WMI has issues outside of safe mode

Since the tabs are only available in safe mode, logon in safe mode and open the WMI Control panel, click the Security tab, then click the Security button. Make note of the listed Groups/Users and the permissions for each. Take screen shots if need be. Let us know what you find.

 

Finished changing the permissions, nothing has changed so I went to safe mode to collect screenshots:

Permissions:
http://img169.imageshack.us/img169/6922/permissions1lx4.jpg
http://img169.imageshack.us/img169/2565/permissions2vr2.jpg

General:
http://img262.imageshack.us/img262/6929/generalgq8.jpg

Logging:
http://img512.imageshack.us/img512/6018/loggingui6.jpg

Advanced:
http://img262.imageshack.us/img262/8568/advancedqk8.jpg

I'm going to keep going down the list and report with the results.

 

Okay, I recompiled the repository using her method, then went back to the WMI properties as suggested, and now instead of provider load failure I am getting "Invalid Class." I am guessing this is a good thing, I'll do some googling while you all check back.

EDIT: I'm back to "provider load failure "

I noted when I tried to recompile all of the mof files I had a couple errors that were like the ones listed. It said the "Rebuild From Scratch" should solve it, but that isn't the case.

 

Can you access the tabs in the WMI Control in normal mode now? If so, go back to the Security tab, Security button and select each group listed, then view the permissions for each in the lower pane. Administrators should have all boxes checked in the Allow column (except for Special Permissions), the others should have Execute Methods, Provider Write and Enable Account checked in the Allow column. None should have anything checked in the Deny column.

You should also click the Advanced button and verify that each of the 4 groups show Special in the Permissions column, and they Apply To This namespace and subnamespaces.

Then, execute the following command from a command window.

reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmgmt" /s> "%userprofile%\desktop\wmi.txt "

Post the contents of the wmi.txt log it creates on the desktop.

 

I still can't get to the other tabs. I ran the command-line statement and here is the resulting text file:


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmgmt
Type REG_DWORD 0x20
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x0
ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
DisplayName REG_SZ Windows Management Instrumentation
DependOnService REG_MULTI_SZ RPCSS\0\0
DependOnGroup REG_MULTI_SZ \0
ObjectName REG_SZ LocalSystem
FailureActions REG_BINARY 80510100000000000000000002000000646F77730100000060EA00000100000060EA0000
Description REG_SZ Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmgmt\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\wbem\WMIsvc.dll
ServiceMain REG_SZ ServiceMain

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmgmt\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmgmt\Enum
0 REG_SZ Root\LEGACY_WINMGMT\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

 

I do see one problem in that export, so lets fix it. Highlight and copy the contents of the quote box below to a blank notepad. Save it to the desktop as;

Filename: fix.reg
Save as type: All Files (*.*)

Double click fix.reg and allow it to merge with the registry.

Now reboot to safe mode and check on those permissions for me. Let me know if there's any change once back in normal mode. Then run that export command line again and repost the wmi.txt file contents.

 

I ran the file, rebooted to safe mode and the permissions look right there, but there is no change in regular mode. The export text file:


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmgmt
Type REG_DWORD 0x20
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x0
ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
DisplayName REG_SZ Windows Management Instrumentation
DependOnService REG_MULTI_SZ RPCSS\0Eventlog\0\0
DependOnGroup REG_MULTI_SZ \0
ObjectName REG_SZ LocalSystem
FailureActions REG_BINARY 80510100000000000000000002000000646F77730100000060EA00000100000060EA0000
Description REG_SZ Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmgmt\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\wbem\WMIsvc.dll
ServiceMain REG_SZ ServiceMain

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmgmt\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmgmt\Enum
0 REG_SZ Root\LEGACY_WINMGMT\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

 

OK, the reg fix was successful. Please execute the following two commands from a command window, 1 at a time, then tell us what the State of each process is.

sc query winmgmt
sc query Eventlog

If both are running, please run the WMIDiag tool again and email me the .log file created.

1 other thing for now ...... click Start>Run and type wmimgmt.msc then hit Enter. Click Help on the menu then select both About Microsoft Management Console and About WMI Control then tells us the information displayed for each.

 

About Microsoft Management Console Screenshot:

http://img175.imageshack.us/img175/5156/wmiscreenea6.jpg

About WMI Control Info:

WMI Control
Microsoft Corporation
Version: 1.0

Allows configuration and control of the Windows Management Instrumentation (WMI) service.

sc query winmgmt - Running
sc query Eventlog - Running

The log has been e-mailed.

 

Log received, thanks. Since the repository has been rebuilt now, lets run a couple of commands again. From a command window, execute the following, 1 at a time.

regsvr32 FASTPROX.DLL
regsvr32 WBEMPROX.DLL
WINMGMT.EXE /CLEARADAP
WINMGMT.EXE /RESYNCPERF

Let me know if you get anything other than Successful messages. Reboot when complete and see if there's any change.

