389 16:51:36 (0) ** WMIDiag v2.0 ended on Tuesday, April 22, 2008 at 16:51 (W:55 E:8 S:1).

    Monday, April 28, 2008 8:31 PM

All replies

  •  

    BUMP
    Tuesday, April 29, 2008 2:53 PM
  • I am experiencing this identical issue.
    In addition, my WmiPrvse.exe process is using 100% of one of cores all of the time now.
    Wednesday, April 30, 2008 10:34 PM
  •  

    Is there a moderator or anyone else that can shed any light on this issue?
    Wednesday, May 07, 2008 1:03 PM
  • I found a article on Technet referring to the winmgmt.exe being corrupt located on the root of wbem. I replaced it with a known good exe and ran it.  I then re-registered the WMI Components (dll's)

     

    Re-registering the WMI components (Ref WMI FAQ)

    WMI FAQ)

    The .DLL and .EXE files used by WMI are located in %windir%\system32\wbem. You might need to re-register all the .DLL and .EXE files in this directory. If you are running a 64-bit system you might also need to check for .DLLs and .EXE files in %windir%\sysWOW64\wbem.

    To re-register the WMI components, run the following commands at the command prompt:

    • cd /d %windir%\system32\wbem
    • for %i in (*.dll) do RegSvr32 -s %i
    • for %i in (*.exe) do %i /RegServer

    see:  http://windowsxp.mvps.org/repairwmi.htm  

     

    I also noticed a increase in system performance. . . .make me very happy

     

    IT Service Desk Pro

    ITServiceDeskPro.com  

     

    Saturday, September 13, 2008 1:57 PM
  • i Had a similar issue. objWMIService.ExecQuery  query was not working. used WMIDiag to generate report but it had long list of things to be done.
    i hust rerisgtered WMI component and it worked. 

    Great work.

    Tuesday, June 02, 2009 7:41 AM