Link to home
Start Free TrialLog in
Avatar of BRUNO_DENAEYER
BRUNO_DENAEYERFlag for Belgium

asked on

WMI Query Problem W2k3SBS

Dear all,

I Expect actually some problems with a W2k3 SBS Server and WMI Query.

I Have try the following procedure but that's not solve the problem.

    * cd /d %windir%\system32\wbem
    * for %i in (*.dll) do RegSvr32 -s %i
    * for %i in (*.exe) do %i /RegServer


Could you help me?

See error I receive bellow.

Thanks in advance.
Event Type:	Error
Event Source:	MSExchangeSA
Event Category:	Monitoring 
Event ID:	9097
Date:		28/01/2010
Time:		10:52:17
User:		N/A
Computer:	SERVER
Description:
The MAD Monitoring thread was unable to connect to WMI, error '0x80070005'. 

For more information, click http://www.microsoft.com/contentredirect.asp.

Open in new window

Avatar of Andres Perales
Andres Perales
Flag of United States of America image

Have you tried a reboot? If not reboot the server, then verify again.  If still having problem, then see below:
http://www.eventid.net/display.asp?eventid=9097&eventno=943&source=MSExchangeSA&phase=1
and
http://support.microsoft.com/kb/288590
 
0x80070005 indicates a DCOM permissions issue which can sometimes be caused by blank passwords.

It can also be caused by GPO configuration. Do you use group policies or have you made changes recently?

Avatar of RobSampson
On the machine, please check that DCOM is enabled, and make sure it has the correct permissions to allow COM objects to run.  Click Start --> Settings --> Control Panel --> Administrative Tools --> Component Services
Then expand Component Services --> Computers --> My Computer
Right click My Computer, go to Properties.  On the Default Properties tab, check the Enable Distributed COM on this computer box.
Then on the COM Security tab, click Edit Default... under Launch and Activation Permissions and make sure the Local Administrators group has Full Access.
Then make sure that your domain account is in the Local Administrators group in Computer Management.  Restart the system and try again.

Also, just double check the registry setting for DCOM is enabled:
HKLM\Software\Microsoft\OLE\
String value: EnableDCOM
should be Y

Also have a look at the WMI Diagnostic tool:
http://www.microsoft.com/downloads/details.aspx?familyid=d7ba3cd6-18d1-4d05-b11e-4c64192ae97d

Regards,

Rob.
Avatar of BRUNO_DENAEYER

ASKER

Dear rob,

I have try your solution but nothing change.
I have launch the WMIDiag and solve what I can.

In the following report some error subsists but i don't know how to fix it.

Thanks for your help.

33449 14:17:34 (0) ** WMIDiag v2.0 started on vendredi 29 janvier 2010 at 14:09.
33450 14:17:34 (0) ** 
33451 14:17:34 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - January 2007.
33452 14:17:34 (0) ** 
33453 14:17:34 (0) ** This script is not supported under any Microsoft standard support program or service.
33454 14:17:34 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
33455 14:17:34 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
33456 14:17:34 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
33457 14:17:34 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
33458 14:17:34 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
33459 14:17:34 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
33460 14:17:34 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
33461 14:17:34 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
33462 14:17:34 (0) ** of the possibility of such damages.
33463 14:17:34 (0) ** 
33464 14:17:34 (0) ** 
33465 14:17:34 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33466 14:17:34 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
33467 14:17:34 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33468 14:17:34 (0) ** 
33469 14:17:34 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33470 14:17:34 (0) ** Windows Server 2003 - No service pack - 32-bit (3790) - User 'DOMAIN\ADMINISTRATOR' on computer 'SERVER'.
33471 14:17:34 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33472 14:17:34 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)!
33473 14:17:34 (0) ** INFO: => 2 incorrect shutdown(s) detected on:
33474 14:17:34 (0) **          - Shutdown on 14 October 2009 14:26:57 (GMT+2).
33475 14:17:34 (0) **          - Shutdown on 19 November 2009 12:39:43 (GMT+1).
33476 14:17:34 (0) ** 
33477 14:17:34 (0) ** System drive: ....................................................................................................... C: (Disk #0 Partition #1).
33478 14:17:34 (0) ** Drive type: ......................................................................................................... SCSI (PERC LD 0 PERCRAID SCSI Disk Device).
33479 14:17:34 (0) ** There are no missing WMI system files: .............................................................................. OK.
33480 14:17:34 (0) ** There are no missing WMI repository files: .......................................................................... OK.
33481 14:17:34 (0) ** WMI repository state: ............................................................................................... N/A.
33482 14:17:34 (0) ** BEFORE running WMIDiag:
33483 14:17:34 (0) ** The WMI repository has a size of: ................................................................................... 15 MB.
33484 14:17:34 (0) ** - Disk free space on 'C:': .......................................................................................... 5341 MB.
33485 14:17:34 (0) **   - INDEX.BTR,                     2129920 bytes,      29/01/2010 14:02:30
33486 14:17:34 (0) **   - MAPPING.VER,                   4 bytes,            29/01/2010 14:02:30
33487 14:17:34 (0) **   - MAPPING1.MAP,                  7640 bytes,         29/01/2010 14:02:30
33488 14:17:34 (0) **   - MAPPING2.MAP,                  7640 bytes,         29/01/2010 14:02:23
33489 14:17:34 (0) **   - OBJECTS.DATA,                  13418496 bytes,     29/01/2010 14:02:30
33490 14:17:34 (0) ** AFTER running WMIDiag:
33491 14:17:34 (0) ** The WMI repository has a size of: ................................................................................... 15 MB.
33492 14:17:34 (0) ** - Disk free space on 'C:': .......................................................................................... 5325 MB.
33493 14:17:34 (0) **   - INDEX.BTR,                     2129920 bytes,      29/01/2010 14:02:30
33494 14:17:34 (0) **   - MAPPING.VER,                   4 bytes,            29/01/2010 14:02:30
33495 14:17:34 (0) **   - MAPPING1.MAP,                  7640 bytes,         29/01/2010 14:02:30
33496 14:17:34 (0) **   - MAPPING2.MAP,                  7640 bytes,         29/01/2010 14:02:23
33497 14:17:34 (0) **   - OBJECTS.DATA,                  13418496 bytes,     29/01/2010 14:02:30
33498 14:17:34 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33499 14:17:34 (0) ** Windows Firewall: ................................................................................................... NOT INSTALLED.
33500 14:17:34 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33501 14:17:34 (0) ** DCOM Status: ........................................................................................................ OK.
33502 14:17:34 (0) ** WMI registry setup: ................................................................................................. OK.
33503 14:17:34 (0) ** INFO: WMI service has dependents: ................................................................................... 1 SERVICE(S)!
33504 14:17:34 (0) ** - Exchange Management Service (MSEXCHANGEMGMT, StartMode='Automatic')
33505 14:17:34 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
33506 14:17:34 (0) **    Note: If the service is marked with (*), it means that the service/application uses WMI but
33507 14:17:34 (0) **          there is no hard dependency on WMI. However, if the WMI service is stopped,
33508 14:17:34 (0) **          this can prevent the service/application to work as expected.
33509 14:17:34 (0) ** 
33510 14:17:34 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
33511 14:17:34 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
33512 14:17:34 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33513 14:17:34 (0) ** WMI service DCOM setup: ............................................................................................. OK.
33514 14:17:34 (0) ** WMI components DCOM registrations: .................................................................................. OK.
33515 14:17:34 (0) ** WMI ProgID registrations: ........................................................................................... OK.
33516 14:17:34 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
33517 14:17:34 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
33518 14:17:34 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
33519 14:17:34 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
33520 14:17:34 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33521 14:17:34 (0) ** WMI namespace security for 'ROOT/PERFMON': .......................................................................... MODIFIED.
33522 14:17:34 (1) !! ERROR: Default trustee 'BUILTIN\PERFORMANCE LOG USERS' has been REMOVED!
33523 14:17:34 (0) **        - REMOVED ACE:
33524 14:17:34 (0) **          ACEType:  &h0
33525 14:17:34 (0) **                    ACCESS_ALLOWED_ACE_TYPE
33526 14:17:34 (0) **          ACEFlags: &h12
33527 14:17:34 (0) **                    CONTAINER_INHERIT_ACE
33528 14:17:34 (0) **                    INHERITED_ACE
33529 14:17:34 (0) **          ACEMask:  &h23
33530 14:17:34 (0) **                    WBEM_ENABLE
33531 14:17:34 (0) **                    WBEM_METHOD_EXECUTE
33532 14:17:34 (0) **                    WBEM_REMOTE_ACCESS
33533 14:17:34 (0) ** 
33534 14:17:34 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
33535 14:17:34 (0) **    Removing default security will cause some operations to fail!
33536 14:17:34 (0) **    It is possible to fix this issue by editing the security descriptor and adding the ACE.
33537 14:17:34 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
33538 14:17:34 (0) ** 
33539 14:17:34 (0) ** WMI namespace security for 'ROOT/RSOP': ............................................................................. MODIFIED.
33540 14:17:34 (1) !! ERROR: Actual trustee 'NT AUTHORITY\NETWORK SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default)
33541 14:17:34 (0) **        - ACTUAL ACE:
33542 14:17:34 (0) **          ACEType:  &h0
33543 14:17:34 (0) **                    ACCESS_ALLOWED_ACE_TYPE
33544 14:17:34 (0) **          ACEFlags: &h12
33545 14:17:34 (0) **                    CONTAINER_INHERIT_ACE
33546 14:17:34 (0) **                    INHERITED_ACE
33547 14:17:34 (0) **          ACEMask:  &h13
33548 14:17:34 (0) **                    WBEM_ENABLE
33549 14:17:34 (0) **                    WBEM_METHOD_EXECUTE
33550 14:17:34 (0) **                    WBEM_WRITE_PROVIDER
33551 14:17:34 (0) **        - EXPECTED ACE:
33552 14:17:34 (0) **          ACEType:  &h0
33553 14:17:34 (0) **                    ACCESS_ALLOWED_ACE_TYPE
33554 14:17:34 (0) **          ACEFlags: &h12
33555 14:17:34 (0) **                    CONTAINER_INHERIT_ACE
33556 14:17:34 (0) **                    INHERITED_ACE
33557 14:17:34 (0) **          ACEMask:  &h6003F
33558 14:17:34 (0) **                    WBEM_ENABLE
33559 14:17:34 (0) **                    WBEM_METHOD_EXECUTE
33560 14:17:34 (0) **                    WBEM_FULL_WRITE_REP
33561 14:17:34 (0) **                    WBEM_PARTIAL_WRITE_REP
33562 14:17:34 (0) **                    WBEM_WRITE_PROVIDER
33563 14:17:34 (0) **                    WBEM_REMOTE_ACCESS
33564 14:17:34 (0) **                    WBEM_WRITE_DAC
33565 14:17:34 (0) **                    WBEM_READ_CONTROL
33566 14:17:34 (0) ** 
33567 14:17:34 (0) ** => The actual ACE has the right(s) '&h6002C WBEM_FULL_WRITE_REP WBEM_PARTIAL_WRITE_REP WBEM_REMOTE_ACCESS WBEM_WRITE_DAC WBEM_READ_CONTROL' removed!
33568 14:17:34 (0) **    This will cause some operations to fail!
33569 14:17:34 (0) **    It is possible to fix this issue by editing the security descriptor and adding the removed right.
33570 14:17:34 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
33571 14:17:34 (0) ** 
33572 14:17:34 (0) ** WMI namespace security for 'ROOT/RSOP': ............................................................................. MODIFIED.
33573 14:17:34 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED!
33574 14:17:34 (0) **        - REMOVED ACE:
33575 14:17:34 (0) **          ACEType:  &h0
33576 14:17:34 (0) **                    ACCESS_ALLOWED_ACE_TYPE
33577 14:17:34 (0) **          ACEFlags: &h12
33578 14:17:34 (0) **                    CONTAINER_INHERIT_ACE
33579 14:17:34 (0) **                    INHERITED_ACE
33580 14:17:34 (0) **          ACEMask:  &h6003F
33581 14:17:34 (0) **                    WBEM_ENABLE
33582 14:17:34 (0) **                    WBEM_METHOD_EXECUTE
33583 14:17:34 (0) **                    WBEM_FULL_WRITE_REP
33584 14:17:34 (0) **                    WBEM_PARTIAL_WRITE_REP
33585 14:17:34 (0) **                    WBEM_WRITE_PROVIDER
33586 14:17:34 (0) **                    WBEM_REMOTE_ACCESS
33587 14:17:34 (0) **                    WBEM_WRITE_DAC
33588 14:17:34 (0) **                    WBEM_READ_CONTROL
33589 14:17:34 (0) ** 
33590 14:17:34 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
33591 14:17:34 (0) **    Removing default security will cause some operations to fail!
33592 14:17:34 (0) **    It is possible to fix this issue by editing the security descriptor and adding the ACE.
33593 14:17:34 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
33594 14:17:34 (0) ** 
33595 14:17:34 (0) ** WMI namespace security for 'ROOT/RSOP': ............................................................................. MODIFIED.
33596 14:17:34 (1) !! ERROR: Default trustee 'NT AUTHORITY\AUTHENTICATED USERS' has been REMOVED!
33597 14:17:34 (0) **        - REMOVED ACE:
33598 14:17:34 (0) **          ACEType:  &h0
33599 14:17:34 (0) **                    ACCESS_ALLOWED_ACE_TYPE
33600 14:17:34 (0) **          ACEFlags: &h12
33601 14:17:34 (0) **                    CONTAINER_INHERIT_ACE
33602 14:17:34 (0) **                    INHERITED_ACE
33603 14:17:34 (0) **          ACEMask:  &h23
33604 14:17:34 (0) **                    WBEM_ENABLE
33605 14:17:34 (0) **                    WBEM_METHOD_EXECUTE
33606 14:17:34 (0) **                    WBEM_REMOTE_ACCESS
33607 14:17:34 (0) ** 
33608 14:17:34 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
33609 14:17:34 (0) **    Removing default security will cause some operations to fail!
33610 14:17:34 (0) **    It is possible to fix this issue by editing the security descriptor and adding the ACE.
33611 14:17:34 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
33612 14:17:34 (0) ** 
33613 14:17:34 (0) ** WMI namespace security for 'ROOT/RSOP/USER': ........................................................................ MODIFIED.
33614 14:17:34 (1) !! ERROR: Actual trustee 'NT AUTHORITY\NETWORK SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default)
33615 14:17:34 (0) **        - ACTUAL ACE:
33616 14:17:34 (0) **          ACEType:  &h0
33617 14:17:34 (0) **                    ACCESS_ALLOWED_ACE_TYPE
33618 14:17:34 (0) **          ACEFlags: &h12
33619 14:17:34 (0) **                    CONTAINER_INHERIT_ACE
33620 14:17:34 (0) **                    INHERITED_ACE
33621 14:17:34 (0) **          ACEMask:  &h13
33622 14:17:34 (0) **                    WBEM_ENABLE
33623 14:17:34 (0) **                    WBEM_METHOD_EXECUTE
33624 14:17:34 (0) **                    WBEM_WRITE_PROVIDER
33625 14:17:34 (0) **        - EXPECTED ACE:
33626 14:17:34 (0) **          ACEType:  &h0
33627 14:17:34 (0) **                    ACCESS_ALLOWED_ACE_TYPE
33628 14:17:34 (0) **          ACEFlags: &h12
33629 14:17:34 (0) **                    CONTAINER_INHERIT_ACE
33630 14:17:34 (0) **                    INHERITED_ACE
33631 14:17:34 (0) **          ACEMask:  &h6003F
33632 14:17:34 (0) **                    WBEM_ENABLE
33633 14:17:34 (0) **                    WBEM_METHOD_EXECUTE
33634 14:17:34 (0) **                    WBEM_FULL_WRITE_REP
33635 14:17:34 (0) **                    WBEM_PARTIAL_WRITE_REP
33636 14:17:34 (0) **                    WBEM_WRITE_PROVIDER
33637 14:17:34 (0) **                    WBEM_REMOTE_ACCESS
33638 14:17:34 (0) **                    WBEM_WRITE_DAC
33639 14:17:34 (0) **                    WBEM_READ_CONTROL
33640 14:17:34 (0) ** 
33641 14:17:34 (0) ** => The actual ACE has the right(s) '&h6002C WBEM_FULL_WRITE_REP WBEM_PARTIAL_WRITE_REP WBEM_REMOTE_ACCESS WBEM_WRITE_DAC WBEM_READ_CONTROL' removed!
33642 14:17:34 (0) **    This will cause some operations to fail!
33643 14:17:34 (0) **    It is possible to fix this issue by editing the security descriptor and adding the removed right.
33644 14:17:34 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
33645 14:17:34 (0) ** 
33646 14:17:34 (0) ** WMI namespace security for 'ROOT/RSOP/USER': ........................................................................ MODIFIED.
33647 14:17:34 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED!
33648 14:17:34 (0) **        - REMOVED ACE:
33649 14:17:34 (0) **          ACEType:  &h0
33650 14:17:34 (0) **                    ACCESS_ALLOWED_ACE_TYPE
33651 14:17:34 (0) **          ACEFlags: &h12
33652 14:17:34 (0) **                    CONTAINER_INHERIT_ACE
33653 14:17:34 (0) **                    INHERITED_ACE
33654 14:17:34 (0) **          ACEMask:  &h6003F
33655 14:17:34 (0) **                    WBEM_ENABLE
33656 14:17:34 (0) **                    WBEM_METHOD_EXECUTE
33657 14:17:34 (0) **                    WBEM_FULL_WRITE_REP
33658 14:17:34 (0) **                    WBEM_PARTIAL_WRITE_REP
33659 14:17:34 (0) **                    WBEM_WRITE_PROVIDER
33660 14:17:34 (0) **                    WBEM_REMOTE_ACCESS
33661 14:17:34 (0) **                    WBEM_WRITE_DAC
33662 14:17:34 (0) **                    WBEM_READ_CONTROL
33663 14:17:34 (0) ** 
33664 14:17:34 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
33665 14:17:34 (0) **    Removing default security will cause some operations to fail!
33666 14:17:34 (0) **    It is possible to fix this issue by editing the security descriptor and adding the ACE.
33667 14:17:34 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
33668 14:17:34 (0) ** 
33669 14:17:34 (0) ** WMI namespace security for 'ROOT/RSOP/COMPUTER': .................................................................... MODIFIED.
33670 14:17:34 (1) !! ERROR: Actual trustee 'NT AUTHORITY\NETWORK SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default)
33671 14:17:34 (0) **        - ACTUAL ACE:
33672 14:17:34 (0) **          ACEType:  &h0
33673 14:17:34 (0) **                    ACCESS_ALLOWED_ACE_TYPE
33674 14:17:34 (0) **          ACEFlags: &h12
33675 14:17:34 (0) **                    CONTAINER_INHERIT_ACE
33676 14:17:34 (0) **                    INHERITED_ACE
33677 14:17:34 (0) **          ACEMask:  &h13
33678 14:17:34 (0) **                    WBEM_ENABLE
33679 14:17:34 (0) **                    WBEM_METHOD_EXECUTE
33680 14:17:34 (0) **                    WBEM_WRITE_PROVIDER
33681 14:17:34 (0) **        - EXPECTED ACE:
33682 14:17:34 (0) **          ACEType:  &h0
33683 14:17:34 (0) **                    ACCESS_ALLOWED_ACE_TYPE
33684 14:17:34 (0) **          ACEFlags: &h12
33685 14:17:34 (0) **                    CONTAINER_INHERIT_ACE
33686 14:17:34 (0) **                    INHERITED_ACE
33687 14:17:34 (0) **          ACEMask:  &h6003F
33688 14:17:34 (0) **                    WBEM_ENABLE
33689 14:17:34 (0) **                    WBEM_METHOD_EXECUTE
33690 14:17:34 (0) **                    WBEM_FULL_WRITE_REP
33691 14:17:34 (0) **                    WBEM_PARTIAL_WRITE_REP
33692 14:17:34 (0) **                    WBEM_WRITE_PROVIDER
33693 14:17:34 (0) **                    WBEM_REMOTE_ACCESS
33694 14:17:34 (0) **                    WBEM_WRITE_DAC
33695 14:17:34 (0) **                    WBEM_READ_CONTROL
33696 14:17:34 (0) ** 
33697 14:17:34 (0) ** => The actual ACE has the right(s) '&h6002C WBEM_FULL_WRITE_REP WBEM_PARTIAL_WRITE_REP WBEM_REMOTE_ACCESS WBEM_WRITE_DAC WBEM_READ_CONTROL' removed!
33698 14:17:34 (0) **    This will cause some operations to fail!
33699 14:17:34 (0) **    It is possible to fix this issue by editing the security descriptor and adding the removed right.
33700 14:17:34 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
33701 14:17:34 (0) ** 
33702 14:17:34 (0) ** WMI namespace security for 'ROOT/RSOP/COMPUTER': .................................................................... MODIFIED.
33703 14:17:34 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED!
33704 14:17:34 (0) **        - REMOVED ACE:
33705 14:17:34 (0) **          ACEType:  &h0
33706 14:17:34 (0) **                    ACCESS_ALLOWED_ACE_TYPE
33707 14:17:34 (0) **          ACEFlags: &h12
33708 14:17:34 (0) **                    CONTAINER_INHERIT_ACE
33709 14:17:34 (0) **                    INHERITED_ACE
33710 14:17:34 (0) **          ACEMask:  &h6003F
33711 14:17:34 (0) **                    WBEM_ENABLE
33712 14:17:34 (0) **                    WBEM_METHOD_EXECUTE
33713 14:17:34 (0) **                    WBEM_FULL_WRITE_REP
33714 14:17:34 (0) **                    WBEM_PARTIAL_WRITE_REP
33715 14:17:34 (0) **                    WBEM_WRITE_PROVIDER
33716 14:17:34 (0) **                    WBEM_REMOTE_ACCESS
33717 14:17:34 (0) **                    WBEM_WRITE_DAC
33718 14:17:34 (0) **                    WBEM_READ_CONTROL
33719 14:17:34 (0) ** 
33720 14:17:34 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
33721 14:17:34 (0) **    Removing default security will cause some operations to fail!
33722 14:17:34 (0) **    It is possible to fix this issue by editing the security descriptor and adding the ACE.
33723 14:17:34 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
33724 14:17:34 (0) ** 
33725 14:17:34 (0) ** WMI namespace security for 'ROOT/ASPNET': ........................................................................... MODIFIED.
33726 14:17:34 (1) !! ERROR: Actual trustee 'NT AUTHORITY\NETWORK SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default)
33727 14:17:34 (0) **        - ACTUAL ACE:
33728 14:17:34 (0) **          ACEType:  &h0
33729 14:17:34 (0) **                    ACCESS_ALLOWED_ACE_TYPE
33730 14:17:34 (0) **          ACEFlags: &h12
33731 14:17:34 (0) **                    CONTAINER_INHERIT_ACE
33732 14:17:34 (0) **                    INHERITED_ACE
33733 14:17:34 (0) **          ACEMask:  &h13
33734 14:17:34 (0) **                    WBEM_ENABLE
33735 14:17:34 (0) **                    WBEM_METHOD_EXECUTE
33736 14:17:34 (0) **                    WBEM_WRITE_PROVIDER
33737 14:17:34 (0) **        - EXPECTED ACE:
33738 14:17:34 (0) **          ACEType:  &h0
33739 14:17:34 (0) **                    ACCESS_ALLOWED_ACE_TYPE
33740 14:17:34 (0) **          ACEFlags: &h12
33741 14:17:34 (0) **                    CONTAINER_INHERIT_ACE
33742 14:17:34 (0) **                    INHERITED_ACE
33743 14:17:34 (0) **          ACEMask:  &h33
33744 14:17:34 (0) **                    WBEM_ENABLE
33745 14:17:34 (0) **                    WBEM_METHOD_EXECUTE
33746 14:17:34 (0) **                    WBEM_WRITE_PROVIDER
33747 14:17:34 (0) **                    WBEM_REMOTE_ACCESS
33748 14:17:34 (0) ** 
33749 14:17:34 (0) ** => The actual ACE has the right(s) '&h20 WBEM_REMOTE_ACCESS' removed!
33750 14:17:34 (0) **    This will cause some operations to fail!
33751 14:17:34 (0) **    It is possible to fix this issue by editing the security descriptor and adding the removed right.
33752 14:17:34 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
33753 14:17:34 (0) ** 
33754 14:17:34 (0) ** WMI namespace security for 'ROOT/ASPNET': ........................................................................... MODIFIED.
33755 14:17:34 (1) !! ERROR: Actual trustee 'NT AUTHORITY\LOCAL SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default)
33756 14:17:34 (0) **        - ACTUAL ACE:
33757 14:17:34 (0) **          ACEType:  &h0
33758 14:17:34 (0) **                    ACCESS_ALLOWED_ACE_TYPE
33759 14:17:34 (0) **          ACEFlags: &h12
33760 14:17:34 (0) **                    CONTAINER_INHERIT_ACE
33761 14:17:34 (0) **                    INHERITED_ACE
33762 14:17:34 (0) **          ACEMask:  &h13
33763 14:17:34 (0) **                    WBEM_ENABLE
33764 14:17:34 (0) **                    WBEM_METHOD_EXECUTE
33765 14:17:34 (0) **                    WBEM_WRITE_PROVIDER
33766 14:17:34 (0) **        - EXPECTED ACE:
33767 14:17:34 (0) **          ACEType:  &h0
33768 14:17:34 (0) **                    ACCESS_ALLOWED_ACE_TYPE
33769 14:17:34 (0) **          ACEFlags: &h12
33770 14:17:34 (0) **                    CONTAINER_INHERIT_ACE
33771 14:17:34 (0) **                    INHERITED_ACE
33772 14:17:34 (0) **          ACEMask:  &h33
33773 14:17:34 (0) **                    WBEM_ENABLE
33774 14:17:34 (0) **                    WBEM_METHOD_EXECUTE
33775 14:17:34 (0) **                    WBEM_WRITE_PROVIDER
33776 14:17:34 (0) **                    WBEM_REMOTE_ACCESS
33777 14:17:34 (0) ** 
33778 14:17:34 (0) ** => The actual ACE has the right(s) '&h20 WBEM_REMOTE_ACCESS' removed!
33779 14:17:34 (0) **    This will cause some operations to fail!
33780 14:17:34 (0) **    It is possible to fix this issue by editing the security descriptor and adding the removed right.
33781 14:17:34 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
33782 14:17:34 (0) ** 
33783 14:17:34 (0) ** 
33784 14:17:34 (0) ** DCOM security warning(s) detected: .................................................................................. 0.
33785 14:17:34 (0) ** DCOM security error(s) detected: .................................................................................... 0.
33786 14:17:34 (0) ** WMI security warning(s) detected: ................................................................................... 0.
33787 14:17:34 (0) ** WMI security error(s) detected: ..................................................................................... 10.
33788 14:17:34 (0) ** 
33789 14:17:34 (0) ** Overall DCOM security status: ....................................................................................... OK.
33790 14:17:34 (1) !! ERROR: Overall WMI security status: ................................................................................. ERROR!
33791 14:17:34 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
33792 14:17:34 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 65.
33793 14:17:34 (0) ** - ROOT/CIMV2/MICROSOFTHEALTHMONITOR, MicrosoftHM_PermConsumer.Name="HealthMon".
33794 14:17:34 (0) **   'select * from __InstanceCreationEvent where TargetInstance isa "MicrosoftHM_ConfigurationAssociation"'
33795 14:17:34 (0) ** - ROOT/CIMV2/MICROSOFTHEALTHMONITOR, MicrosoftHM_PermConsumer.Name="HealthMon".
33796 14:17:34 (0) **   'select * from __TimerEvent where TimerId="MicrosoftHM_Timer"'
33797 14:17:34 (0) ** - ROOT/CIMV2/MICROSOFTHEALTHMONITOR, MicrosoftHM_PermConsumer.Name="HealthMon".
33798 14:17:34 (0) **   'select * from __InstanceModificationEvent where TargetInstance isa "MicrosoftHM_ActionConfiguration"'
33799 14:17:34 (0) ** - ROOT/CIMV2/MICROSOFTHEALTHMONITOR, MicrosoftHM_PermConsumer.Name="HealthMon".
33800 14:17:34 (0) **   'select * from __InstanceModificationEvent where TargetInstance isa "MicrosoftHM_SystemConfiguration"'
33801 14:17:34 (0) ** - ROOT/CIMV2/MICROSOFTHEALTHMONITOR, MicrosoftHM_PermConsumer.Name="HealthMon".
33802 14:17:34 (0) **   'select * from __InstanceCreationEvent where TargetInstance isa "MicrosoftHM_ActionConfiguration"'
33803 14:17:34 (0) ** - ROOT/CIMV2/MICROSOFTHEALTHMONITOR, MicrosoftHM_PermConsumer.Name="HealthMon".
33804 14:17:34 (0) **   'select * from __InstanceCreationEvent where TargetInstance isa "MicrosoftHM_ConfigurationActionAssociation"'
33805 14:17:34 (0) ** - ROOT/CIMV2/MICROSOFTHEALTHMONITOR, MicrosoftHM_PermConsumer.Name="HealthMon".
33806 14:17:34 (0) **   'select * from __InstanceDeletionEvent where TargetInstance isa "MicrosoftHM_ConfigurationActionAssociation"'
33807 14:17:34 (0) ** - ROOT/CIMV2/MICROSOFTHEALTHMONITOR, MicrosoftHM_PermConsumer.Name="HealthMon".
33808 14:17:34 (0) **   'select * from __InstanceModificationEvent where TargetInstance isa "MicrosoftHM_DataGroupConfiguration"'
33809 14:17:34 (0) ** - ROOT/CIMV2/MICROSOFTHEALTHMONITOR, MicrosoftHM_PermConsumer.Name="HealthMon".
33810 14:17:34 (0) **   'select * from __InstanceModificationEvent where TargetInstance isa "MicrosoftHM_DataCollectorConfiguration"'
33811 14:17:34 (0) ** - ROOT/CIMV2/MICROSOFTHEALTHMONITOR, MicrosoftHM_PermConsumer.Name="HealthMon".
33812 14:17:34 (0) **   'select * from __InstanceModificationEvent where TargetInstance isa "MicrosoftHM_ThresholdConfiguration"'
33813 14:17:34 (0) ** - ROOT/CIMV2/MICROSOFTHEALTHMONITOR, MicrosoftHM_PermConsumer.Name="HealthMon".
33814 14:17:34 (0) **   'select * from __InstanceModificationEvent where TargetInstance isa "MicrosoftHM_ConfigurationActionAssociation"'
33815 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA44".
33816 14:17:34 (0) **   'select * from MSMCAEvent_InvalidError where (type = 2147811432) and (LogToEventlog <> 0)'
33817 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA23".
33818 14:17:34 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553235) and (LogToEventlog <> 0)'
33819 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA32".
33820 14:17:34 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811420) and (LogToEventlog <> 0)'
33821 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA14".
33822 14:17:34 (0) **   'select * from MSMCAEvent_MemoryError where (type = 2147811402) and (LogToEventlog <> 0)'
33823 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA37".
33824 14:17:34 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553249) and (LogToEventlog <> 0)'
33825 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer".
33826 14:17:34 (0) **   'select * from MSFT_SCMEventLogEvent'
33827 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA5".
33828 14:17:34 (0) **   'select * from MSMCAEvent_CPUError where (type = 3221553217) and (LogToEventlog <> 0)'
33829 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA18".
33830 14:17:34 (0) **   'select * from MSMCAEvent_SystemEventError where (type = 2147811406) and (LogToEventlog <> 0)'
33831 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA3".
33832 14:17:34 (0) **   'select * from MSMCAEvent_CPUError where (type = 3221553215) and (LogToEventlog <> 0)'
33833 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA41".
33834 14:17:34 (0) **   'select * from MSMCAEvent_SMBIOSError where (type = 3221553253) and (LogToEventlog <> 0)'
33835 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA26".
33836 14:17:34 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811414) and (LogToEventlog <> 0)'
33837 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA36".
33838 14:17:34 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811424) and (LogToEventlog <> 0)'
33839 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA9".
33840 14:17:34 (0) **   'select * from MSMCAEvent_CPUError where (type = 3221553221) and (LogToEventlog <> 0) and not ((MSSid = 0) and ((MsOp <> 3) or (MSOp <> 4)))'
33841 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA10".
33842 14:17:34 (0) **   'select * from MSMCAEvent_MemoryError where (type = 2147811398) and (LogToEventlog <> 0)'
33843 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA17".
33844 14:17:34 (0) **   'select * from MSMCAEvent_MemoryError where (type = 3221553229) and (LogToEventlog <> 0)'
33845 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA1".
33846 14:17:34 (0) **   'select * from MSMCAEvent_CPUError where (type = 3221553213) and (LogToEventlog <> 0)'
33847 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA42".
33848 14:17:34 (0) **   'select * from MSMCAEvent_PlatformSpecificError where (type = 2147811430) and (LogToEventlog <> 0)'
33849 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA4".
33850 14:17:34 (0) **   'select * from MSMCAEvent_CPUError where (type = 2147811392) and (LogToEventlog <> 0)'
33851 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA25".
33852 14:17:34 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553237) and (LogToEventlog <> 0)'
33853 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA49".
33854 14:17:34 (0) **   'select * from MSMCAEvent_CPUError where (MajorErrorType = 4) and (MSSid = 0) and (MSOp = 4) and (LogToEventlog <> 0)'
33855 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA27".
33856 14:17:34 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553239) and (LogToEventlog <> 0)'
33857 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA45".
33858 14:17:34 (0) **   'select * from MSMCAEvent_InvalidError where (type = 3221553257) and (LogToEventlog <> 0)'
33859 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA8".
33860 14:17:34 (0) **   'select * from MSMCAEvent_CPUError where (type = 2147811396) and (LogToEventlog <> 0) and not ((MSSid = 0) and ((MsOp <> 3) or (MSOp <> 4)))'
33861 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA40".
33862 14:17:34 (0) **   'select * from MSMCAEvent_SMBIOSError where (type = 2147811428) and (LogToEventlog <> 0)'
33863 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA39".
33864 14:17:34 (0) **   'select * from MSMCAEvent_PCIComponentError where (type = 3221553251) and (LogToEventlog <> 0)'
33865 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA29".
33866 14:17:34 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553241) and (LogToEventlog <> 0)'
33867 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA20".
33868 14:17:34 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811408) and (LogToEventlog <> 0)'
33869 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA48".
33870 14:17:34 (0) **   'select * from MSMCAEvent_CPUError where (MajorErrorType = 4) and (MSSid = 0) and (MSOp = 3) and (LogToEventlog <> 0)'
33871 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA28".
33872 14:17:34 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811416) and (LogToEventlog <> 0)'
33873 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA33".
33874 14:17:34 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553245) and (LogToEventlog <> 0)'
33875 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA7".
33876 14:17:34 (0) **   'select * from MSMCAEvent_CPUError where (type = 3221553219) and (LogToEventlog <> 0)'
33877 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA16".
33878 14:17:34 (0) **   'select * from MSMCAEvent_MemoryError where (type = 2147811404) and (LogToEventlog <> 0)'
33879 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA43".
33880 14:17:34 (0) **   'select * from MSMCAEvent_PlatformSpecificError where (type = 3221553255) and (LogToEventlog <> 0)'
33881 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA21".
33882 14:17:34 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553233) and (LogToEventlog <> 0)'
33883 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA6".
33884 14:17:34 (0) **   'select * from MSMCAEvent_CPUError where (type = 2147811394) and (LogToEventlog <> 0)'
33885 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA31".
33886 14:17:34 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553243) and (LogToEventlog <> 0)'
33887 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA12".
33888 14:17:34 (0) **   'select * from MSMCAEvent_MemoryError where (type = 2147811400) and (LogToEventlog <> 0)'
33889 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA46".
33890 14:17:34 (0) **   'select * from MSMCAEvent_InvalidError where (type = 2147811434) and (LogToEventlog <> 0)'
33891 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA47".
33892 14:17:34 (0) **   'select * from MSMCAEvent_InvalidError where (type = 3221553259) and (LogToEventlog <> 0)'
33893 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA35".
33894 14:17:34 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553247) and (LogToEventlog <> 0)'
33895 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA0".
33896 14:17:34 (0) **   'select * from MSMCAEvent_CPUError where (type = 2147811388) and (LogToEventlog <> 0)'
33897 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA19".
33898 14:17:34 (0) **   'select * from MSMCAEvent_SystemEventError where (type = 3221553231) and (LogToEventlog <> 0)'
33899 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA11".
33900 14:17:34 (0) **   'select * from MSMCAEvent_MemoryError where (type = 3221553223) and (LogToEventlog <> 0)'
33901 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA52".
33902 14:17:34 (0) **   'select * from MSMCAEvent_MemoryPageRemoved'
33903 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA30".
33904 14:17:34 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811418) and (LogToEventlog <> 0)'
33905 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA15".
33906 14:17:34 (0) **   'select * from MSMCAEvent_MemoryError where (type = 3221553227) and (LogToEventlog <> 0)'
33907 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA38".
33908 14:17:34 (0) **   'select * from MSMCAEvent_PCIComponentError where (type = 2147811426) and (LogToEventlog <> 0)'
33909 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA34".
33910 14:17:34 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811422) and (LogToEventlog <> 0)'
33911 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA2".
33912 14:17:34 (0) **   'select * from MSMCAEvent_CPUError where (type = 2147811390) and (LogToEventlog <> 0)'
33913 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA22".
33914 14:17:34 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811410) and (LogToEventlog <> 0)'
33915 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA13".
33916 14:17:34 (0) **   'select * from MSMCAEvent_MemoryError where (type = 3221553225) and (LogToEventlog <> 0)'
33917 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA50".
33918 14:17:34 (0) **   'select * from MSMCAEvent_CPUError where (type = 2147811441) and (LogToEventlog <> 0)'
33919 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA51".
33920 14:17:34 (0) **   'select * from MSMCAEvent_CPUError where (type = 3221553266) and (LogToEventlog <> 0)'
33921 14:17:34 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA24".
33922 14:17:34 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811412) and (LogToEventlog <> 0)'
33923 14:17:34 (0) ** 
33924 14:17:34 (0) ** INFO: WMI TIMER instruction(s): ..................................................................................... 1.
33925 14:17:34 (0) ** - Interval: ROOT/CIMV2/MICROSOFTHEALTHMONITOR, 'MicrosoftHM_Timer', 10000'.
33926 14:17:34 (0) ** 
33927 14:17:34 (0) ** WMI ADAP status: .................................................................................................... OK.
33928 14:17:34 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: .................................................................... 2 NAMESPACE(S)!
33929 14:17:34 (0) ** - ROOT/SERVICEMODEL.
33930 14:17:34 (0) ** - ROOT/MICROSOFTIISV2.
33931 14:17:34 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to
33932 14:17:34 (0) **    use an encrypted connection by specifying the PACKET PRIVACY authentication level.
33933 14:17:34 (0) **    (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags)
33934 14:17:34 (0) **    i.e. 'WMIC.EXE /NODE:"SERVER" /AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\MICROSOFTIISV2 Class __SystemSecurity'
33935 14:17:34 (0) ** 
33936 14:17:34 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK.
33937 14:17:34 (0) ** WMI CONNECTIONS: .................................................................................................... OK.
33938 14:17:34 (0) ** WMI GET operations: ................................................................................................. OK.
33939 14:17:34 (0) ** WMI MOF representations: ............................................................................................ OK.
33940 14:17:34 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
33941 14:17:34 (0) ** WMI ENUMERATION operations: ......................................................................................... OK.
33942 14:17:34 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
33943 14:17:34 (0) ** WMI GET VALUE operations: ........................................................................................... OK.
33944 14:17:34 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
33945 14:17:34 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
33946 14:17:34 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
33947 14:17:34 (0) ** WMI static instances retrieved: ..................................................................................... 1702.
33948 14:17:34 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
33949 14:17:34 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 1.
33950 14:17:34 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33951 14:17:34 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
33952 14:17:34 (0) **   DCOM: ............................................................................................................. 0.
33953 14:17:34 (0) **   WINMGMT: .......................................................................................................... 25.
33954 14:17:34 (0) **   WMIADAPTER: ....................................................................................................... 0.
33955 14:17:34 (0) ** => Verify the WMIDiag LOG at line #32656 for more details.
33956 14:17:34 (0) ** 
33957 14:17:34 (0) ** # of additional Event Log events AFTER WMIDiag execution:
33958 14:17:34 (0) **   DCOM: ............................................................................................................. 0.
33959 14:17:34 (0) **   WINMGMT: .......................................................................................................... 0.
33960 14:17:34 (0) **   WMIADAPTER: ....................................................................................................... 0.
33961 14:17:34 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33962 14:17:34 (0) ** WMI Registry key setup: ............................................................................................. OK.
33963 14:17:34 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33964 14:17:34 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33965 14:17:34 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33966 14:17:34 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33967 14:17:34 (0) ** 
33968 14:17:34 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33969 14:17:34 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
33970 14:17:34 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33971 14:17:34 (0) ** 
33972 14:17:34 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!.  Check 'C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\WMIDIAG-V2.0_2003_.SRV.RTM.32_SERVER_2010.01.29_14.09.02.LOG' for details.
33973 14:17:34 (0) ** 
33974 14:17:34 (0) ** WMIDiag v2.0 ended on vendredi 29 janvier 2010 at 14:17 (W:104 E:12 S:1).

Open in new window

OK, well, in there, you have this:
!!ERROR: Overall WMI security status

From here:
https://www.experts-exchange.com/questions/23590407/WMI-Security-Issues.html

It appears you can run the following commands directly on the affected machine to reset the WMI Security Settings. They are both one line commands.

I have never tried it, so try to take a backup of your system, if possible.

If that doesn't work, then the above log also says you should check in this file:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\WMIDIAG-V2.0_2003_.SRV.RTM.32_SERVER_2010.01.29_14.09.02.LOG

and look at line #32656 for further details.

Regards,

Rob.
sc sdset winmgmt D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)

sc sdset wmi iD:(A;OICI;CCLCSWLORC;;;WD)(A;OICI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;OICI;CCDCLCSWLORC;;;PU)(A;OICI;CCLCSWRPLO;;;IU)(A;OICI;CCLCSWRPLO;;;BU)

Open in new window

Rob,

I have a lot of lines but i don't know what i need to solve.

32656 14:16:41 (3)    Querying event log to locate events older than 20 day(s) since samedi 9 janvier 2010 at 14:09.
32657 14:16:41 (3)    
32658 14:16:42 (3)      ZERO DCOM event.
32659 14:16:42 (4)      
32660 14:16:58 (3)      025 WINMGMT event(s):
32661 14:16:58 (4)      
32662 14:16:58 (3)        #839215: WINMGMT (00004) - Error - 29 January 2010 11:01:28 (GMT+1)
32663 14:16:58 (3)                 Failed to load MOF C:\WINDOWS\SYSTEM32\INETSRV\ASP.MFL while recovering
32664 14:16:58 (3)                 repository file.
32665 14:16:58 (3)        #839216: WINMGMT (00004) - Error - 29 January 2010 11:01:28 (GMT+1)
32666 14:16:58 (3)                 Failed to load MOF C:\WINDOWS\SYSTEM32\INETSRV\IISADMIN.MFL while recovering
32667 14:16:58 (3)                 repository file.
32668 14:16:58 (3)        #839217: WINMGMT (00004) - Error - 29 January 2010 11:01:29 (GMT+1)
32669 14:16:58 (3)                 Failed to load MOF C:\WINDOWS\SYSTEM32\INETSRV\W3CORE.MFL while recovering
32670 14:16:58 (3)                 repository file.
32671 14:16:58 (3)        #839218: WINMGMT (00004) - Error - 29 January 2010 11:01:29 (GMT+1)
32672 14:16:58 (3)                 Failed to load MOF C:\WINDOWS\SYSTEM32\INETSRV\W3DT.MFL while recovering
32673 14:16:58 (3)                 repository file.
32674 14:16:58 (3)        #839219: WINMGMT (00004) - Error - 29 January 2010 11:01:29 (GMT+1)
32675 14:16:58 (3)                 Failed to load MOF C:\WINDOWS\SYSTEM32\INETSRV\W3ISAPI.MFL while recovering
32676 14:16:58 (3)                 repository file.
32677 14:16:58 (3)        #839225: WINMGMT (00047) - Warning - 29 January 2010 11:05:20 (GMT+1)
32678 14:16:58 (3)                 WMI ADAP was unable to retrieve data from the PerfLib subkey: SYSTEM\CurrentControlSet\Services\Autocat\Performance\Library,
32679 14:16:58 (3)                 error code: 0x80041009
32680 14:16:58 (3)        #839226: WINMGMT (00042) - Warning - 29 January 2010 11:06:23 (GMT+1)
32681 14:16:58 (3)                 WMI ADAP was unable to create object Win32_PerfRawData_DNS_DNS for Performance
32682 14:16:58 (3)                 Library DNS because no value was found for property index 3194 in the
32683 14:16:58 (3)                 009 subkey
32684 14:16:58 (3)        #839227: WINMGMT (00040) - Warning - 29 January 2010 11:06:23 (GMT+1)
32685 14:16:58 (3)                 WMI ADAP was unable to create the object Win32_PerfRawData_DNS_DNS for
32686 14:16:58 (3)                 Performance Library DNS because error 0x80041001 was returned
32687 14:16:58 (3)        #839232: WINMGMT (00047) - Warning - 29 January 2010 11:09:33 (GMT+1)
32688 14:16:58 (3)                 WMI ADAP was unable to retrieve data from the PerfLib subkey: SYSTEM\CurrentControlSet\Services\MSSEARCH\Performance\Library,
32689 14:16:58 (3)                 error code: 0x80041009
32690 14:16:58 (3)        #839233: WINMGMT (00047) - Warning - 29 January 2010 11:09:33 (GMT+1)
32691 14:16:58 (3)                 WMI ADAP was unable to retrieve data from the PerfLib subkey: SYSTEM\CurrentControlSet\Services\MSSGatherer\Performance\Library,
32692 14:16:58 (3)                 error code: 0x80041009
32693 14:16:58 (3)        #839234: WINMGMT (00047) - Warning - 29 January 2010 11:09:33 (GMT+1)
32694 14:16:58 (3)                 WMI ADAP was unable to retrieve data from the PerfLib subkey: SYSTEM\CurrentControlSet\Services\MSSGTHRSVC\Performance\Library,
32695 14:16:58 (3)                 error code: 0x80041009
32696 14:16:58 (3)        #839235: WINMGMT (00047) - Warning - 29 January 2010 11:09:33 (GMT+1)
32697 14:16:58 (3)                 WMI ADAP was unable to retrieve data from the PerfLib subkey: SYSTEM\CurrentControlSet\Services\mssindex\Performance\Library,
32698 14:16:58 (3)                 error code: 0x80041009
32699 14:16:58 (3)        #839237: WINMGMT (00040) - Warning - 29 January 2010 11:12:59 (GMT+1)
32700 14:16:58 (3)                 WMI ADAP was unable to create the object Win32_PerfFormattedData_Perf_SmexPerfMonMgr_SMEXRealTimeCount
32701 14:16:58 (3)                 for Performance Library Perf_SmexPerfMonMgr because error 0x80041002 was
32702 14:16:58 (3)                 returned
32703 14:16:58 (3)        #839238: WINMGMT (00040) - Warning - 29 January 2010 11:12:59 (GMT+1)
32704 14:16:58 (3)                 WMI ADAP was unable to create the object Win32_PerfFormattedData_Perf_SmexPerfMonMgr_SMEXRealTimeCount
32705 14:16:58 (3)                 for Performance Library Perf_SmexPerfMonMgr because error 0x80041002 was
32706 14:16:58 (3)                 returned
32707 14:16:58 (3)        #839391: WINMGMT (05603) - Warning - 29 January 2010 12:38:50 (GMT+1)
32708 14:16:58 (3)                 A provider, PerfProv, has been registered in the WMI namespace, ROOT\CIMV2\MicrosoftHealthMonitor\PerfMon,
32709 14:16:58 (3)                 but did not specify the HostingModel property. This provider will be run
32710 14:16:58 (3)                 using the LocalSystem account. This account is privileged and the provider
32711 14:16:58 (3)                 may cause a security violation if it does not correctly impersonate user
32712 14:16:58 (3)                 requests. Ensure that provider has been reviewed for security behavior
32713 14:16:58 (3)                 and update the HostingModel property of the provider registration to an
32714 14:16:58 (3)                 account with the least privileges possible for the required functionality.
32715 14:16:58 (3)        #839392: WINMGMT (05603) - Warning - 29 January 2010 12:38:50 (GMT+1)
32716 14:16:58 (3)                 A provider, PerfProv, has been registered in the WMI namespace, ROOT\CIMV2\MicrosoftHealthMonitor\PerfMon,
32717 14:16:58 (3)                 but did not specify the HostingModel property. This provider will be run
32718 14:16:58 (3)                 using the LocalSystem account. This account is privileged and the provider
32719 14:16:58 (3)                 may cause a security violation if it does not correctly impersonate user
32720 14:16:58 (3)                 requests. Ensure that provider has been reviewed for security behavior
32721 14:16:58 (3)                 and update the HostingModel property of the provider registration to an
32722 14:16:58 (3)                 account with the least privileges possible for the required functionality.
32723 14:16:58 (3)        #839427: WINMGMT (00047) - Warning - 29 January 2010 12:42:55 (GMT+1)
32724 14:16:58 (3)                 WMI ADAP was unable to retrieve data from the PerfLib subkey: SYSTEM\CurrentControlSet\Services\Autocat\Performance\Library,
32725 14:16:58 (3)                 error code: 0x80041009
32726 14:16:58 (3)        #839428: WINMGMT (00042) - Warning - 29 January 2010 12:43:04 (GMT+1)
32727 14:16:58 (3)                 WMI ADAP was unable to create object Win32_PerfRawData_DNS_DNS for Performance
32728 14:16:58 (3)                 Library DNS because no value was found for property index 3194 in the
32729 14:16:58 (3)                 009 subkey
32730 14:16:58 (3)        #839429: WINMGMT (00040) - Warning - 29 January 2010 12:43:04 (GMT+1)
32731 14:16:58 (3)                 WMI ADAP was unable to create the object Win32_PerfRawData_DNS_DNS for
32732 14:16:58 (3)                 Performance Library DNS because error 0x80041001 was returned
32733 14:16:58 (3)        #839430: WINMGMT (00047) - Warning - 29 January 2010 12:43:24 (GMT+1)
32734 14:16:58 (3)                 WMI ADAP was unable to retrieve data from the PerfLib subkey: SYSTEM\CurrentControlSet\Services\MSSEARCH\Performance\Library,
32735 14:16:58 (3)                 error code: 0x80041009
32736 14:16:58 (3)        #839431: WINMGMT (00047) - Warning - 29 January 2010 12:43:24 (GMT+1)
32737 14:16:58 (3)                 WMI ADAP was unable to retrieve data from the PerfLib subkey: SYSTEM\CurrentControlSet\Services\MSSGatherer\Performance\Library,
32738 14:16:58 (3)                 error code: 0x80041009
32739 14:16:58 (3)        #839432: WINMGMT (00047) - Warning - 29 January 2010 12:43:24 (GMT+1)
32740 14:16:58 (3)                 WMI ADAP was unable to retrieve data from the PerfLib subkey: SYSTEM\CurrentControlSet\Services\MSSGTHRSVC\Performance\Library,
32741 14:16:58 (3)                 error code: 0x80041009
32742 14:16:58 (3)        #839433: WINMGMT (00047) - Warning - 29 January 2010 12:43:25 (GMT+1)
32743 14:16:58 (3)                 WMI ADAP was unable to retrieve data from the PerfLib subkey: SYSTEM\CurrentControlSet\Services\mssindex\Performance\Library,
32744 14:16:58 (3)                 error code: 0x80041009
32745 14:16:58 (3)        #839436: WINMGMT (00040) - Warning - 29 January 2010 12:43:50 (GMT+1)
32746 14:16:58 (3)                 WMI ADAP was unable to create the object Win32_PerfFormattedData_Perf_SmexPerfMonMgr_SMEXRealTimeCount
32747 14:16:58 (3)                 for Performance Library Perf_SmexPerfMonMgr because error 0x80041002 was
32748 14:16:58 (3)                 returned
32749 14:16:58 (3)        #839437: WINMGMT (00040) - Warning - 29 January 2010 12:43:50 (GMT+1)
32750 14:16:58 (3)                 WMI ADAP was unable to create the object Win32_PerfFormattedData_Perf_SmexPerfMonMgr_SMEXRealTimeCount
32751 14:16:58 (3)                 for Performance Library Perf_SmexPerfMonMgr because error 0x80041002 was
32752 14:16:58 (3)                 returned

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of RobSampson
RobSampson
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial