Windows Firewall - Advanced Tab - Problem

Happy to hear the System Restore issue has been resolved.

You can get the WMI Diagnosis Utility from MS at the link I provided here

I know that the symptoms don't apply, but try the procedure given here and see if it makes any difference for the Firewall issue if the diag utility doesn't reveal something.

Hmmm ..... those files don't exist, which makes even less sense now that SFC is trying to copy them to the dllcache. What kind of computer do you have (make and model)?

 

That's what I suspected as I was writing my reply as follows.


Thanks, everyone, for your encouragement!

I'll keep my eye on Windows BBS and I'll bail you out when needed.

Or...

The snchk.exe, ehituner.dll, and ehiepg.dll files might not currently exist in dcfrazel's C:\WINDOWS\eHome\ folder.

If this is the case, I suspect locating and copying the proper snchk.exe, ehituner.dll, and ehiepg.dll files (somewhere on a CD that came with your computer, perhaps?) to the C:\WINDOWS\eHome\ folder might do the trick.

Last year I had similar SFC Windows Protection event issues regarding graphics card drivers with SFC Windows Protection events like the following.

As I described in Post #24 of that thread I linked above, after I copied the ati.dll file from my driver.cab to the c:\windows\system32\ folder, SFC no longer complained about that file. (Likewise for all the other "could not be copied into the DLL cache" files SFC was complaining about.)

 

Yeah!!! So good to hear from you mailman! I could have stopped all my rambling and speculating about SFC a long time ago had I known what you just provided.

 

Thanks! I can say I have "part experience" too!

BTW, dcfrazel, if you want to view contents of .CAB files, WinZip is a handy utility for doing so. CAB files are compressed archives (like .ZIP files). You can use WinZip to view the contents of a .CAB file and extract individual files (or even all files) from the .CAB file to another folder if necessary.

You might find your missing snchk.exe, ehituner.dll, and ehiepg.dll files in a .CAB file somewhere in your Windows XP Media Center Edition CD (perhaps located in an "eHome" folder or .CAB file).

 

To Noahdfear:

The problem machine is a Dell Dimension 4700 running WIN XP SP2 Media Center Edition.

I also have a Gateway Laptop, Model M350X-C running WIN XP with SP2 update. I've checked it's C:\WINNT\EHome and it doesn't have the three files either. Instead it contains a file named medctrro.cmd. This machine displays the Windows Firewall settings correctly.

I've attempted to download the WMI Diagnosis Utility from the link you provided but get the same result as before - the progess crawl at the bottom the the screen appears and seems to indicate something has taken place but I never get a File Download Dialog Box.

Since the Dell machine's Windows Firewall appears to be running OK (except for the inability to display settings), I wonder if we've reached the point of diminshing returns on this issue.........whaddaya think?

 

It might be behind the inability to download the diag tool. Have you tried with the laptop?

Thanks for the Make/model info. It may be helpful.

 

• Dell: What Video Card Do I Have in My Dell™ Dimension™ 4700 and How Do I Install the Drivers?

Appears you might have the "ATI E-Home Wonder™ TV Tuner" card.


EDIT: More links that might be helpful:

• Dell Dimension 4700 Series Service Manual
• Dell Support Main Page

If you know your "Service Tag" number, you might be able to enter your Service Tag number on the search results page here for information specific to your unique computer configuration.

The search results page link above uses "tv" as a keyword (which I found via Googling Dell Dimension 4700 eHome).

EDIT#2: It appears if you go to the Support Main Page and click one of the "Most Popular Selections" support options, you will be presented with a page leading to a Support Tag entry page.

 

To Mailman:

According to System Information, my video card is:

Intel 82915G/GV/910GL Express Chipset Family

According to my invoice, it's:

Integrated Intel Graphics Media Accelerator 900
---------------------------------------------
To Noahdfear:

Finally got the WMI Diagnostic Utility downloaded - as usual, the problem was mine. I ran it and have the three files it generated - see below for the TXT file. I didn't include the LOG and CSV files but can if you need them.
---------------------------------

17826 15:16:29 (0) ** WMIDiag v2.0 started on Sunday, August 12, 2007 at 15:13.
17827 15:16:29 (0) **
17828 15:16:29 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - January 2007.
17829 15:16:29 (0) **
17830 15:16:29 (0) ** This script is not supported under any Microsoft standard support program or service.
17831 15:16:29 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
17832 15:16:29 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
17833 15:16:29 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
17834 15:16:29 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
17835 15:16:29 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
17836 15:16:29 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
17837 15:16:29 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
17838 15:16:29 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
17839 15:16:29 (0) ** of the possibility of such damages.
17840 15:16:29 (0) **
17841 15:16:29 (0) **
17842 15:16:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
17843 15:16:29 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
17844 15:16:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
17845 15:16:29 (0) **
17846 15:16:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
17847 15:16:29 (0) ** Windows XP - Service pack 2 - 32-bit (2600) - User 'DAVID-8B06329F0\DAVE' on computer 'DAVID-8B06329F0'.
17848 15:16:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
17849 15:16:29 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)!
17850 15:16:29 (0) ** INFO: => 2 incorrect shutdown(s) detected on:
17851 15:16:29 (0) ** - Shutdown on 19 July 2007 19:53:23 (GMT+5).
17852 15:16:29 (0) ** - Shutdown on 02 August 2007 12:52:07 (GMT+5).
17853 15:16:29 (0) **
17854 15:16:29 (0) ** System drive: ....................................................................................................... C: (Disk #0 Partition #0).
17855 15:16:29 (0) ** Drive type: ......................................................................................................... IDE (Maxtor 7Y250M0).
17856 15:16:29 (1) !! ERROR: The following WMI system file(s) is/are missing: ............................................................. 2 ERROR(S)!
17857 15:16:29 (0) ** - C:\WINDOWS\System32\WBEM\evntrprv.dll
17858 15:16:29 (0) ** - C:\WINDOWS\System32\WBEM\wbemperf.dll
17859 15:16:29 (0) ** => Recopy from a working system the missing WMI system files to 'C:\WINDOWS\SYSTEM32\WBEM\'
17860 15:16:29 (0) **
17861 15:16:29 (0) ** There are no missing WMI repository files: .......................................................................... OK.
17862 15:16:29 (0) ** WMI repository state: ............................................................................................... NOT TESTED.
17863 15:16:29 (0) ** BEFORE running WMIDiag:
17864 15:16:29 (0) ** The WMI repository has a size of: ................................................................................... 19 MB.
17865 15:16:29 (0) ** - Disk free space on 'C:': .......................................................................................... 221710 MB.
17866 15:16:29 (0) ** - INDEX.BTR, 1351680 bytes, 8/12/2007 8:00:12 AM
17867 15:16:29 (0) ** - INDEX.MAP, 684 bytes, 8/12/2007 3:11:34 PM
17868 15:16:29 (0) ** - MAPPING.VER, 4 bytes, 8/12/2007 3:11:35 PM
17869 15:16:29 (0) ** - MAPPING1.MAP, 9988 bytes, 8/12/2007 3:11:34 PM
17870 15:16:29 (0) ** - MAPPING2.MAP, 9988 bytes, 8/12/2007 3:01:48 PM
17871 15:16:29 (0) ** - OBJECTS.DATA, 18997248 bytes, 8/12/2007 8:00:19 AM
17872 15:16:29 (0) ** - OBJECTS.MAP, 9304 bytes, 8/12/2007 3:11:34 PM
17873 15:16:29 (0) ** AFTER running WMIDiag:
17874 15:16:29 (0) ** The WMI repository has a size of: ................................................................................... 19 MB.
17875 15:16:29 (0) ** - Disk free space on 'C:': .......................................................................................... 221706 MB.
17876 15:16:29 (0) ** - INDEX.BTR, 1351680 bytes, 8/12/2007 8:00:12 AM
17877 15:16:29 (0) ** - INDEX.MAP, 684 bytes, 8/12/2007 3:11:34 PM
17878 15:16:29 (0) ** - MAPPING.VER, 4 bytes, 8/12/2007 3:11:35 PM
17879 15:16:29 (0) ** - MAPPING1.MAP, 9988 bytes, 8/12/2007 3:11:34 PM
17880 15:16:29 (0) ** - MAPPING2.MAP, 9988 bytes, 8/12/2007 3:01:48 PM
17881 15:16:29 (0) ** - OBJECTS.DATA, 18997248 bytes, 8/12/2007 8:00:19 AM
17882 15:16:29 (0) ** - OBJECTS.MAP, 9304 bytes, 8/12/2007 3:11:34 PM
17883 15:16:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
17884 15:16:29 (0) ** INFO: Windows Firewall status: ...................................................................................... ENABLED.
17885 15:16:29 (0) ** Windows Firewall Profile: ........................................................................................... STANDARD.
17886 15:16:29 (0) ** Windows Firewall 'RemoteAdmin' status: .............................................................................. DISABLED.
17887 15:16:29 (0) ** => This will prevent any WMI remote connectivity to this machine.
17888 15:16:29 (0) ** - You can adjust the configuration by executing the following command:
17889 15:16:29 (0) ** i.e. 'NETSH.EXE FIREWALL SET SERVICE REMOTEADMIN ENABLE SUBNET'
17890 15:16:29 (0) **
17891 15:16:29 (0) ** Windows Firewall application exception for 'UNSECAPP.EXE': .......................................................... MISSING.
17892 15:16:29 (0) ** => This will prevent any script and MMC application asynchronous callbacks to this machine.
17893 15:16:29 (0) ** - You can adjust the configuration by executing the following command:
17894 15:16:29 (0) ** i.e. 'NETSH.EXE FIREWALL SET ALLOWEDPROGRAM C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE WMICALLBACKS ENABLE'
17895 15:16:29 (0) **
17896 15:16:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
17897 15:16:29 (0) ** DCOM Status: ........................................................................................................ OK.
17898 15:16:29 (0) ** WMI registry setup: ................................................................................................. OK.
17899 15:16:29 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)!
17900 15:16:29 (0) ** - Security Center (WSCSVC, StartMode='Automatic')
17901 15:16:29 (0) ** - Windows Firewall/Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Automatic')
17902 15:16:29 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
17903 15:16:29 (0) ** Note: If the service is marked with (*), it means that the service/application uses WMI but
17904 15:16:29 (0) ** there is no hard dependency on WMI. However, if the WMI service is stopped,
17905 15:16:29 (0) ** this can prevent the service/application to work as expected.
17906 15:16:29 (0) **
17907 15:16:29 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
17908 15:16:29 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
17909 15:16:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
17910 15:16:29 (0) ** WMI service DCOM setup: ............................................................................................. OK.
17911 15:16:29 (2) !! WARNING: WMI DCOM components registration is missing for the following EXE/DLLs: .................................... 4 WARNING(S)!
17912 15:16:29 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\EVNTRPRV.DLL (\CLSID\{9A5DD473-D410-11D1-B829-00C04F94C7C3}\InProcServer32)
17913 15:16:29 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\EVNTRPRV.DLL (\CLSID\{F95E1664-7979-44F2-A040-496E7F500043}\InProcServer32)
17914 15:16:29 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPERF.DLL (\CLSID\{76A94DE3-7C26-44F5-8E98-C5AEA48186CB}\InProcServer32)
17915 15:16:29 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPERF.DLL (\CLSID\{FF37A93C-C28E-11D1-AEB6-00C04FB68820}\InProcServer32)
17916 15:16:29 (0) ** => WMI System components are not properly registered as COM objects, which could make WMI to
17917 15:16:29 (0) ** fail depending on the operation requested.
17918 15:16:29 (0) ** => For a .DLL, you can correct the DCOM configuration by executing the 'REGSVR32.EXE <Filename.DLL>' command.
17919 15:16:29 (0) **
17920 15:16:29 (0) ** WMI ProgID registrations: ........................................................................................... OK.
17921 15:16:29 (2) !! WARNING: WMI provider DCOM registrations missing for the following provider(s): ..................................... 1 WARNING(S)!
17922 15:16:29 (0) ** - ROOT/CIMV2, Nt5_GenericPerfProvider_V1 ({76A94DE3-7C26-44F5-8E98-C5AEA48186CB}) (i.e. WMI Class 'Win32_PerfRawData_NETFramework_NETCLRRemoting')
17923 15:16:29 (0) ** Provider DLL: 'C:\WINDOWS\SYSTEM32\WBEM\WBEMPERF.DLL'
17924 15:16:29 (0) ** => This is an issue because there are still some WMI classes referencing this list of providers
17925 15:16:29 (0) ** while the DCOM registration is wrong or missing. This can be due to:
17926 15:16:29 (0) ** - a de-installation of the software.
17927 15:16:29 (0) ** - a deletion of some registry key data.
17928 15:16:29 (0) ** - a registry corruption.
17929 15:16:29 (0) ** => You can correct the DCOM configuration by:
17930 15:16:29 (0) ** - Executing the 'REGSVR32.EXE <Provider.DLL>' command.
17931 15:16:29 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag.
17932 15:16:29 (0) ** (This list can be built on a similar and working WMI Windows installation)
17933 15:16:29 (0) ** The following command line must be used:
17934 15:16:29 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider'