I'll study the log more on fresher eyes, maybe tomorrow evening.

 

Afterthought ........ if WMI still has issues after the above, please run the Diag tool again and send me the new log so I can see if there's any change in the errors it shows.

 

Oh yuck! Argggggggg! Hoping it was done!

I got busy with family and was away some yesterday!

Takin a break from this since we had some good help finally, sure it would be fixed when I got back.

It's a tough one.

Ok a little more research and I found this.

Do the below after you complete Dave's process in the last post and it does not repair WMI.

Paste all of below (5 lines) to cmd prompt make sure to hit enter a couple times to asure all lines execute!

NET STOP "Windows Management Instrumentation" /y
REGSVR32 /s %WINDIR%\system32\scecli.dll
REGSVR32 /s %WINDIR%\system32\userenv.dll
wmiprvse /regserver
NET START "Windows Management Instrumentation "

Mike

 

Did everything recommended by both of you, I e-mailed the log file earlier, just got around to posting.

For the first two commands, I got the "ok" pop-ups, for the second it just kept going, as I would expect for any other command, which I think should be what I should expect from those. Everything seems pretty much the same to me.

 

Spider, this post consists of some info from your logs and a question directed towards Mike.

Log errors
0x80041013
WBEM_E_PROVIDER_LOAD_FAILURE
COM cannot locate a provider referenced in the schema.


11946 21:49:07 (2) !! WARNING: WMI DCOM components registration is missing for the following EXE/DLLs: .................................... 6 WARNING(S)!
11947 21:49:07 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL (\CLSID\{7A0227F6-7108-11D1-AD90-00C04FD8FDFF}\InProcServer32)
11948 21:49:07 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL (\CLSID\{D71EE747-F455-4804-9DF6-2ED81025F2C1}\InProcServer32)
11949 21:49:07 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL (\CLSID\{ED51D12E-511F-4999-8DCD-C2BAC91BE86E}\InProcServer32)
11950 21:49:07 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL (\CLSID\{4C6055D8-84B9-4111-A7D3-6623894EEDB3}\InProcServer32)
11951 21:49:07 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL (\CLSID\{A1044801-8F7E-11D1-9E7C-00C04FC324A8}\InProcServer32)
11952 21:49:07 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL (\CLSID\{F7CE2E13-8C90-11D1-9E7B-00C04FC324A8}\InProcServer32)
11953 21:49:07 (0) ** => WMI System components are not properly registered as COM objects, which could make WMI to
11954 21:49:07 (0) ** fail depending on the operation requested.
11955 21:49:07 (0) ** => For a .DLL, you can correct the DCOM configuration by executing the 'REGSVR32.EXE <Filename.DLL>' command.



From here

Following the DllRegisterServer link;

Now for the question. Notice I have highlighted InProcServer32 in the errors above and in-process server in the quote above. Since the regsvr32 command has already been executed on those dll's, should we try the DllRegisterServer command above? I haven't searched extensively, but what research I have done hasn't resulted in finding any other specific commands to use with it.

 

am I supposed to be doing something or did he forget about us?

 

You can bet he didn't forget ...... just very busy I'm sure. Been quite busy myself. I'll try to do a bit more research on the above tonight and let you know something.

 

Well, a bit of digging convinced me that the DllRegisterServer function is not the path we want to explore. Let's try this. Execute the following commands by copying all and pasting into a command window.

regsvr32 /u FASTPROX.DLL
regsvr32 /u WBEMPROX.DLL
regsvr32 /i FASTPROX.DLL
regsvr32 /i WBEMPROX.DLL
WINMGMT.EXE /CLEARADAP
WINMGMT.EXE /RESYNCPERF
exit
cls

Reboot when complete and give us an update.

 

FASTPROX.DLL was loaded, but the DllInstall entry point was not found.

FASTPROX.DLL does not appear to be a .DLL or .OCX file.

WBEMPROX.DLL was loaded, but the DllInstall entry point was not found.

WBEMPROX.DLL does not appear to be a .DLL or .OCX file.

 

See if you have copies of those two files in the C:\Windows\ServicePackFiles\i386 folder and replace the ones in the wbem folder with them. Then run the above commands again.

 

If you get the same message, run it again without the /i switch.

regsvr32 /u FASTPROX.DLL
regsvr32 /u WBEMPROX.DLL
regsvr32 FASTPROX.DLL
regsvr32 WBEMPROX.DLL
WINMGMT.EXE /CLEARADAP
WINMGMT.EXE /RESYNCPERF
exit
cls