Windows SBS 2003 R2 w/SP2 experiencing WMI errors

jym2112
jym2112 used Ask the Experts™
on
Hello Experts,

I am having a reoccurring error on my SBS 2003 Standard Edition.  

OVERVIEW:

1. When logging into the server, I get a "WMI encountered a problem and needed to close" dialog box, between 5-14 times.

2. The daily scheduled SBS Backup routine fails.

3. The application event log repeatedly logs errors, event ID 1000, source: Application error
 - Faulting application wmiprvse.exe, version 5.2.3790.3959, faulting module ntdll.dll, version 5.2.3790.3959, fault address 0x0001a379.

4. The application event log repeatedly logs errors, event ID 1000, source: Microsoft Exchange Server.
 - Faulting application exwmi.dll, version 6.5.7638.1, stamp 430e7361, faulting module ntdll.dll, version 5.2.3790.3959, stamp 45d70ad8, debug? 0, fault address 0x0001a379.

5. The hourly Performance reports fail.

6. My CPU is experiencing 100% spike at regular 5sec intervals causing my system to run very slowly


****

OS Name            Microsoft(R) Windows(R) Server 2003 for Small Business Server
Version                  5.2.3790 Service Pack 2 Build 3790
OS Manufacturer      Microsoft Corporation
System Name            Not Available
System Manufacturer      System manufacturer
System Type            X86-based PC
Processor            x86 Family 15 Model 47 Stepping 0 AuthenticAMD ~1809 Mhz
BIOS Version/Date      Phoenix Technologies, LTD ASUS A8N5X ACPI BIOS Revision 1003, 6/1/2006
SMBIOS Version      2.3
Windows Directory      C:\WINDOWS
System Directory            C:\WINDOWS\system32
Boot Device            \Device\HarddiskVolume1
Hardware Abstraction Layer      Version = "5.2.3790.3959 (srv03_sp2_rtm.070216-1710)"
User Name                  Not Available
Time Zone                  Pacific Daylight Time
Total Physical Memory            1,023.45 MB
Available Physical Memory      99.98 MB
Total Virtual Memory            2.36 GB
Available Virtual Memory            1.10 GB
Page File Space                  1.45 GB
Page File                  C:\pagefile.sys

****

My server is experiencing almost the same errors as I have viewed on a post by budchawla:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_22070592.html?sfQueryTermInfo=1+sb+wmi

****

The main difference is that my errors started after installing the R2 update for SBS. I recently installed the SP2 update in an attempt to correct the problems but to no effect. I have managed to remove this error from appearing by deleting the wmiprvse.exe and then doing a restart. This fixes the problem for a day or two but then the error comes right back. During this time I am able to restart my performance reporting and backups but as soon as the error returns I have to reset all reporting settings once again.

Also running Trend Micro Housecall online virus scan will temporarily fix the problem, even though it doesn’t report any errors, malware or viruses.  My server has Avast! SBS 2003 installed, but no viruses have been detected.

Any help would be greatly appreciated as this problem is getting very annoying.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
SYSTEMINFO
***********************************************************************************