17935 15:16:29 (2) !! WARNING: Re-registering with REGSVR32.EXE all DLL from 'C:\WINDOWS\SYSTEM32\WBEM\'
17936 15:16:29 (0) ** may not solve the problem as the DLL supporting the WMI class(es)
17937 15:16:29 (0) ** can be located in a different folder.
17938 15:16:29 (0) ** You must refer to the class name to determine the software delivering the related DLL.
17939 15:16:29 (0) ** => If the software has been de-installed intentionally, then this information must be
17940 15:16:29 (0) ** removed from the WMI repository. You can use the 'WMIC.EXE' command to remove
17941 15:16:29 (0) ** the provider registration data.
17942 15:16:29 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT\CIMV2 path __Win32Provider Where Name='Nt5_GenericPerfProvider_V1' DELETE'
17943 15:16:29 (0) ** => If the namespace was ENTIRELY dedicated to the intentionally de-installed software,
17944 15:16:29 (0) ** the namespace and ALL its content can be ENTIRELY deleted.
17945 15:16:29 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT path __NAMESPACE Where Name='CIMV2' DELETE'
17946 15:16:29 (0) ** - Re-installing the software.
17947 15:16:29 (0) **
17948 15:16:29 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
17949 15:16:29 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
17950 15:16:29 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
17951 15:16:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
17952 15:16:29 (0) ** Overall DCOM security status: ....................................................................................... OK.
17953 15:16:29 (0) ** Overall WMI security status: ........................................................................................ OK.
17954 15:16:29 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
17955 15:16:29 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 2.
17956 15:16:29 (0) ** - ROOT/SUBSCRIPTION, MSFT_UCScenarioControl.Name= "Microsoft WMI Updating Consumer Scenario Control ".
17957 15:16:29 (0) ** 'SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario''
17958 15:16:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name= "SCM Event Log Consumer ".
17959 15:16:29 (0) ** 'select * from MSFT_SCMEventLogEvent'
17960 15:16:29 (0) **
17961 15:16:29 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
17962 15:16:29 (0) ** WMI ADAP status: .................................................................................................... OK.
17963 15:16:29 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK.
17964 15:16:29 (0) ** WMI CONNECTIONS: .................................................................................................... OK.
17965 15:16:29 (1) !! ERROR: WMI GET operation errors reported: ........................................................................... 8 ERROR(S)!
17966 15:16:29 (0) ** - Root/Default, SystemRestore, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
17967 15:16:29 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\SR.MOF'
17968 15:16:29 (0) ** - Root/Default, SystemRestoreConfig, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
17969 15:16:29 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\SR.MOF'
17970 15:16:29 (0) ** - Root/Default, SystemRestore, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
17971 15:16:29 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\SR.MOF'
17972 15:16:29 (0) ** - Root/Default, SystemRestoreConfig, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
17973 15:16:29 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\SR.MOF'
17974 15:16:29 (0) ** - Root/CIMv2, Win32_PerfRawData_PerfProc_Process, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
17975 15:16:29 (0) ** MOF Registration: 'No located MOF file (exception)'
17976 15:16:29 (0) ** - Root/CIMv2, Win32_PerfRawData_PerfProc_Thread, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
17977 15:16:29 (0) ** MOF Registration: 'No located MOF file (exception)'
17978 15:16:29 (0) ** - Root/CIMv2, Win32_PerfFormattedData_PerfProc_Process, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
17979 15:16:29 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\WMI.MOF'
17980 15:16:29 (0) ** - Root/CIMv2, Win32_PerfFormattedData_PerfProc_Thread, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
17981 15:16:29 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\WMI.MOF'
17982 15:16:29 (0) ** => When a WMI performance class is missing (i.e. 'Win32_PerfFormattedData_PerfProc_Thread'), it is generally due to
17983 15:16:29 (0) ** a synchronization issue between the performance counters and WMI.
17984 15:16:29 (0) ** The AutoDiscovery/AutoPurge (ADAP) process logs informative events in the Windows NT event log.
17985 15:16:29 (0) ** More information can be found on MSDN at:
17986 15:16:29 (0) ** http://msdn.microsoft.com/library/d...n-us/wmisdk/wmi/wmi_adap_event_log_events.asp
17987 15:16:29 (0) **
17988 15:16:29 (0) ** - The last time the ADAP process was STARTED was the '12 August 2007 07:58:23:953000 (GMT+6)'.
17989 15:16:29 (0) ** - The last time the ADAP process was STOPPED was the '12 August 2007 08:00:04:796000 (GMT+6)'.
17990 15:16:29 (0) ** - The latest ADAP process status is 'The WMI ADAP process has finished (4).'.
17991 15:16:29 (0) **
17992 15:16:29 (0) ** You can attempt to resynchronize the WMI performance classes with the existing Windows
17993 15:16:29 (0) ** performance counters with the following commands:
17994 15:16:29 (0) ** i.e. 'WINMGMT.EXE /CLEARADAP'
17995 15:16:29 (0) ** i.e. 'WINMGMT.EXE /RESYNCPERF'
17996 15:16:29 (0) **
17997 15:16:29 (0) ** WMI MOF representations: ............................................................................................ OK.
17998 15:16:29 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
17999 15:16:29 (1) !! ERROR: WMI ENUMERATION operation errors reported: ................................................................... 10 ERROR(S)!
18000 15:16:29 (0) ** - Root/CIMv2, InstancesOf, 'Win32_PerfFormattedData_Tcpip_IP', 0x80041013 - (WBEM_E_PROVIDER_LOAD_FAILURE) COM cannot locate a provider referenced in the schema.
18001 15:16:29 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\WMI.MOF'
18002 15:16:29 (0) ** - Root/CIMv2, InstancesOf, 'Win32_PerfFormattedData_Tcpip_TCP', 0x80041013 - (WBEM_E_PROVIDER_LOAD_FAILURE) COM cannot locate a provider referenced in the schema.
18003 15:16:29 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\WMI.MOF'
18004 15:16:29 (0) ** - Root/CIMv2, InstancesOf, 'Win32_PerfFormattedData_Tcpip_UDP', 0x80041013 - (WBEM_E_PROVIDER_LOAD_FAILURE) COM cannot locate a provider referenced in the schema.
18005 15:16:29 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\WMI.MOF'
18006 15:16:29 (0) ** - Root/CIMv2, InstancesOf, 'Win32_PerfFormattedData_Tcpip_ICMP', 0x80041013 - (WBEM_E_PROVIDER_LOAD_FAILURE) COM cannot locate a provider referenced in the schema.
18007 15:16:29 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\WMI.MOF'
18008 15:16:29 (0) ** - Root/CIMv2, InstancesOf, 'Win32_PerfFormattedData_PerfOS_Cache', 0x80041013 - (WBEM_E_PROVIDER_LOAD_FAILURE) COM cannot locate a provider referenced in the schema.
18009 15:16:29 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\WMI.MOF'
18010 15:16:29 (0) ** - Root/CIMv2, InstancesOf, 'Win32_PerfFormattedData_PerfOS_Memory', 0x80041013 - (WBEM_E_PROVIDER_LOAD_FAILURE) COM cannot locate a provider referenced in the schema.
18011 15:16:29 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\WMI.MOF'
18012 15:16:29 (0) ** - Root/CIMv2, InstancesOf, 'Win32_PerfFormattedData_PerfOS_Objects', 0x80041013 - (WBEM_E_PROVIDER_LOAD_FAILURE) COM cannot locate a provider referenced in the schema.
18013 15:16:29 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\WMI.MOF'
18014 15:16:29 (0) ** - Root/CIMv2, InstancesOf, 'Win32_PerfFormattedData_PerfOS_PagingFile', 0x80041013 - (WBEM_E_PROVIDER_LOAD_FAILURE) COM cannot locate a provider referenced in the schema.
18015 15:16:29 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\WMI.MOF'
18016 15:16:29 (0) ** - Root/CIMv2, InstancesOf, 'Win32_PerfFormattedData_PerfOS_Processor', 0x80041013 - (WBEM_E_PROVIDER_LOAD_FAILURE) COM cannot locate a provider referenced in the schema.
18017 15:16:29 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\WMI.MOF'
18018 15:16:29 (0) ** - Root/CIMv2, InstancesOf, 'Win32_PerfFormattedData_PerfOS_System', 0x80041013 - (WBEM_E_PROVIDER_LOAD_FAILURE) COM cannot locate a provider referenced in the schema.
18019 15:16:29 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\WMI.MOF'
18020 15:16:29 (0) **
18021 15:16:29 (2) !! WARNING: WMI ENUMERATION operations SKIPPED: ........................................................................ 10 WARNING(S)!
18022 15:16:29 (0) ** - Root/CIMv2, Nt5_GenericPerfProvider_V1, InstancesOf, Win32_PerfRawData_Tcpip_IP.
18023 15:16:29 (0) ** - Root/CIMv2, Nt5_GenericPerfProvider_V1, InstancesOf, Win32_PerfRawData_Tcpip_TCP.
18024 15:16:29 (0) ** - Root/CIMv2, Nt5_GenericPerfProvider_V1, InstancesOf, Win32_PerfRawData_Tcpip_UDP.
18025 15:16:29 (0) ** - Root/CIMv2, Nt5_GenericPerfProvider_V1, InstancesOf, Win32_PerfRawData_Tcpip_ICMP.
18026 15:16:29 (0) ** - Root/CIMv2, Nt5_GenericPerfProvider_V1, InstancesOf, Win32_PerfRawData_PerfOS_Cache.
18027 15:16:29 (0) ** - Root/CIMv2, Nt5_GenericPerfProvider_V1, InstancesOf, Win32_PerfRawData_PerfOS_Memory.
18028 15:16:29 (0) ** - Root/CIMv2, Nt5_GenericPerfProvider_V1, InstancesOf, Win32_PerfRawData_PerfOS_Objects.
18029 15:16:29 (0) ** - Root/CIMv2, Nt5_GenericPerfProvider_V1, InstancesOf, Win32_PerfRawData_PerfOS_PagingFile.
18030 15:16:29 (0) ** - Root/CIMv2, Nt5_GenericPerfProvider_V1, InstancesOf, Win32_PerfRawData_PerfOS_Processor.
18031 15:16:29 (0) ** - Root/CIMv2, Nt5_GenericPerfProvider_V1, InstancesOf, Win32_PerfRawData_PerfOS_System.
18032 15:16:29 (0) ** => ENUMERATION operations are skipped because the WMI provider (i.e. 'Nt5_GenericPerfProvider_V1') supporting
18033 15:16:29 (0) ** the WMI class (i.e. 'Win32_PerfRawData_PerfOS_System') has registration issues.
18034 15:16:29 (0) ** (as listed previously in this report)
18035 15:16:29 (0) **
18036 15:16:29 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
18037 15:16:29 (0) ** WMI GET VALUE operations: ........................................................................................... OK.
18038 15:16:29 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
18039 15:16:29 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
18040 15:16:29 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
18041 15:16:29 (0) ** WMI static instances retrieved: ..................................................................................... 557.
18042 15:16:29 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
18043 15:16:29 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 0.
18044 15:16:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
18045 15:16:29 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
18046 15:16:29 (0) ** DCOM: ............................................................................................................. 25.
18047 15:16:29 (0) ** WINMGMT: .......................................................................................................... 26.
18048 15:16:29 (0) ** WMIADAPTER: ....................................................................................................... 0.
18049 15:16:29 (0) ** => Verify the WMIDiag LOG at line #17253 for more details.
18050 15:16:29 (0) **
18051 15:16:29 (0) ** # of additional Event Log events AFTER WMIDiag execution:
18052 15:16:29 (0) ** DCOM: ............................................................................................................. 0.
18053 15:16:29 (0) ** WINMGMT: .......................................................................................................... 0.
18054 15:16:29 (0) ** WMIADAPTER: ....................................................................................................... 0.
18055 15:16:29 (0) **
18056 15:16:29 (0) ** 8 error(s) 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found
18057 15:16:29 (0) ** => This error is typically a WMI error. This WMI error is due to:
18058 15:16:29 (0) ** - a missing WMI class definition or object.
18059 15:16:29 (0) ** (See any GET, ENUMERATION, EXECQUERY and GET VALUE operation failures).
18060 15:16:29 (0) ** You can correct the missing class definitions by:
18061 15:16:29 (0) ** - Manually recompiling the MOF file(s) with the 'MOFCOMP <FileName.MOF>' command.
18062 15:16:29 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag.
18063 15:16:29 (0) ** (This list can be built on a similar and working WMI Windows installation)
18064 15:16:29 (0) ** The following command line must be used:
18065 15:16:29 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider'
18066 15:16:29 (0) ** Note: When a WMI performance class is missing, you can manually resynchronize performance counters
18067 15:16:29 (0) ** with WMI by starting the ADAP process.
18068 15:16:29 (0) ** - a WMI repository corruption.
18069 15:16:29 (0) ** Under Windows XP SP2, you can validate the repository consistency
18070 15:16:29 (0) ** by executing the following command:
18071 15:16:29 (0) ** i.e. 'WMIDiag CheckConsistency'
18072 15:16:29 (0) ** Note: Under Windows XP SP2, when the repository is checked and detected INCONSISTENT,
18073 15:16:29 (0) ** a new repository is automatically re-created based on Auto-Recovery mechanism.
18074 15:16:29 (0) ** Note that some information can be lost during this process (i.e. static data, CIM registration).
18075 15:16:29 (0) ** However, the original repository is located at 'C:\WINDOWS\SYSTEM32\WBEM\Repository.001'.
18076 15:16:29 (0) ** The computer must be rebooted for the system to work with the re-created repository.
18077 15:16:29 (0) ** Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository,
18078 15:16:29 (0) ** otherwise some applications may fail after the reconstruction.
18079 15:16:29 (0) ** This can be achieved with the following command:
18080 15:16:29 (0) ** i.e. 'WMIDiag ShowMOFErrors'
18081 15:16:29 (0) ** Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing
18082 15:16:29 (0) ** ALL fixes previously mentioned.
18083 15:16:29 (2) !! WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory)
18084 15:16:29 (0) **
18085 15:16:29 (0) **
18086 15:16:29 (0) ** 10 error(s) 0x80041013 - (WBEM_E_PROVIDER_LOAD_FAILURE) COM cannot locate a provider referenced in the schema
18087 15:16:29 (0) ** => This error is typically due to the following major reasons:
18088 15:16:29 (0) ** - The application queried by the WMI provider is not installed, not available or not running
18089 15:16:29 (0) ** at the time of the request was made. This error can also be generated because
18090 15:16:29 (0) ** the application supporting the providers has been uninstalled.
18091 15:16:29 (0) ** - Some WMI providers (i.e. RSOP Planning Mode, Exchange 2003) are implemented as a WMI service.
18092 15:16:29 (0) ** Make sure the required services are successfully started.
18093 15:16:29 (0) ** - The WMI provider binary files are not accessible (i.e. access denied ACL).
18094 15:16:29 (0) ** - A WMI provider registration problem at the CIM level (MOFCOMP.EXE) or at the COM level (REGSVR32.EXE).
18095 15:16:29 (0) ** You must re-register the WMI provider by recompiling its associated MOF file with MOFCOMP.EXE
18096 15:16:29 (0) ** Note: - If the WMI provider DLL CIM and COM registrations are correct, this error can
18097 15:16:29 (0) ** be returned because the provider has a dependency on another DLL that cannot be
18098 15:16:29 (0) ** loaded (missing or bad DLL)
18099 15:16:29 (0) ** - Dependencies can be found with the DEPENDS.EXE tool coming with the
18100 15:16:29 (0) ** Windows XP and Windows 2003 Support Tools. The command line is as follows:
18101 15:16:29 (0) ** i.e. DEPENDS.EXE <PATH><Provider.DLL>
18102 15:16:29 (0) ** => When a WMI provider fails to load, it is possible to trace the provider load process by
18103 15:16:29 (0) ** submitting, via WBEMTEST and asynchronously, the following WMI event query:
18104 15:16:29 (0) ** 'Select * From MSFT_WmiSelfEvent'
18105 15:16:29 (0) ** Then you can trace the following WMI events:
18106 15:16:29 (0) ** - Msft_WmiProvider_ComServerLoadOperationEvent
18107 15:16:29 (0) ** - Msft_WmiProvider_InitializationOperationEvent
18108 15:16:29 (0) ** - Msft_WmiProvider_LoadOperationEvent
18109 15:16:29 (0) ** and depending on the WMI operation executed, you can trace the following WMI events:
18110 15:16:29 (0) ** i.e. for an enumeration:
18111 15:16:29 (0) ** - Msft_WmiProvider_CreateInstanceEnumAsyncEvent_Pre and Msft_WmiProvider_CreateInstanceEnumAsyncEvent_Post
18112 15:16:29 (0) ** i.e. for a put operation:
18113 15:16:29 (0) ** - Msft_WmiProvider_PutInstanceAsyncEvent_Pre and Msft_WmiProvider_PutInstanceAsyncEvent_Post
18114 15:16:29 (0) **
18115 15:16:29 (0) ** => If the software has been de-installed intentionally, then this information must be
18116 15:16:29 (0) ** removed from the WMI repository. You can use the 'WMIC.EXE' command to remove the provider
18117 15:16:29 (0) ** registration data and its set of associated classes.
18118 15:16:29 (0) ** => To correct this situation, you can:
18119 15:16:29 (0) ** - Install or start the application supporting these providers.
18120 15:16:29 (0) ** - Register the providers in CIM (MOFCOMP) or DCOM (REGSVR32).
18121 15:16:29 (0) ** Note: In this case the provider should also be listed in the 'missing WMI
18122 15:16:29 (0) ** provider DCOM registrations' or in the 'missing WMI provider files' section.
18123 15:16:29 (2) !! WARNING: Re-registering with REGSVR32.EXE all DLL from 'C:\WINDOWS\SYSTEM32\WBEM\'
18124 15:16:29 (0) ** may not solve the problem as the DLL supporting the WMI class(es)
18125 15:16:29 (0) ** can be located in a different folder.
18126 15:16:29 (0) ** You must refer to the class name to determine the software delivering the related DLL.
18127 15:16:29 (0) **
18128 15:16:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
18129 15:16:29 (0) ** WMI Registry key setup: ............................................................................................. OK.
18130 15:16:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
18131 15:16:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
18132 15:16:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
18133 15:16:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
18134 15:16:29 (0) **
18135 15:16:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
18136 15:16:29 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
18137 15:16:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
18138 15:16:29 (0) **
18139 15:16:29 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\DOCUMENTS AND SETTINGS\DAVE\LOCAL SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.SP2.32_DAVID-8B06329F0_2007.08.12_15.12.20.LOG' for details.
18140 15:16:29 (0) **
18141 15:16:29 (0) ** WMIDiag v2.0 ended on Sunday, August 12, 2007 at 15:16 (W:67 E:74 S:1).

---------------------------------------

 

WOW! Gonna take some time to decipher and recommend any course of action. Go ahead and post the other to logs if they contain different information, so that it's available in case we need it.

 

Post that log as well please.

Can you verify if those are missing?

 

Yes. I can verify that the two files (evntrprv.dll and wbemperf.dll) are indeed missing from C:\WINDOWS\System32\WBEM. In fact, the only two files in my WBEM folder are msfeeds.mof and msfeedsbs.mof.

As to the LOG file, it's HUGE.......to the point where BBS reply can't seem to handle it. I've copied the file but when I paste it into a reply, it takes several minutes for the paste to complete and then when I try to submit the reply, I end up with a white screen. Am I doing something wrong here or if not, and you really need it, is there another way to get it to you?

 

As a followup...............by HUGE I mean REALY BIG.......on the order of 18,000 lines of text.

 

Send it to me via email please.

Check your other machines for those two files. If present, copy them over, then register them from the Start>Run line as follows.

regsvr32 C:\WINDOWS\System32\WBEM\evntrprv.dll
regsvr32 C:\WINDOWS\System32\WBEM\wbemperf.dll

Reboot and run the diag utility again. Post the same log and see if the Firewall Advanced tab is fixed.

 

noahdfear, I'm curious. What spam filtering software do you use.

(and in case you're wondering about my nickname, I do NOT send spam.)

 

Believe it or not, none at all. That email addy is so published it isn't even funny. I will remove it from that post once I've received the log though

 

Hi Noahdfear:

I've done as you suggested. After copying the two dlls to
C:\WINDOWS\System32\WBEM, re-registering them went OK. I reran
the diagnostic tool and the .txt file is below. Clicking the advanced tab in Windows Firewall still yields the same error however. I'll attempt to email the log file to you.

Thanks again for your help and your patience.

------------------------------------------
17661 21:05:13 (0) ** WMIDiag v2.0 started on Sunday, August 12, 2007 at 21:01.
17662 21:05:13 (0) **
17663 21:05:13 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - January 2007.
17664 21:05:13 (0) **
17665 21:05:13 (0) ** This script is not supported under any Microsoft standard support program or service.
17666 21:05:13 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
17667 21:05:13 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
17668 21:05:13 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
17669 21:05:13 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
17670 21:05:13 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
17671 21:05:13 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
17672 21:05:13 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
17673 21:05:13 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
17674 21:05:13 (0) ** of the possibility of such damages.
17675 21:05:13 (0) **
17676 21:05:13 (0) **
17677 21:05:13 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
17678 21:05:13 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
17679 21:05:13 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
17680 21:05:13 (0) **
17681 21:05:13 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
17682 21:05:13 (0) ** Windows XP - Service pack 2 - 32-bit (2600) - User 'DAVID-8B06329F0\DAVE' on computer 'DAVID-8B06329F0'.
17683 21:05:13 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
17684 21:05:13 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)!
17685 21:05:13 (0) ** INFO: => 2 incorrect shutdown(s) detected on:
17686 21:05:13 (0) ** - Shutdown on 19 July 2007 19:53:23 (GMT+5).
17687 21:05:13 (0) ** - Shutdown on 02 August 2007 12:52:07 (GMT+5).
17688 21:05:13 (0) **
17689 21:05:13 (0) ** System drive: ....................................................................................................... C: (Disk #0 Partition #0).
17690 21:05:13 (0) ** Drive type: ......................................................................................................... IDE (Maxtor 7Y250M0).
17691 21:05:13 (0) ** There are no missing WMI system files: .............................................................................. OK.
17692 21:05:13 (0) ** There are no missing WMI repository files: .......................................................................... OK.
17693 21:05:13 (0) ** WMI repository state: ............................................................................................... NOT TESTED.
17694 21:05:13 (0) ** BEFORE running WMIDiag:
17695 21:05:13 (0) ** The WMI repository has a size of: ................................................................................... 19 MB.
17696 21:05:13 (0) ** - Disk free space on 'C:': .......................................................................................... 222296 MB.
17697 21:05:13 (0) ** - INDEX.BTR, 1351680 bytes, 8/12/2007 3:52:28 PM
17698 21:05:13 (0) ** - INDEX.MAP, 684 bytes, 8/12/2007 9:01:30 PM
17699 21:05:13 (0) ** - MAPPING.VER, 4 bytes, 8/12/2007 9:01:30 PM
17700 21:05:13 (0) ** - MAPPING1.MAP, 9988 bytes, 8/12/2007 8:58:30 PM
17701 21:05:13 (0) ** - MAPPING2.MAP, 9988 bytes, 8/12/2007 9:01:30 PM
17702 21:05:13 (0) ** - OBJECTS.DATA, 18997248 bytes, 8/12/2007 3:52:28 PM
17703 21:05:13 (0) ** - OBJECTS.MAP, 9304 bytes, 8/12/2007 9:01:30 PM
17704 21:05:13 (0) ** AFTER running WMIDiag:
17705 21:05:13 (0) ** The WMI repository has a size of: ................................................................................... 19 MB.
17706 21:05:13 (0) ** - Disk free space on 'C:': .......................................................................................... 222292 MB.
17707 21:05:13 (0) ** - INDEX.BTR, 1351680 bytes, 8/12/2007 3:52:28 PM
17708 21:05:13 (0) ** - INDEX.MAP, 684 bytes, 8/12/2007 9:01:30 PM
17709 21:05:13 (0) ** - MAPPING.VER, 4 bytes, 8/12/2007 9:01:30 PM
17710 21:05:13 (0) ** - MAPPING1.MAP, 9988 bytes, 8/12/2007 8:58:30 PM
17711 21:05:13 (0) ** - MAPPING2.MAP, 9988 bytes, 8/12/2007 9:01:30 PM
17712 21:05:13 (0) ** - OBJECTS.DATA, 18997248 bytes, 8/12/2007 3:52:28 PM
17713 21:05:13 (0) ** - OBJECTS.MAP, 9304 bytes, 8/12/2007 9:01:30 PM
17714 21:05:13 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
17715 21:05:13 (0) ** INFO: Windows Firewall status: ...................................................................................... ENABLED.
17716 21:05:13 (0) ** Windows Firewall Profile: ........................................................................................... STANDARD.
17717 21:05:13 (0) ** Windows Firewall 'RemoteAdmin' status: .............................................................................. DISABLED.
17718 21:05:13 (0) ** => This will prevent any WMI remote connectivity to this machine.
17719 21:05:13 (0) ** - You can adjust the configuration by executing the following command:
17720 21:05:13 (0) ** i.e. 'NETSH.EXE FIREWALL SET SERVICE REMOTEADMIN ENABLE SUBNET'
17721 21:05:13 (0) **
17722 21:05:13 (0) ** Windows Firewall application exception for 'UNSECAPP.EXE': .......................................................... MISSING.
17723 21:05:13 (0) ** => This will prevent any script and MMC application asynchronous callbacks to this machine.
17724 21:05:13 (0) ** - You can adjust the configuration by executing the following command:
17725 21:05:13 (0) ** i.e. 'NETSH.EXE FIREWALL SET ALLOWEDPROGRAM C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE WMICALLBACKS ENABLE'
17726 21:05:13 (0) **
17727 21:05:13 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
17728 21:05:13 (0) ** DCOM Status: ........................................................................................................ OK.
17729 21:05:13 (0) ** WMI registry setup: ................................................................................................. OK.
17730 21:05:13 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)!
17731 21:05:13 (0) ** - Security Center (WSCSVC, StartMode='Automatic')
17732 21:05:13 (0) ** - Windows Firewall/Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Automatic')
17733 21:05:13 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
17734 21:05:13 (0) ** Note: If the service is marked with (*), it means that the service/application uses WMI but
17735 21:05:13 (0) ** there is no hard dependency on WMI. However, if the WMI service is stopped,
17736 21:05:13 (0) ** this can prevent the service/application to work as expected.
17737 21:05:13 (0) **
17738 21:05:13 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
17739 21:05:13 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
17740 21:05:13 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
17741 21:05:13 (0) ** WMI service DCOM setup: ............................................................................................. OK.
17742 21:05:13 (0) ** WMI components DCOM registrations: .................................................................................. OK.
17743 21:05:13 (0) ** WMI ProgID registrations: ........................................................................................... OK.
17744 21:05:13 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
17745 21:05:13 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
17746 21:05:13 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
17747 21:05:13 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
17748 21:05:13 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
17749 21:05:13 (0) ** Overall DCOM security status: ....................................................................................... OK.
17750 21:05:13 (0) ** Overall WMI security status: ........................................................................................ OK.
17751 21:05:13 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
17752 21:05:13 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 2.
17753 21:05:13 (0) ** - ROOT/SUBSCRIPTION, MSFT_UCScenarioControl.Name= "Microsoft WMI Updating Consumer Scenario Control ".
17754 21:05:13 (0) ** 'SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario''
17755 21:05:13 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name= "SCM Event Log Consumer ".
17756 21:05:13 (0) ** 'select * from MSFT_SCMEventLogEvent'
17757 21:05:13 (0) **
17758 21:05:13 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
17759 21:05:13 (0) ** WMI ADAP status: .................................................................................................... OK.
17760 21:05:13 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK.
17761 21:05:13 (0) ** WMI CONNECTIONS: .................................................................................................... OK.
17762 21:05:13 (1) !! ERROR: WMI GET operation errors reported: ........................................................................... 8 ERROR(S)!
17763 21:05:13 (0) ** - Root/Default, SystemRestore, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
17764 21:05:13 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\SR.MOF'
17765 21:05:13 (0) ** - Root/Default, SystemRestoreConfig, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
17766 21:05:13 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\SR.MOF'
17767 21:05:13 (0) ** - Root/Default, SystemRestore, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
17768 21:05:13 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\SR.MOF'
17769 21:05:13 (0) ** - Root/Default, SystemRestoreConfig, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
17770 21:05:13 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\SR.MOF'
17771 21:05:13 (0) ** - Root/CIMv2, Win32_PerfRawData_PerfProc_Process, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
17772 21:05:13 (0) ** MOF Registration: 'No located MOF file (exception)'
17773 21:05:13 (0) ** - Root/CIMv2, Win32_PerfRawData_PerfProc_Thread, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
17774 21:05:13 (0) ** MOF Registration: 'No located MOF file (exception)'
17775 21:05:13 (0) ** - Root/CIMv2, Win32_PerfFormattedData_PerfProc_Process, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
17776 21:05:13 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\WMI.MOF'
17777 21:05:13 (0) ** - Root/CIMv2, Win32_PerfFormattedData_PerfProc_Thread, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
17778 21:05:13 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\WMI.MOF'
17779 21:05:13 (0) ** => When a WMI performance class is missing (i.e. 'Win32_PerfFormattedData_PerfProc_Thread'), it is generally due to
17780 21:05:13 (0) ** a synchronization issue between the performance counters and WMI.
17781 21:05:13 (0) ** The AutoDiscovery/AutoPurge (ADAP) process logs informative events in the Windows NT event log.
17782 21:05:13 (0) ** More information can be found on MSDN at:
17783 21:05:13 (0) ** http://msdn.microsoft.com/library/d...n-us/wmisdk/wmi/wmi_adap_event_log_events.asp
17784 21:05:13 (0) **
17785 21:05:13 (0) ** - The last time the ADAP process was STARTED was the '12 August 2007 07:58:23:953000 (GMT+6)'.
17786 21:05:13 (0) ** - The last time the ADAP process was STOPPED was the '12 August 2007 08:00:04:796000 (GMT+6)'.
17787 21:05:13 (0) ** - The latest ADAP process status is 'The WMI ADAP process has finished (4).'.
17788 21:05:13 (0) **
17789 21:05:13 (0) ** You can attempt to resynchronize the WMI performance classes with the existing Windows
17790 21:05:13 (0) ** performance counters with the following commands:
17791 21:05:13 (0) ** i.e. 'WINMGMT.EXE /CLEARADAP'
17792 21:05:13 (0) ** i.e. 'WINMGMT.EXE /RESYNCPERF'
17793 21:05:13 (0) **
17794 21:05:13 (0) ** WMI MOF representations: ............................................................................................ OK.
17795 21:05:13 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
17796 21:05:13 (0) ** WMI ENUMERATION operations: ......................................................................................... OK.
17797 21:05:13 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
17798 21:05:13 (0) ** WMI GET VALUE operations: ........................................................................................... OK.
17799 21:05:13 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
17800 21:05:13 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
17801 21:05:13 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
17802 21:05:13 (0) ** WMI static instances retrieved: ..................................................................................... 557.
17803 21:05:13 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
17804 21:05:13 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 0.
17805 21:05:13 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
17806 21:05:13 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
17807 21:05:13 (0) ** DCOM: ............................................................................................................. 25.
17808 21:05:13 (0) ** WINMGMT: .......................................................................................................... 30.
17809 21:05:13 (0) ** WMIADAPTER: ....................................................................................................... 0.
17810 21:05:13 (0) ** => Verify the WMIDiag LOG at line #17176 for more details.
17811 21:05:13 (0) **
17812 21:05:13 (0) ** # of additional Event Log events AFTER WMIDiag execution:
17813 21:05:13 (0) ** DCOM: ............................................................................................................. 0.
17814 21:05:13 (0) ** WINMGMT: .......................................................................................................... 0.
17815 21:05:13 (0) ** WMIADAPTER: ....................................................................................................... 0.
17816 21:05:13 (0) **
17817 21:05:13 (0) ** 8 error(s) 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found
17818 21:05:13 (0) ** => This error is typically a WMI error. This WMI error is due to:
17819 21:05:13 (0) ** - a missing WMI class definition or object.
17820 21:05:13 (0) ** (See any GET, ENUMERATION, EXECQUERY and GET VALUE operation failures).
17821 21:05:13 (0) ** You can correct the missing class definitions by:
17822 21:05:13 (0) ** - Manually recompiling the MOF file(s) with the 'MOFCOMP <FileName.MOF>' command.
17823 21:05:13 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag.
17824 21:05:13 (0) ** (This list can be built on a similar and working WMI Windows installation)
17825 21:05:13 (0) ** The following command line must be used:
17826 21:05:13 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider'
17827 21:05:13 (0) ** Note: When a WMI performance class is missing, you can manually resynchronize performance counters
17828 21:05:13 (0) ** with WMI by starting the ADAP process.
17829 21:05:13 (0) ** - a WMI repository corruption.
17830 21:05:13 (0) ** Under Windows XP SP2, you can validate the repository consistency
17831 21:05:13 (0) ** by executing the following command:
17832 21:05:13 (0) ** i.e. 'WMIDiag CheckConsistency'
17833 21:05:13 (0) ** Note: Under Windows XP SP2, when the repository is checked and detected INCONSISTENT,
17834 21:05:13 (0) ** a new repository is automatically re-created based on Auto-Recovery mechanism.
17835 21:05:13 (0) ** Note that some information can be lost during this process (i.e. static data, CIM registration).
17836 21:05:13 (0) ** However, the original repository is located at 'C:\WINDOWS\SYSTEM32\WBEM\Repository.001'.
17837 21:05:13 (0) ** The computer must be rebooted for the system to work with the re-created repository.
17838 21:05:13 (0) ** Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository,
17839 21:05:13 (0) ** otherwise some applications may fail after the reconstruction.
17840 21:05:13 (0) ** This can be achieved with the following command:
17841 21:05:13 (0) ** i.e. 'WMIDiag ShowMOFErrors'
17842 21:05:13 (0) ** Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing
17843 21:05:13 (0) ** ALL fixes previously mentioned.
17844 21:05:13 (2) !! WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory)
17845 21:05:13 (0) **
17846 21:05:13 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
17847 21:05:13 (0) ** WMI Registry key setup: ............................................................................................. OK.
17848 21:05:13 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
17849 21:05:13 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
17850 21:05:13 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
17851 21:05:13 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
17852 21:05:13 (0) **
17853 21:05:13 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
17854 21:05:13 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
17855 21:05:13 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
17856 21:05:13 (0) **
17857 21:05:13 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\DOCUMENTS AND SETTINGS\DAVE\LOCAL SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.SP2.32_DAVID-8B06329F0_2007.08.12_21.01.29.LOG' for details.
17858 21:05:13 (0) **
17859 21:05:13 (0) ** WMIDiag v2.0 ended on Sunday, August 12, 2007 at 21:05 (W:53 E:9 S:1).

 

Send this one instead.

'C:\DOCUMENTS AND SETTINGS\DAVE\LOCAL SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.SP2.32_DAVID-8B06329F0_2007.08.12_21.01.29.LOG'

Also, you need this file.

C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE

Might be one in the dllcache, else copy it from another computer.

 

Never mind. The file is not missing. I misinterpreted the entry for it in the log above. The log you sent shows that the file was found. What the log above is reporting is that there is not an exception for it in the Windows Firewall, which is OK.

 

The log you sent also revealed that the shared access key is configured properly, which means the procedure I recommended here is not necessary.

I'll study it more tomorrow evening and let you know if it turns up anything.

 

Hi David,

Whew, I'm glad that log didn't get posted. Besides being large, lots of info you wouldn't wanted posted in public (it's in safe hands with me )

Here's the relative info from the log. Not sure that it will turn out to be relative to the Firewall issue, but it is relative to there being a problem yet with WMI.

17559 21:05:12 (1) !! ERROR: WMI GET operation errors reported: ........................................................................... 8 ERROR(S)!
17560 21:05:12 (0) ** - Root/Default, SystemRestore, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
17561 21:05:12 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\SR.MOF'
17562 21:05:12 (0) ** - Root/Default, SystemRestoreConfig, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
17563 21:05:12 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\SR.MOF'
17564 21:05:12 (0) ** - Root/Default, SystemRestore, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
17565 21:05:12 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\SR.MOF'
17566 21:05:12 (0) ** - Root/Default, SystemRestoreConfig, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
17567 21:05:12 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\SR.MOF'
17568 21:05:12 (0) ** - Root/CIMv2, Win32_PerfRawData_PerfProc_Process, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
17569 21:05:12 (0) ** MOF Registration: 'No located MOF file (exception)'
17570 21:05:12 (0) ** - Root/CIMv2, Win32_PerfRawData_PerfProc_Thread, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
17571 21:05:12 (0) ** MOF Registration: 'No located MOF file (exception)'
17572 21:05:12 (0) ** - Root/CIMv2, Win32_PerfFormattedData_PerfProc_Process, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
17573 21:05:12 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\WMI.MOF'
17574 21:05:12 (0) ** - Root/CIMv2, Win32_PerfFormattedData_PerfProc_Thread, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
17575 21:05:12 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\WMI.MOF'
17576 21:05:12 (0) ** => When a WMI performance class is missing (i.e. 'Win32_PerfFormattedData_PerfProc_Thread'), it is generally due to
17577 21:05:12 (0) ** a synchronization issue between the performance counters and WMI.
17578 21:05:12 (0) ** The AutoDiscovery/AutoPurge (ADAP) process logs informative events in the Windows NT event log.
17579 21:05:12 (0) ** More information can be found on MSDN at:
17580 21:05:12 (0) ** http://msdn.microsoft.com/library/d...n-us/wmisdk/wmi/wmi_adap_event_log_events.asp
17581 21:05:12 (0) **
17582 21:05:12 (0) ** - The last time the ADAP process was STARTED was the '12 August 2007 07:58:23:953000 (GMT+6)'.
17583 21:05:12 (0) ** - The last time the ADAP process was STOPPED was the '12 August 2007 08:00:04:796000 (GMT+6)'.
17584 21:05:12 (0) ** - The latest ADAP process status is 'The WMI ADAP process has finished (4).'.
17585 21:05:12 (0) **
17586 21:05:12 (0) ** You can attempt to resynchronize the WMI performance classes with the existing Windows
17587 21:05:12 (0) ** performance counters with the following commands:
17588 21:05:12 (0) ** i.e. 'WINMGMT.EXE /CLEARADAP'
17589 21:05:12 (0) ** i.e. 'WINMGMT.EXE /RESYNCPERF'
__________________________________________________________________________________

17614 21:05:12 (0) ** 8 error(s) 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found
17615 21:05:12 (0) ** => This error is typically a WMI error. This WMI error is due to:
17616 21:05:12 (0) ** - a missing WMI class definition or object.
17617 21:05:12 (0) ** (See any GET, ENUMERATION, EXECQUERY and GET VALUE operation failures).
17618 21:05:12 (0) ** You can correct the missing class definitions by:
17619 21:05:12 (0) ** - Manually recompiling the MOF file(s) with the 'MOFCOMP <FileName.MOF>' command.
17620 21:05:12 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag.
17621 21:05:12 (0) ** (This list can be built on a similar and working WMI Windows installation)
17622 21:05:12 (0) ** The following command line must be used:
17623 21:05:12 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider'
17624 21:05:12 (0) ** Note: When a WMI performance class is missing, you can manually resynchronize performance counters
17625 21:05:12 (0) ** with WMI by starting the ADAP process.
17626 21:05:12 (0) ** - a WMI repository corruption.
17627 21:05:12 (0) ** Under Windows XP SP2, you can validate the repository consistency
17628 21:05:12 (0) ** by executing the following command:
17629 21:05:12 (0) ** i.e. 'WMIDiag CheckConsistency'
17630 21:05:12 (0) ** Note: Under Windows XP SP2, when the repository is checked and detected INCONSISTENT,
17631 21:05:12 (0) ** a new repository is automatically re-created based on Auto-Recovery mechanism.
17632 21:05:12 (0) ** Note that some information can be lost during this process (i.e. static data, CIM registration).
17633 21:05:12 (0) ** However, the original repository is located at 'C:\WINDOWS\SYSTEM32\WBEM\Repository.001'.
17634 21:05:12 (0) ** The computer must be rebooted for the system to work with the re-created repository.
17635 21:05:12 (0) ** Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository,
17636 21:05:12 (0) ** otherwise some applications may fail after the reconstruction.
17637 21:05:12 (0) ** This can be achieved with the following command:
17638 21:05:12 (0) ** i.e. 'WMIDiag ShowMOFErrors'
17639 21:05:12 (0) ** Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing
17640 21:05:12 (0) ** ALL fixes previously mentioned.
17641 21:05:12 (2) !! WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory)

The first step in addressing the errors is to run the following two commands either from the Run line or a command window, reboot and run the diag tool again.

WINMGMT.EXE /CLEARADAP
WINMGMT.EXE /RESYNCPERF

Meanwhile, still researching both the firewall issue and the above.

Oh, I also noticed in the log that you are running the Comodo firewall (probably evidence of that in one of your topics too ), and I wonder why you would want to have the Windows Firewall running at the same time?? Thinking outside of the box like I tend to, I wonder if the whole issue with the firewall is due to Comodo running? I know that several software firewall apps automatically disable the Windows firewall when installed, to avoid conflicts between them.