Link to home
Start Free TrialLog in
Avatar of ITCSAdmin
ITCSAdminFlag for United States of America

asked on

Windows 2003 Server with event id 1004 application error for wmiprvse.exe

I am trying to resolve issue in a NEW Windows Server 2003 Standard that is a single Server running ADS, DC, DHCP, DNS, File and Print Server. My latest issue is as follows:
Event ID 1004
Reporting queued error: faulting application wmiprvse.exe, version 5.2.3790.4455, faulting module ntdll.dll, version 5.2.3790.4455, fault address 0x0001bd02.

Can anyone assist me in correcting this, would greatly appriciate it, Thanks
SOLUTION
Avatar of Jason Watkins
Jason Watkins
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of ITCSAdmin
ITCSAdmin
Flag of United States of America image

ASKER

No, that MS KB, I had already looked at and it was for svchost.exe application, and mine is for wmiprvse.exe application. It was followed by a Event ID 1001 - Application Error - Message:  Fault bucket 1232327115.
 
Any other suggestions?
Avatar of Jason Watkins
Jason Watkins
Flag of United States of America image
I would make sure that there is no malware on the server.  The fault address echoes of a memory error, but it is difficult to tell from here.  Memory leaks from this process have resulted in the past.  Is the server completely up to date?
Avatar of ITCSAdmin
ITCSAdmin
Flag of United States of America image

ASKER

This is a NEW Dell PowerEdge T300 Server with Quad Core Xeon 3.0 Ghz Processors and has 4 Gb RAM, running Windows Server 2003 Standard SP2 and all updates to date. Anything else that you can think of....other than calling Dell support?
SOLUTION
Avatar of delyan_valchev
delyan_valchev
Flag of Bulgaria image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of ITCSAdmin
ITCSAdmin
Flag of United States of America image

ASKER

Well I have looked into everthing that each of you have sent me and so far none of them is leading me to the solution. I currently am NOT running Dell's OpenManage software. This is an out of the box installation, with ADS, DHCP, DNS, File & Print, Spectrum (Library software) and SQL 2008 Express. Otherwise there is nothing else running at this time.
Just trying to get it running with out warnings and errors before I go any farther. We are live as running at the clients site.

ITCSAdmin
Avatar of delyan_valchev
delyan_valchev
Flag of Bulgaria image
When exactly does the error message appear and how frequent?
It's possible the issue to be caused by broken WMI repository or specific namespace. Are there any clues in the WMIDiag output?

Delayn
Avatar of ITCSAdmin
ITCSAdmin
Flag of United States of America image

ASKER

Sorry that it took me so long to get back to update you, but as you all know there are priorities to customeras and priorities. Any way here is the results of my WMI Test...Can anyone assist me in understanding this and what I need to do to correct it:

31289 15:00:26 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
31290 15:00:26 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
31291 15:00:26 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
31292 15:00:26 (0) **
31293 15:00:26 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
31294 15:00:26 (0) ** Windows Server 2003 - No service pack - 32-bit (3790) - User 'RPL\ADMINISTRATOR' on computer 'RPL-ADS-02'.
31295 15:00:26 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
31296 15:00:26 (0) ** Environment: ........................................................................................................ OK..
31297 15:00:26 (0) ** System drive: ....................................................................................................... C: (Disk #0 Partition #1).
31298 15:00:26 (0) ** Drive type: ......................................................................................................... SCSI (Dell VIRTUAL DISK SCSI Disk Device).
31299 15:00:26 (0) ** There are no missing WMI system files: .............................................................................. OK.
31300 15:00:26 (0) ** There are no missing WMI repository files: .......................................................................... OK.
31301 15:00:26 (0) ** WMI repository state: ............................................................................................... N/A.
31302 15:00:26 (0) ** BEFORE running WMIDiag:
31303 15:00:26 (0) ** The WMI repository has a size of: ................................................................................... 12 MB.
31304 15:00:26 (0) ** - Disk free space on 'C:': .......................................................................................... 69933 MB.
31305 15:00:26 (0) **   - INDEX.BTR,                     2179072 bytes,      11/17/2009 12:15:42 PM
31306 15:00:26 (0) **   - MAPPING.VER,                   4 bytes,            11/17/2009 2:55:42 PM
31307 15:00:26 (0) **   - MAPPING1.MAP,                  6052 bytes,         11/17/2009 2:50:42 PM
31308 15:00:26 (0) **   - MAPPING2.MAP,                  6052 bytes,         11/17/2009 2:55:42 PM
31309 15:00:26 (0) **   - OBJECTS.DATA,                  10117120 bytes,     11/17/2009 11:49:46 AM
31310 15:00:26 (0) ** AFTER running WMIDiag:
31311 15:00:26 (0) ** The WMI repository has a size of: ................................................................................... 12 MB.
31312 15:00:26 (0) ** - Disk free space on 'C:': .......................................................................................... 69930 MB.
31313 15:00:26 (0) **   - INDEX.BTR,                     2179072 bytes,      11/17/2009 12:15:42 PM
31314 15:00:26 (0) **   - MAPPING.VER,                   4 bytes,            11/17/2009 2:55:42 PM
31315 15:00:26 (0) **   - MAPPING1.MAP,                  6052 bytes,         11/17/2009 2:50:42 PM
31316 15:00:26 (0) **   - MAPPING2.MAP,                  6052 bytes,         11/17/2009 2:55:42 PM
31317 15:00:26 (0) **   - OBJECTS.DATA,                  10117120 bytes,     11/17/2009 11:49:46 AM
31318 15:00:26 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
31319 15:00:26 (0) ** Windows Firewall: ................................................................................................... NOT INSTALLED.
31320 15:00:26 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
31321 15:00:26 (0) ** DCOM Status: ........................................................................................................ OK.
31322 15:00:26 (0) ** WMI registry setup: ................................................................................................. OK.
31323 15:00:26 (0) ** WMI Service has no dependents: ...................................................................................... OK.
31324 15:00:26 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
31325 15:00:26 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
31326 15:00:26 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
31327 15:00:26 (0) ** WMI service DCOM setup: ............................................................................................. OK.
31328 15:00:26 (0) ** WMI components DCOM registrations: .................................................................................. OK.
31329 15:00:26 (0) ** WMI ProgID registrations: ........................................................................................... OK.
31330 15:00:26 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
31331 15:00:26 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
31332 15:00:26 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
31333 15:00:26 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
31334 15:00:26 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
31335 15:00:26 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': ..................................................................... MODIFIED.
31336 15:00:26 (1) !! ERROR: Actual trustee 'NT AUTHORITY\NETWORK SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default)
31337 15:00:26 (0) **        - ACTUAL ACE:
31338 15:00:26 (0) **          ACEType:  &h0
31339 15:00:26 (0) **                    ACCESS_ALLOWED_ACE_TYPE
31340 15:00:26 (0) **          ACEFlags: &h2
31341 15:00:26 (0) **                    CONTAINER_INHERIT_ACE
31342 15:00:26 (0) **          ACEMask:  &h1
31343 15:00:26 (0) **                    WBEM_ENABLE
31344 15:00:26 (0) **        - EXPECTED ACE:
31345 15:00:26 (0) **          ACEType:  &h0
31346 15:00:26 (0) **                    ACCESS_ALLOWED_ACE_TYPE
31347 15:00:26 (0) **          ACEFlags: &h12
31348 15:00:26 (0) **                    CONTAINER_INHERIT_ACE
31349 15:00:26 (0) **                    INHERITED_ACE
31350 15:00:26 (0) **          ACEMask:  &h13
31351 15:00:26 (0) **                    WBEM_ENABLE
31352 15:00:26 (0) **                    WBEM_METHOD_EXECUTE
31353 15:00:26 (0) **                    WBEM_WRITE_PROVIDER
31354 15:00:26 (0) **
31355 15:00:26 (0) ** => The actual ACE has the right(s) '&h12 WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
31356 15:00:26 (0) **    This will cause some operations to fail!
31357 15:00:26 (0) **    It is possible to fix this issue by editing the security descriptor and adding the removed right.
31358 15:00:26 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
31359 15:00:26 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace.
31360 15:00:26 (0) **       The security diagnostic is based on the WMI namespace expected defaults.
31361 15:00:26 (0) **       A specific WMI application can always require a security setup different
31362 15:00:26 (0) **       than the WMI security defaults.
31363 15:00:26 (0) **
31364 15:00:26 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': ..................................................................... MODIFIED.
31365 15:00:26 (1) !! ERROR: Actual trustee 'NT AUTHORITY\LOCAL SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default)
31366 15:00:26 (0) **        - ACTUAL ACE:
31367 15:00:26 (0) **          ACEType:  &h0
31368 15:00:26 (0) **                    ACCESS_ALLOWED_ACE_TYPE
31369 15:00:26 (0) **          ACEFlags: &h2
31370 15:00:26 (0) **                    CONTAINER_INHERIT_ACE
31371 15:00:26 (0) **          ACEMask:  &h1
31372 15:00:26 (0) **                    WBEM_ENABLE
31373 15:00:26 (0) **        - EXPECTED ACE:
31374 15:00:26 (0) **          ACEType:  &h0
31375 15:00:26 (0) **                    ACCESS_ALLOWED_ACE_TYPE
31376 15:00:26 (0) **          ACEFlags: &h12
31377 15:00:26 (0) **                    CONTAINER_INHERIT_ACE
31378 15:00:26 (0) **                    INHERITED_ACE
31379 15:00:26 (0) **          ACEMask:  &h13
31380 15:00:26 (0) **                    WBEM_ENABLE
31381 15:00:26 (0) **                    WBEM_METHOD_EXECUTE
31382 15:00:26 (0) **                    WBEM_WRITE_PROVIDER
31383 15:00:26 (0) **
31384 15:00:26 (0) ** => The actual ACE has the right(s) '&h12 WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
31385 15:00:26 (0) **    This will cause some operations to fail!
31386 15:00:26 (0) **    It is possible to fix this issue by editing the security descriptor and adding the removed right.
31387 15:00:26 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
31388 15:00:26 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace.
31389 15:00:26 (0) **       The security diagnostic is based on the WMI namespace expected defaults.
31390 15:00:26 (0) **       A specific WMI application can always require a security setup different
31391 15:00:26 (0) **       than the WMI security defaults.
31392 15:00:26 (0) **
31393 15:00:26 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': ..................................................................... MODIFIED.
31394 15:00:26 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED!
31395 15:00:26 (0) **        - REMOVED ACE:
31396 15:00:26 (0) **          ACEType:  &h0
31397 15:00:26 (0) **                    ACCESS_ALLOWED_ACE_TYPE
31398 15:00:26 (0) **          ACEFlags: &h12
31399 15:00:26 (0) **                    CONTAINER_INHERIT_ACE
31400 15:00:26 (0) **                    INHERITED_ACE
31401 15:00:26 (0) **          ACEMask:  &h13
31402 15:00:26 (0) **                    WBEM_ENABLE
31403 15:00:26 (0) **                    WBEM_METHOD_EXECUTE
31404 15:00:26 (0) **                    WBEM_WRITE_PROVIDER
31405 15:00:26 (0) **
31406 15:00:26 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
31407 15:00:26 (0) **    Removing default security will cause some operations to fail!
31408 15:00:26 (0) **    It is possible to fix this issue by editing the security descriptor and adding the ACE.
31409 15:00:26 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
31410 15:00:26 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace.
31411 15:00:26 (0) **       The security diagnostic is based on the WMI namespace expected defaults.
31412 15:00:26 (0) **       A specific WMI application can always require a security setup different
31413 15:00:26 (0) **       than the WMI security defaults.
31414 15:00:26 (0) **
31415 15:00:26 (0) ** WMI namespace security for 'ROOT/ASPNET': ........................................................................... MODIFIED.
31416 15:00:26 (1) !! ERROR: Actual trustee 'NT AUTHORITY\NETWORK SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default)
31417 15:00:26 (0) **        - ACTUAL ACE:
31418 15:00:26 (0) **          ACEType:  &h0
31419 15:00:26 (0) **                    ACCESS_ALLOWED_ACE_TYPE
31420 15:00:26 (0) **          ACEFlags: &h12
31421 15:00:26 (0) **                    CONTAINER_INHERIT_ACE
31422 15:00:26 (0) **                    INHERITED_ACE
31423 15:00:26 (0) **          ACEMask:  &h13
31424 15:00:26 (0) **                    WBEM_ENABLE
31425 15:00:26 (0) **                    WBEM_METHOD_EXECUTE
31426 15:00:26 (0) **                    WBEM_WRITE_PROVIDER
31427 15:00:26 (0) **        - EXPECTED ACE:
31428 15:00:26 (0) **          ACEType:  &h0
31429 15:00:26 (0) **                    ACCESS_ALLOWED_ACE_TYPE
31430 15:00:26 (0) **          ACEFlags: &h12
31431 15:00:26 (0) **                    CONTAINER_INHERIT_ACE
31432 15:00:26 (0) **                    INHERITED_ACE
31433 15:00:26 (0) **          ACEMask:  &h33
31434 15:00:26 (0) **                    WBEM_ENABLE
31435 15:00:26 (0) **                    WBEM_METHOD_EXECUTE
31436 15:00:26 (0) **                    WBEM_WRITE_PROVIDER
31437 15:00:26 (0) **                    WBEM_REMOTE_ACCESS
31438 15:00:26 (0) **
31439 15:00:26 (0) ** => The actual ACE has the right(s) '&h20 WBEM_REMOTE_ACCESS' removed!
31440 15:00:26 (0) **    This will cause some operations to fail!
31441 15:00:26 (0) **    It is possible to fix this issue by editing the security descriptor and adding the removed right.
31442 15:00:26 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
31443 15:00:26 (0) **
31444 15:00:26 (0) ** WMI namespace security for 'ROOT/ASPNET': ........................................................................... MODIFIED.
31445 15:00:26 (1) !! ERROR: Actual trustee 'NT AUTHORITY\LOCAL SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default)
31446 15:00:26 (0) **        - ACTUAL ACE:
31447 15:00:26 (0) **          ACEType:  &h0
31448 15:00:26 (0) **                    ACCESS_ALLOWED_ACE_TYPE
31449 15:00:26 (0) **          ACEFlags: &h12
31450 15:00:26 (0) **                    CONTAINER_INHERIT_ACE
31451 15:00:26 (0) **                    INHERITED_ACE
31452 15:00:26 (0) **          ACEMask:  &h13
31453 15:00:26 (0) **                    WBEM_ENABLE
31454 15:00:26 (0) **                    WBEM_METHOD_EXECUTE
31455 15:00:26 (0) **                    WBEM_WRITE_PROVIDER
31456 15:00:26 (0) **        - EXPECTED ACE:
31457 15:00:26 (0) **          ACEType:  &h0
31458 15:00:26 (0) **                    ACCESS_ALLOWED_ACE_TYPE
31459 15:00:26 (0) **          ACEFlags: &h12
31460 15:00:26 (0) **                    CONTAINER_INHERIT_ACE
31461 15:00:26 (0) **                    INHERITED_ACE
31462 15:00:26 (0) **          ACEMask:  &h33
31463 15:00:26 (0) **                    WBEM_ENABLE
31464 15:00:26 (0) **                    WBEM_METHOD_EXECUTE
31465 15:00:26 (0) **                    WBEM_WRITE_PROVIDER
31466 15:00:26 (0) **                    WBEM_REMOTE_ACCESS
31467 15:00:26 (0) **
31468 15:00:26 (0) ** => The actual ACE has the right(s) '&h20 WBEM_REMOTE_ACCESS' removed!
31469 15:00:26 (0) **    This will cause some operations to fail!
31470 15:00:26 (0) **    It is possible to fix this issue by editing the security descriptor and adding the removed right.
31471 15:00:26 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
31472 15:00:26 (0) **
31473 15:00:26 (0) **
31474 15:00:26 (0) ** DCOM security warning(s) detected: .................................................................................. 0.
31475 15:00:26 (0) ** DCOM security error(s) detected: .................................................................................... 0.
31476 15:00:26 (0) ** WMI security warning(s) detected: ................................................................................... 0.
31477 15:00:26 (0) ** WMI security error(s) detected: ..................................................................................... 5.
31478 15:00:26 (0) **
31479 15:00:26 (0) ** Overall DCOM security status: ....................................................................................... OK.
31480 15:00:26 (1) !! ERROR: Overall WMI security status: ................................................................................. ERROR!
31481 15:00:26 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
31482 15:00:26 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 54.
31483 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA44".
31484 15:00:26 (0) **   'select * from MSMCAEvent_InvalidError where (type = 2147811432) and (LogToEventlog <> 0)'
31485 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA23".
31486 15:00:26 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553235) and (LogToEventlog <> 0)'
31487 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA32".
31488 15:00:26 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811420) and (LogToEventlog <> 0)'
31489 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA14".
31490 15:00:26 (0) **   'select * from MSMCAEvent_MemoryError where (type = 2147811402) and (LogToEventlog <> 0)'
31491 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA37".
31492 15:00:26 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553249) and (LogToEventlog <> 0)'
31493 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer".
31494 15:00:26 (0) **   'select * from MSFT_SCMEventLogEvent'
31495 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA5".
31496 15:00:26 (0) **   'select * from MSMCAEvent_CPUError where (type = 3221553217) and (LogToEventlog <> 0)'
31497 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA18".
31498 15:00:26 (0) **   'select * from MSMCAEvent_SystemEventError where (type = 2147811406) and (LogToEventlog <> 0)'
31499 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA3".
31500 15:00:26 (0) **   'select * from MSMCAEvent_CPUError where (type = 3221553215) and (LogToEventlog <> 0)'
31501 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA41".
31502 15:00:26 (0) **   'select * from MSMCAEvent_SMBIOSError where (type = 3221553253) and (LogToEventlog <> 0)'
31503 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA26".
31504 15:00:26 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811414) and (LogToEventlog <> 0)'
31505 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA36".
31506 15:00:26 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811424) and (LogToEventlog <> 0)'
31507 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA9".
31508 15:00:26 (0) **   'select * from MSMCAEvent_CPUError where (type = 3221553221) and (LogToEventlog <> 0) and not ((MSSid = 0) and ((MsOp <> 3) or (MSOp <> 4)))'
31509 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA10".
31510 15:00:26 (0) **   'select * from MSMCAEvent_MemoryError where (type = 2147811398) and (LogToEventlog <> 0)'
31511 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA17".
31512 15:00:26 (0) **   'select * from MSMCAEvent_MemoryError where (type = 3221553229) and (LogToEventlog <> 0)'
31513 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA1".
31514 15:00:26 (0) **   'select * from MSMCAEvent_CPUError where (type = 3221553213) and (LogToEventlog <> 0)'
31515 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA42".
31516 15:00:26 (0) **   'select * from MSMCAEvent_PlatformSpecificError where (type = 2147811430) and (LogToEventlog <> 0)'
31517 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA4".
31518 15:00:26 (0) **   'select * from MSMCAEvent_CPUError where (type = 2147811392) and (LogToEventlog <> 0)'
31519 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA25".
31520 15:00:26 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553237) and (LogToEventlog <> 0)'
31521 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA49".
31522 15:00:26 (0) **   'select * from MSMCAEvent_CPUError where (MajorErrorType = 4) and (MSSid = 0) and (MSOp = 4) and (LogToEventlog <> 0)'
31523 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA27".
31524 15:00:26 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553239) and (LogToEventlog <> 0)'
31525 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA45".
31526 15:00:26 (0) **   'select * from MSMCAEvent_InvalidError where (type = 3221553257) and (LogToEventlog <> 0)'
31527 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA8".
31528 15:00:26 (0) **   'select * from MSMCAEvent_CPUError where (type = 2147811396) and (LogToEventlog <> 0) and not ((MSSid = 0) and ((MsOp <> 3) or (MSOp <> 4)))'
31529 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA40".
31530 15:00:26 (0) **   'select * from MSMCAEvent_SMBIOSError where (type = 2147811428) and (LogToEventlog <> 0)'
31531 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA39".
31532 15:00:26 (0) **   'select * from MSMCAEvent_PCIComponentError where (type = 3221553251) and (LogToEventlog <> 0)'
31533 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA29".
31534 15:00:26 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553241) and (LogToEventlog <> 0)'
31535 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA20".
31536 15:00:26 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811408) and (LogToEventlog <> 0)'
31537 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA48".
31538 15:00:26 (0) **   'select * from MSMCAEvent_CPUError where (MajorErrorType = 4) and (MSSid = 0) and (MSOp = 3) and (LogToEventlog <> 0)'
31539 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA28".
31540 15:00:26 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811416) and (LogToEventlog <> 0)'
31541 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA33".
31542 15:00:26 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553245) and (LogToEventlog <> 0)'
31543 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA7".
31544 15:00:26 (0) **   'select * from MSMCAEvent_CPUError where (type = 3221553219) and (LogToEventlog <> 0)'
31545 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA16".
31546 15:00:26 (0) **   'select * from MSMCAEvent_MemoryError where (type = 2147811404) and (LogToEventlog <> 0)'
31547 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA43".
31548 15:00:26 (0) **   'select * from MSMCAEvent_PlatformSpecificError where (type = 3221553255) and (LogToEventlog <> 0)'
31549 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA21".
31550 15:00:26 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553233) and (LogToEventlog <> 0)'
31551 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA6".
31552 15:00:26 (0) **   'select * from MSMCAEvent_CPUError where (type = 2147811394) and (LogToEventlog <> 0)'
31553 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA31".
31554 15:00:26 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553243) and (LogToEventlog <> 0)'
31555 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA12".
31556 15:00:26 (0) **   'select * from MSMCAEvent_MemoryError where (type = 2147811400) and (LogToEventlog <> 0)'
31557 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA46".
31558 15:00:26 (0) **   'select * from MSMCAEvent_InvalidError where (type = 2147811434) and (LogToEventlog <> 0)'
31559 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA47".
31560 15:00:26 (0) **   'select * from MSMCAEvent_InvalidError where (type = 3221553259) and (LogToEventlog <> 0)'
31561 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA35".
31562 15:00:26 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553247) and (LogToEventlog <> 0)'
31563 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA0".
31564 15:00:26 (0) **   'select * from MSMCAEvent_CPUError where (type = 2147811388) and (LogToEventlog <> 0)'
31565 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA19".
31566 15:00:26 (0) **   'select * from MSMCAEvent_SystemEventError where (type = 3221553231) and (LogToEventlog <> 0)'
31567 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA11".
31568 15:00:26 (0) **   'select * from MSMCAEvent_MemoryError where (type = 3221553223) and (LogToEventlog <> 0)'
31569 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA52".
31570 15:00:26 (0) **   'select * from MSMCAEvent_MemoryPageRemoved'
31571 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA30".
31572 15:00:26 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811418) and (LogToEventlog <> 0)'
31573 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA15".
31574 15:00:26 (0) **   'select * from MSMCAEvent_MemoryError where (type = 3221553227) and (LogToEventlog <> 0)'
31575 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA38".
31576 15:00:26 (0) **   'select * from MSMCAEvent_PCIComponentError where (type = 2147811426) and (LogToEventlog <> 0)'
31577 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA34".
31578 15:00:26 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811422) and (LogToEventlog <> 0)'
31579 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA2".
31580 15:00:26 (0) **   'select * from MSMCAEvent_CPUError where (type = 2147811390) and (LogToEventlog <> 0)'
31581 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA22".
31582 15:00:26 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811410) and (LogToEventlog <> 0)'
31583 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA13".
31584 15:00:26 (0) **   'select * from MSMCAEvent_MemoryError where (type = 3221553225) and (LogToEventlog <> 0)'
31585 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA50".
31586 15:00:26 (0) **   'select * from MSMCAEvent_CPUError where (type = 2147811441) and (LogToEventlog <> 0)'
31587 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA51".
31588 15:00:26 (0) **   'select * from MSMCAEvent_CPUError where (type = 3221553266) and (LogToEventlog <> 0)'
31589 15:00:26 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA24".
31590 15:00:26 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811412) and (LogToEventlog <> 0)'
31591 15:00:26 (0) **
31592 15:00:26 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
31593 15:00:26 (0) ** WMI ADAP status: .................................................................................................... OK.
31594 15:00:26 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: .................................................................... 1 NAMESPACE(S)!
31595 15:00:26 (0) ** - ROOT/SERVICEMODEL.
31596 15:00:26 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to
31597 15:00:26 (0) **    use an encrypted connection by specifying the PACKET PRIVACY authentication level.
31598 15:00:26 (0) **    (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags)
31599 15:00:26 (0) **    i.e. 'WMIC.EXE /NODE:"RPL-ADS-02" /AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class __SystemSecurity'
31600 15:00:26 (0) **
31601 15:00:26 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK.
31602 15:00:26 (0) ** WMI CONNECTIONS: .................................................................................................... OK.
31603 15:00:26 (0) ** WMI GET operations: ................................................................................................. OK.
31604 15:00:26 (0) ** WMI MOF representations: ............................................................................................ OK.
31605 15:00:26 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
31606 15:00:26 (0) ** WMI ENUMERATION operations: ......................................................................................... OK.
31607 15:00:26 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
31608 15:00:26 (0) ** WMI GET VALUE operations: ........................................................................................... OK.
31609 15:00:26 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
31610 15:00:26 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
31611 15:00:26 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
31612 15:00:26 (0) ** WMI static instances retrieved: ..................................................................................... 1548.
31613 15:00:26 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
31614 15:00:26 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 0.
31615 15:00:26 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
31616 15:00:26 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
31617 15:00:26 (0) **   DCOM: ............................................................................................................. 0.
31618 15:00:26 (0) **   WINMGMT: .......................................................................................................... 18.
31619 15:00:26 (0) **   WMIADAPTER: ....................................................................................................... 0.
31620 15:00:26 (0) ** => Verify the WMIDiag LOG at line #30684 for more details.
31621 15:00:26 (0) **
31622 15:00:26 (0) ** # of additional Event Log events AFTER WMIDiag execution:
31623 15:00:26 (0) **   DCOM: ............................................................................................................. 0.
31624 15:00:26 (0) **   WINMGMT: .......................................................................................................... 0.
31625 15:00:26 (0) **   WMIADAPTER: ....................................................................................................... 0.
31626 15:00:26 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
31627 15:00:26 (0) ** WMI Registry key setup: ............................................................................................. OK.
31628 15:00:26 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
31629 15:00:26 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
31630 15:00:26 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
31631 15:00:26 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
31632 15:00:26 (0) **
31633 15:00:26 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
31634 15:00:26 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
31635 15:00:26 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
Avatar of ITCSAdmin
ITCSAdmin
Flag of United States of America image

ASKER

I also have increased the point value to max...

ITCSAdmin
ASKER CERTIFIED SOLUTION
Avatar of delyan_valchev
delyan_valchev
Flag of Bulgaria image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of ITCSAdmin
ITCSAdmin
Flag of United States of America image

ASKER

Finally a solution....