Host Name:                 Not Available
OS Name:                   Microsoft(R) Windows(R) Server 2003 for Small Business Server
OS Version:                5.2.3790 Service Pack 2 Build 3790
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Primary Domain Controller
OS Build Type:             Uniprocessor Free
Registered Owner:          Not Available
Registered Organization:
Product ID:                74995-OEM-4212892-70554
Original Install Date:     1/4/2003, 8:28:52 PM
System Up Time:            0 Days, 1 Hours, 10 Minutes, 9 Seconds
System Manufacturer:       System manufacturer
System Model:              System Product Name
System Type:               X86-based PC
Processor(s):              1 Processor(s) Installed.
                           [01]: x86 Family 15 Model 47 Stepping 0 AuthenticAMD
~1809 Mhz
BIOS Version:              Nvidia - 42302e31
Windows Directory:         C:\WINDOWS
System Directory:          C:\WINDOWS\system32
Boot Device:               \Device\HarddiskVolume1
System Locale:             en-us;English (United States)
Input Locale:              en-us;English (United States)
Time Zone:                 (GMT-08:00) Pacific Time (US & Canada)
Total Physical Memory:     1,023 MB
Available Physical Memory: 161 MB
Page File: Max Size:       2,421 MB
Page File: Available:      1,015 MB
Page File: In Use:         1,406 MB
Page File Location(s):     C:\pagefile.sys
Domain:                    Not Available
Logon Server:             Not Available
Hotfix(s):                 23 Hotfix(s) Installed.
                           [01]: File 1
                           [02]: File 1
                           [03]: File 1
                           [04]: File 1
                           [05]: File 1
                           [06]: File 1
                           [07]: File 1
                           [08]: File 1
                           [09]: File 1
                           [10]: Q147222
                           [11]: SP1 - SP
                           [12]: Q927978
                           [13]: KB889101 - Service Pack
                           [14]: KB914961 - Service Pack
                           [15]: KB925876 - Update
                           [16]: KB925902 - Update
                           [17]: KB927891 - Update
                           [18]: KB930178 - Update
                           [19]: KB931768 - Update
                           [20]: KB931784 - Update
                           [21]: KB931836 - Update
                           [22]: KB932168 - Update
                           [23]: KB935966 - Update
Network Card(s):           1 NIC(s) Installed.
                           [01]: NVIDIA nForce Networking Controller
                                 Connection Name: Local Area Connection
                                 DHCP Enabled:    Yes
                                 DHCP Server:     192.168.0.1
                                 IP address(es)
                                 [01]: 192.168.0.101

Author

Commented:
IPCONFIG /ALL
***************************************************


Windows IP Configuration

   Host Name . . . . . . . . . . . . : Not Available
   Primary Dns Suffix  . . . . . . . : name.name
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : Not Available

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : name.name
   Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
   Physical Address. . . . . . . . . : 00-18-F3-02-A7-D7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IP Address. . . . . . . . . . . . : 192.168.0.101
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.101
                                       64.59.144.19
   Lease Obtained. . . . . . . . . . : Thursday, May 31, 2007 11:47:19 AM
   Lease Expires . . . . . . . . . . : Friday, June 01, 2007 11:47:19 AM
Most Valuable Expert 2011
Top Expert 2011

Commented:
I have used this method a handful of times successfully, to rebuild or reinstall WMI...
(courtesy of sramesh2k....2nd time I have been there today. Thanks sramesh2k!!)

Repairing and re-registering the WMI
http://windowsxp.mvps.org/repairwmi.htm
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

Author

Commented:
Thank you Johnb6767

My server is currently in the period between errors so running this script has not provided me with any useful information. As soon as my server starts acting up again (most likely tomorrow at around 2) I will run this to figure out what my errors are.

Author

Commented:
So over the weekend my server restarted itself. When I came in this morning I received about 10 "WMI encountered a problem and needed to close" dialog box, but also something new about 6 "LS Shell encountered a problem and needed to close" dialog box's.

I ran "rundll32 wbemupgd, CheckWMISetup" and didn't recieve any erroes and no inconsistencies were found.

anymore help would be very useful.

Thanks
Most Valuable Expert 2011
Top Expert 2011

Commented:
Can you upload some of the crash dumps for us to look at?

Http://www.ee-stuff.com is a free upload site for us....

Author

Commented:
This is my wmiprov.log


(Sun Jun 03 00:54:42 2007.220078578) : ***************************************
(Sun Jun 03 00:54:42 2007.220078578) : Could not get pointer to binary resource for file:
(Sun Jun 03 00:54:42 2007.220078578) : C:\WINDOWS\System32\drivers\afd.sys[AfdMofResource](Sun Jun 03 00:54:42 2007.220078578) :
(Sun Jun 03 00:54:42 2007.220078578) : ***************************************
(Sun Jun 03 03:46:26 2007.171640) : WDM call returned error: 4200
(Sun Jun 03 03:46:27 2007.172859) : CreateFile FAILED for filename:
(Sun Jun 03 03:46:27 2007.172906) : inetinfo.exe(Sun Jun 03 03:46:27 2007.172906) :
(Sun Jun 03 03:46:27 2007.172906) : : GetlastError returned 2
(Sun Jun 03 03:46:51 2007.196765) : Received Event
(Sun Jun 03 03:47:01 2007.207062) : Received Event
(Sun Jun 03 03:47:30 2007.236546) : Received Event
(Sun Jun 03 12:45:18 2007.32500625) : WDM call returned error: 4200
(Sun Jun 03 12:45:19 2007.32501046) : CreateFile FAILED for filename:
(Sun Jun 03 12:45:19 2007.32501046) : inetinfo.exe(Sun Jun 03 12:45:19 2007.32501046) :
(Sun Jun 03 12:45:19 2007.32501046) : : GetlastError returned 2
(Sun Jun 03 17:15:31 2007.48712578) : WDM call returned error: 4200
(Sun Jun 03 17:15:31 2007.48712812) : CreateFile FAILED for filename:
(Sun Jun 03 17:15:31 2007.48712812) : inetinfo.exe(Sun Jun 03 17:15:31 2007.48712812) :
(Sun Jun 03 17:15:31 2007.48712812) : : GetlastError returned 2
(Mon Jun 04 06:56:27 2007.97968515) : WDM call returned error: 4200
(Mon Jun 04 06:56:28 2007.97969187) : CreateFile FAILED for filename:
(Mon Jun 04 06:56:28 2007.97969187) : inetinfo.exe(Mon Jun 04 06:56:28 2007.97969187) :
(Mon Jun 04 06:56:28 2007.97969187) : : GetlastError returned 2
(Mon Jun 04 11:40:37 2007.115018296) : WDM call returned error: 4200
(Mon Jun 04 11:40:38 2007.115018453) : CreateFile FAILED for filename:
(Mon Jun 04 11:40:38 2007.115018453) : inetinfo.exe(Mon Jun 04 11:40:38 2007.115018453) :
(Mon Jun 04 11:40:38 2007.115018453) : : GetlastError returned 2
(Mon Jun 04 16:46:52 2007.133392531) : WDM call returned error: 4200
(Mon Jun 04 16:46:52 2007.133393000) : CreateFile FAILED for filename:
(Mon Jun 04 16:46:52 2007.133393000) : inetinfo.exe(Mon Jun 04 16:46:52 2007.133393000) :
(Mon Jun 04 16:46:52 2007.133393000) : : GetlastError returned 2
(Mon Jun 04 20:37:04 2007.147204656) : WDM call returned error: 4200
(Tue Jun 05 02:25:07 2007.168086687) : WDM call returned error: 4200
(Tue Jun 05 02:25:07 2007.168087468) : CreateFile FAILED for filename:
(Tue Jun 05 02:25:07 2007.168087468) : inetinfo.exe(Tue Jun 05 02:25:07 2007.168087468) :
(Tue Jun 05 02:25:07 2007.168087468) : : GetlastError returned 2
(Tue Jun 05 08:32:26 2007.190125781) : WDM call returned error: 4200
(Tue Jun 05 08:32:26 2007.190126046) : CreateFile FAILED for filename:
(Tue Jun 05 08:32:26 2007.190126062) : inetinfo.exe(Tue Jun 05 08:32:26 2007.190126062) :
(Tue Jun 05 08:32:26 2007.190126062) : : GetlastError returned 2
(Tue Jun 05 23:06:58 2007.242597250) : WDM call returned error: 4200
(Wed Jun 06 05:24:14 2007.265232750) : WDM call returned error: 4200
(Wed Jun 06 05:24:15 2007.265233328) : CreateFile FAILED for filename:
(Wed Jun 06 05:24:15 2007.265233328) : inetinfo.exe(Wed Jun 06 05:24:15 2007.265233328) :
(Wed Jun 06 05:24:15 2007.265233328) : : GetlastError returned 2
(Wed Jun 06 09:20:23 2007.279401734) : WDM call returned error: 4200
(Wed Jun 06 09:20:23 2007.279402031) : CreateFile FAILED for filename:
(Wed Jun 06 09:20:23 2007.279402031) : inetinfo.exe(Wed Jun 06 09:20:23 2007.279402031) :
(Wed Jun 06 09:20:23 2007.279402031) : : GetlastError returned 2
(Wed Jun 06 10:30:36 2007.283614906) : WDM call returned error: 4200
(Wed Jun 06 11:28:38 2007.287096656) : WDM call returned error: 4200
(Wed Jun 06 11:28:38 2007.287096859) : CreateFile FAILED for filename:
(Wed Jun 06 11:28:38 2007.287096859) : inetinfo.exe(Wed Jun 06 11:28:38 2007.287096859) :
(Wed Jun 06 11:28:38 2007.287096859) : : GetlastError returned 2

Author

Commented:
then I ran rundll32 wbemupgd, RepairWMISetup, did a restart and this is my wbemess.log

(Thu Jun 07 13:36:40 2007.381177515) : Failed the first attempt to retrieve the sink to deliver an event to event consumer MicrosoftHM_PermConsumer="HealthMon" with error code 80041013.
WMI will reload and retry.
(Thu Jun 07 13:36:40 2007.381177531) : ESS unable to load consumer provider MicrosoftHM_PermConsumer from provider subsystem: 0x80041013
(Thu Jun 07 13:36:40 2007.381177531) : Failed the second attempt to deliver an event to event consumer MicrosoftHM_PermConsumer="HealthMon" with error code 80041013.
This event is dropped for this consumer.
(Thu Jun 07 13:36:40 2007.381177531) : Dropping event destined for event consumer MicrosoftHM_PermConsumer="HealthMon" in namespace //./ROOT/cimv2/MicrosoftHealthMonitor
(Thu Jun 07 13:36:42 2007.381179234) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:36:42 2007.381179234) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:36:42 2007.381179234) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:36:42 2007.381179234) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041003. Dropping event.
(Thu Jun 07 13:36:49 2007.381186250) : ESS unable to load consumer provider MicrosoftHM_PermConsumer from provider subsystem: 0x80041013
(Thu Jun 07 13:36:49 2007.381186250) : Failed the first attempt to retrieve the sink to deliver an event to event consumer MicrosoftHM_PermConsumer="HealthMon" with error code 80041013.
WMI will reload and retry.
(Thu Jun 07 13:36:49 2007.381186281) : ESS unable to load consumer provider MicrosoftHM_PermConsumer from provider subsystem: 0x80041013
(Thu Jun 07 13:36:49 2007.381186281) : Failed the second attempt to deliver an event to event consumer MicrosoftHM_PermConsumer="HealthMon" with error code 80041013.
This event is dropped for this consumer.
(Thu Jun 07 13:36:49 2007.381186281) : Dropping event destined for event consumer MicrosoftHM_PermConsumer="HealthMon" in namespace //./ROOT/cimv2/MicrosoftHealthMonitor
(Thu Jun 07 13:36:59 2007.381196250) : ESS unable to load consumer provider MicrosoftHM_PermConsumer from provider subsystem: 0x80041013
(Thu Jun 07 13:36:59 2007.381196250) : Failed the first attempt to retrieve the sink to deliver an event to event consumer MicrosoftHM_PermConsumer="HealthMon" with error code 80041013.
WMI will reload and retry.
(Thu Jun 07 13:36:59 2007.381196281) : ESS unable to load consumer provider MicrosoftHM_PermConsumer from provider subsystem: 0x80041013
(Thu Jun 07 13:36:59 2007.381196281) : Failed the second attempt to deliver an event to event consumer MicrosoftHM_PermConsumer="HealthMon" with error code 80041013.
This event is dropped for this consumer.
(Thu Jun 07 13:36:59 2007.381196281) : Dropping event destined for event consumer MicrosoftHM_PermConsumer="HealthMon" in namespace //./ROOT/cimv2/MicrosoftHealthMonitor
(Thu Jun 07 13:37:09 2007.381206250) : ESS unable to load consumer provider MicrosoftHM_PermConsumer from provider subsystem: 0x80041013
(Thu Jun 07 13:37:09 2007.381206250) : Failed the first attempt to retrieve the sink to deliver an event to event consumer MicrosoftHM_PermConsumer="HealthMon" with error code 80041013.
WMI will reload and retry.
(Thu Jun 07 13:37:09 2007.381206281) : ESS unable to load consumer provider MicrosoftHM_PermConsumer from provider subsystem: 0x80041013
(Thu Jun 07 13:37:09 2007.381206281) : Failed the second attempt to deliver an event to event consumer MicrosoftHM_PermConsumer="HealthMon" with error code 80041013.
This event is dropped for this consumer.
(Thu Jun 07 13:37:09 2007.381206281) : Dropping event destined for event consumer MicrosoftHM_PermConsumer="HealthMon" in namespace //./ROOT/cimv2/MicrosoftHealthMonitor
(Thu Jun 07 13:37:16 2007.381212781) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:16 2007.381212781) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:16 2007.381212781) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:16 2007.381212781) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:16 2007.381212781) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:16 2007.381212781) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041003. Dropping event.
(Thu Jun 07 13:37:16 2007.381212953) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:16 2007.381212953) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:16 2007.381212953) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041003. Dropping event.
(Thu Jun 07 13:37:18 2007.381215406) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:18 2007.381215406) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:18 2007.381215406) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:18 2007.381215406) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:18 2007.381215406) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:18 2007.381215406) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:18 2007.381215406) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041003. Dropping event.
(Thu Jun 07 13:37:19 2007.381216250) : ESS unable to load consumer provider MicrosoftHM_PermConsumer from provider subsystem: 0x80041013
(Thu Jun 07 13:37:19 2007.381216250) : Failed the first attempt to retrieve the sink to deliver an event to event consumer MicrosoftHM_PermConsumer="HealthMon" with error code 80041013.
WMI will reload and retry.
(Thu Jun 07 13:37:19 2007.381216281) : ESS unable to load consumer provider MicrosoftHM_PermConsumer from provider subsystem: 0x80041013
(Thu Jun 07 13:37:19 2007.381216281) : Failed the second attempt to deliver an event to event consumer MicrosoftHM_PermConsumer="HealthMon" with error code 80041013.
This event is dropped for this consumer.
(Thu Jun 07 13:37:19 2007.381216281) : Dropping event destined for event consumer MicrosoftHM_PermConsumer="HealthMon" in namespace //./ROOT/cimv2/MicrosoftHealthMonitor
(Thu Jun 07 13:37:29 2007.381226250) : ESS unable to load consumer provider MicrosoftHM_PermConsumer from provider subsystem: 0x80041013
(Thu Jun 07 13:37:29 2007.381226250) : Failed the first attempt to retrieve the sink to deliver an event to event consumer MicrosoftHM_PermConsumer="HealthMon" with error code 80041013.
WMI will reload and retry.
(Thu Jun 07 13:37:29 2007.381226281) : ESS unable to load consumer provider MicrosoftHM_PermConsumer from provider subsystem: 0x80041013
(Thu Jun 07 13:37:29 2007.381226281) : Failed the second attempt to deliver an event to event consumer MicrosoftHM_PermConsumer="HealthMon" with error code 80041013.
This event is dropped for this consumer.
(Thu Jun 07 13:37:29 2007.381226281) : Dropping event destined for event consumer MicrosoftHM_PermConsumer="HealthMon" in namespace //./ROOT/cimv2/MicrosoftHealthMonitor
(Thu Jun 07 13:37:34 2007.381231531) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:34 2007.381231531) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:34 2007.381231531) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:34 2007.381231531) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041003. Dropping event.
(Thu Jun 07 13:37:35 2007.381232000) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:35 2007.381232000) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041003. Dropping event.
(Thu Jun 07 13:37:37 2007.381234609) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:37 2007.381234609) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041003. Dropping event.
(Thu Jun 07 13:37:39 2007.381236093) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:39 2007.381236093) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041003. Dropping event.
(Thu Jun 07 13:37:39 2007.381236250) : ESS unable to load consumer provider MicrosoftHM_PermConsumer from provider subsystem: 0x80041013
(Thu Jun 07 13:37:39 2007.381236500) : Failed the first attempt to retrieve the sink to deliver an event to event consumer MicrosoftHM_PermConsumer="HealthMon" with error code 80041013.
WMI will reload and retry.
(Thu Jun 07 13:37:39 2007.381236515) : ESS unable to load consumer provider MicrosoftHM_PermConsumer from provider subsystem: 0x80041013
(Thu Jun 07 13:37:39 2007.381236515) : Failed the second attempt to deliver an event to event consumer MicrosoftHM_PermConsumer="HealthMon" with error code 80041013.
This event is dropped for this consumer.
(Thu Jun 07 13:37:39 2007.381236515) : Dropping event destined for event consumer MicrosoftHM_PermConsumer="HealthMon" in namespace //./ROOT/cimv2/MicrosoftHealthMonitor
(Thu Jun 07 13:37:43 2007.381239843) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:43 2007.381239843) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:43 2007.381239843) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:43 2007.381239843) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041003. Dropping event.
(Thu Jun 07 13:37:44 2007.381240875) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:44 2007.381240875) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041003. Dropping event.
(Thu Jun 07 13:37:45 2007.381241890) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:45 2007.381241890) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041003. Dropping event.
(Thu Jun 07 13:37:46 2007.381242734) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:46 2007.381242734) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041003. Dropping event.
(Thu Jun 07 13:37:47 2007.381244359) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:47 2007.381244359) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041003. Dropping event.
(Thu Jun 07 13:37:47 2007.381244546) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:47 2007.381244546) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041003. Dropping event.
(Thu Jun 07 13:37:50 2007.381247656) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:37:50 2007.381247656) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041003. Dropping event.
(Thu Jun 07 13:38:09 2007.381266296) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:38:09 2007.381266296) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041003. Dropping event.
(Thu Jun 07 13:38:13 2007.381270343) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:38:13 2007.381270343) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041003. Dropping event.
(Thu Jun 07 13:38:50 2007.381306781) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:38:50 2007.381306781) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041003. Dropping event.
(Thu Jun 07 13:38:51 2007.381308359) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:38:51 2007.381308359) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041003. Dropping event.
(Thu Jun 07 13:39:14 2007.381331656) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
(Thu Jun 07 13:39:14 2007.381331656) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041003. Dropping event.
(Thu Jun 07 13:48:33 2007.444000) : Unable to remove all queries from a remote provider proxy. Error code: 800706BA
(Thu Jun 07 13:48:37 2007.448531) : Failed the first attempt to deliver an event to event consumer MicrosoftHM_PermConsumer="HealthMon" with error code 0x800706BF.
WMI will reload and retry.
(Thu Jun 07 13:51:13 2007.604375) : Unable to remove all queries from a remote provider proxy. Error code: 800706BF
(Thu Jun 07 13:51:17 2007.608531) : Failed the first attempt to deliver an event to event consumer MicrosoftHM_PermConsumer="HealthMon" with error code 0x800706BF.
WMI will reload and retry.
(Thu Jun 07 13:53:51 2007.761687) : Unable to remove all queries from a remote provider proxy. Error code: 800706BF
(Thu Jun 07 13:53:57 2007.768531) : Failed the first attempt to deliver an event to event consumer MicrosoftHM_PermConsumer="HealthMon" with error code 0x800706BF.
WMI will reload and retry.
(Thu Jun 07 13:56:35 2007.925750) : Unable to remove all queries from a remote provider proxy. Error code: 800706BF
(Thu Jun 07 13:56:37 2007.928531) : Failed the first attempt to deliver an event to event consumer MicrosoftHM_PermConsumer="HealthMon" with error code 0x800706BF.
WMI will reload and retry.
(Thu Jun 07 13:59:12 2007.1083437) : Unable to remove all queries from a remote provider proxy. Error code: 800706BF
(Thu Jun 07 13:59:17 2007.1088531) : Failed the first attempt to deliver an event to event consumer MicrosoftHM_PermConsumer="HealthMon" with error code 0x800706BF.
WMI will reload and retry.
(Thu Jun 07 14:01:51 2007.1241875) : Unable to remove all queries from a remote provider proxy. Error code: 800706BF
(Thu Jun 07 14:01:57 2007.1248515) : Failed the first attempt to deliver an event to event consumer MicrosoftHM_PermConsumer="HealthMon" with error code 0x800706BF.
WMI will reload and retry.
(Thu Jun 07 14:04:31 2007.1401625) : Unable to remove all queries from a remote provider proxy. Error code: 800706BF
(Thu Jun 07 14:04:37 2007.1408515) : Failed the first attempt to deliver an event to event consumer MicrosoftHM_PermConsumer="HealthMon" with error code 0x800706BF.
WMI will reload and retry.
(Thu Jun 07 14:07:11 2007.1561656) : Unable to remove all queries from a remote provider proxy. Error code: 800706BF
(Thu Jun 07 14:07:17 2007.1568531) : Failed the first attempt to deliver an event to event consumer MicrosoftHM_PermConsumer="HealthMon" with error code 0x800706BF.
WMI will reload and retry.
(Thu Jun 07 14:09:50 2007.1720968) : Unable to remove all queries from a remote provider proxy. Error code: 800706BF
(Thu Jun 07 14:09:57 2007.1728515) : Failed the first attempt to deliver an event to event consumer MicrosoftHM_PermConsumer="HealthMon" with error code 0x800706BF.
WMI will reload and retry.

Author

Commented:
and my new wmiprv.log info

(Thu Jun 07 13:34:27 2007.381044343) : WDM call returned error: 4200
(Thu Jun 07 13:34:29 2007.381046093) : CreateFile FAILED for filename:
(Thu Jun 07 13:34:29 2007.381046093) : inetinfo.exe(Thu Jun 07 13:34:29 2007.381046093) :
(Thu Jun 07 13:34:29 2007.381046093) : : GetlastError returned 2
(Thu Jun 07 13:34:54 2007.381071265) : WDM call returned error: 4200
(Thu Jun 07 13:34:54 2007.381071343) : CreateFile FAILED for filename:
(Thu Jun 07 13:34:54 2007.381071343) : inetinfo.exe(Thu Jun 07 13:34:54 2007.381071343) :
(Thu Jun 07 13:34:54 2007.381071343) : : GetlastError returned 2
(Thu Jun 07 13:45:39 2007.269859) : WDM call returned error: 4200
(Thu Jun 07 13:45:58 2007.288781) : ***************************************
(Thu Jun 07 13:45:58 2007.288781) : Could not get pointer to binary resource for file:
(Thu Jun 07 13:45:58 2007.288781) : C:\WINDOWS\System32\drivers\afd.sys[AfdMofResource](Thu Jun 07 13:45:58 2007.288781) :
(Thu Jun 07 13:45:58 2007.288781) : ***************************************
(Thu Jun 07 13:46:30 2007.321562) : CreateFile FAILED for filename:
(Thu Jun 07 13:46:30 2007.321562) : inetinfo.exe(Thu Jun 07 13:46:30 2007.321562) :
(Thu Jun 07 13:46:30 2007.321562) : : GetlastError returned 2
(Thu Jun 07 13:47:02 2007.353468) : CreateFile FAILED for filename:
(Thu Jun 07 13:47:02 2007.353468) : inetinfo.exe(Thu Jun 07 13:47:02 2007.353468) :
(Thu Jun 07 13:47:02 2007.353468) : : GetlastError returned 2
(Thu Jun 07 13:47:02 2007.353468) : WDM call returned error: 4200
Most Valuable Expert 2011
Top Expert 2011

Commented:
Can you get us a few of the recent dump files as requested above? Maybe we can see something in there......

Author

Commented:
Faulting application wmiprvse.exe, version 5.2.3790.3959, faulting module ntdll.dll, version 5.2.3790.3959, fault address 0x0001a379.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 46 61 69 6c   ion Fail
0010: 75 72 65 20 20 77 6d 69   ure  wmi
0018: 70 72 76 73 65 2e 65 78   prvse.ex
0020: 65 20 35 2e 32 2e 33 37   e 5.2.37
0028: 39 30 2e 33 39 35 39 20   90.3959
0030: 69 6e 20 6e 74 64 6c 6c   in ntdll
0038: 2e 64 6c 6c 20 35 2e 32   .dll 5.2
0040: 2e 33 37 39 30 2e 33 39   .3790.39
0048: 35 39 20 61 74 20 6f 66   59 at of
0050: 66 73 65 74 20 30 30 30   fset 000
0058: 31 61 33 37 39            1a379  


Is this the info you looking for? on restart I'm getting 24 different event log errors

Author

Commented:
A provider, PerfProv, has been registered in the WMI namespace, ROOT\CIMV2\MicrosoftHealthMonitor\PerfMon, but did not specify the HostingModel property.  This provider will be run using the LocalSystem account.  This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.  Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.  

For more information, see Help and Support Center at
Most Valuable Expert 2011
Top Expert 2011

Commented:
No, the mini dump file from c:\windows\minidump...Looks like "Mini060307-01.dmp"

Author

Commented:
sorry john but EE will not allow me to upload a .dmp file... I could change this to a .txt file or I could copy the info out of the file and just poist it in this string. please advise

Thanks
Most Valuable Expert 2011
Top Expert 2011

Commented:
Zip is and upload it at
Http://www.ee-stuff.com

Author

Commented:
This questions is not abandoned, I am still having the problem but have not been recieving any recent feedback.

I will post any information required to get this fixed as this error is ongoing.

Please Help!!!!

Author

Commented:
Is there anyway to add more points to this question???? Maybe make it more worth while?

I currently have tech's from IBM and a local computer company looking into this problem as well so if there is anyone is the experts exchange comunity that has come accross WMI Errors befor please help.
Most Valuable Expert 2011
Top Expert 2011
Commented:
We are still here with you... Every WMI error I have had was resolved by a suggestion in the link I posted unfortunately...

Author

Commented:
I appreciate all your help John, I tried the different solutions from the docs you sent me. Unfortunately recreating my wmi repository caused huge problems with my network. If this was just a windowsXP workstation it would have worked perfectly but as this is a server all conections were lost and could not be restored even after reattaching the dll's and exe's in the wbem folder.

This did resolve the wmi error but created so many more problems that a complete rebuild of the server would be more effective. In the end I reset the old repository inorder to keep my business network running (slowly) but running.

Author

Commented:
I'll give you the points john since your the only one that helped.

thanks
Most Valuable Expert 2011
Top Expert 2011

Commented:
I appreciate the award.  Wish we could have been more help...

Commented:
This is a known bug with 2003 SBS and WMI.

If you followed the steps to fix the error and still same issue, I bet if you tried to connect to a workstation with WMI it will not work.  Well, here is the simple fix:

1.  Remove workstation from domain and reboot.
2.  Add workstation back to domain and reboot.

You will have to do this to every workstation that you can't connect via WMI.  Once completed, the errors will be gone.

Oh yes, this is not fun.  I'm a MSP and had this happend to every one of my customers we monitor who have 2003 SBS.  

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial