Link to home
Start Free TrialLog in
Avatar of NCSA SCADA
NCSA SCADAFlag for United States of America

asked on

WMI to Remote computer fails

Thanks experts in advance for the help.
I have almost 100 windows 2003 servers I support accross north america.  I have a tool I developed that uses wmi calls to collect information from each servers.  It works great on about 95% of the servers.  The others do not return any data.  I have verified that I am an administrator on the servers, I have followed the steps I could find to rebuild the repository and for registering the service again.  Nothing seems to help.  I have also turned off the firewall on the servers.  I find these errors on all of the servers that are failing. (Wmiprov.log)

(Sun Apr 17 18:24:23 2011.70015) : WDM call returned error: 4200
(Sun Apr 17 18:24:23 2011.70140) : ***************************************
(Sun Apr 17 18:24:23 2011.70140) : Could not get pointer to binary resource for file:
(Sun Apr 17 18:24:23 2011.70140) : C:\WINDOWS\System32\drivers\afd.sys[AfdMofResource](Sun Apr 17 18:24:23 2011.70140) :
(Sun Apr 17 18:24:23 2011.70140) : ***************************************

In the wmiadap.log I find these errors
(Thu Sep 17 20:02:18 2009.1859343) : VerifyLoaded for mssindex hr = 80041001.
(Thu Sep 17 20:02:18 2009.1859343) : Construction of the mssindex perflib wrapper failed hr = 80041001.

Any help would be great    
Thanks again
Avatar of NCSA SCADA
NCSA SCADA
Flag of United States of America image

ASKER

one more thing....
I have verified the dcom permissions as well
I'd check out the WMI Diag Utility from Microsoft. You may have corrupt WMI components on the machine's that have a problem.

http://www.microsoft.com/downloads/en/details.aspx?familyid=d7ba3cd6-18d1-4d05-b11e-4c64192ae97d&displaylang=en
I tried that as well, and it killed a bunch of critical services.  I had to stop it and reboot the server
Can you manually re-register WMI components?
I've had this happen to me before. I've had a so-so amount of success fixing. some fixed, some not.
I manage a lot of remote servers using WMI too.

you'd had to execute all of the below lines. Or maybe copy into a .bat and run it.

CD c:\Windows\System32\wbem
for %i in (*.dll) do RegSvr32 -s %i
regsvr32 -s scrcons.exe
regsvr32 -s unsecapp.exe
regsvr32 -s wbemtest.exe
regsvr32 -s winmgmt.exe
regsvr32 -s wmiadap.exe
regsvr32 -s wmiapsvr.exe
regsvr32 -s wmiprvse.exe
net stop ccmexec
net start ccmexec
pause
Please ignore the net stop/start ccmexec lines above....
I manged to get the tool to run on another server here is what it returned
************************************

33323 18:19:29 (0) ** WMIDiag v2.0 started on Monday, April 18, 2011 at 18:15.
33324 18:19:29 (0) **
33325 18:19:29 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - January 2007.
33326 18:19:29 (0) **
33327 18:19:29 (0) ** This script is not supported under any Microsoft standard support program or service.
33328 18:19:29 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
33329 18:19:29 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
33330 18:19:29 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
33331 18:19:29 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
33332 18:19:29 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
33333 18:19:29 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
33334 18:19:29 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
33335 18:19:29 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
33336 18:19:29 (0) ** of the possibility of such damages.
33337 18:19:29 (0) **
33338 18:19:29 (0) **
33339 18:19:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33340 18:19:29 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
33341 18:19:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33342 18:19:29 (0) **
33343 18:19:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33344 18:19:29 (0) ** Windows Server 2003 - No service pack - 32-bit (3790) - User 'CAVOBSMRSIDE01\ADMINISTRATOR' on computer 'CAVOBSMRSIDE01'.
33345 18:19:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33346 18:19:29 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)!
33347 18:19:29 (0) ** INFO: => 7 incorrect shutdown(s) detected on:
33348 18:19:29 (0) **          - Shutdown on 16 January 2009 08:50:46 (GMT+4).
33349 18:19:29 (0) **          - Shutdown on 14 October 2009 16:27:40 (GMT+4).
33350 18:19:29 (0) **          - Shutdown on 03 December 2009 13:58:08 (GMT+4).
33351 18:19:29 (0) **          - Shutdown on 21 December 2010 16:28:19 (GMT+4).
33352 18:19:29 (0) **          - Shutdown on 21 December 2010 17:56:28 (GMT+4).
33353 18:19:29 (0) **          - Shutdown on 07 March 2011 19:09:06 (GMT+4).
33354 18:19:29 (0) **          - Shutdown on 17 April 2011 18:24:11 (GMT+4).
33355 18:19:29 (0) **
33356 18:19:29 (0) ** System drive: ....................................................................................................... C: (Disk #0 Partition #0).
33357 18:19:29 (0) ** Drive type: ......................................................................................................... SCSI (HP LOGICAL VOLUME SCSI Disk Device).
33358 18:19:29 (0) ** There are no missing WMI system files: .............................................................................. OK.
33359 18:19:29 (0) ** There are no missing WMI repository files: .......................................................................... OK.
33360 18:19:29 (0) ** WMI repository state: ............................................................................................... N/A.
33361 18:19:29 (0) ** BEFORE running WMIDiag:
33362 18:19:29 (0) ** The WMI repository has a size of: ................................................................................... 25 MB.
33363 18:19:29 (0) ** - Disk free space on 'C:': .......................................................................................... 84850 MB.
33364 18:19:29 (0) **   - INDEX.BTR,                     2260992 bytes,      4/17/2011 6:24:38 PM
33365 18:19:29 (0) **   - MAPPING.VER,                   4 bytes,            4/17/2011 6:24:38 PM
33366 18:19:29 (0) **   - MAPPING1.MAP,                  13008 bytes,        4/17/2011 6:24:38 PM
33367 18:19:29 (0) **   - MAPPING2.MAP,                  13008 bytes,        4/17/2011 6:24:30 PM
33368 18:19:29 (0) **   - OBJECTS.DATA,                  24051712 bytes,     4/17/2011 6:24:38 PM
33369 18:19:29 (0) ** AFTER running WMIDiag:
33370 18:19:29 (0) ** The WMI repository has a size of: ................................................................................... 25 MB.
33371 18:19:29 (0) ** - Disk free space on 'C:': .......................................................................................... 84846 MB.
33372 18:19:29 (0) **   - INDEX.BTR,                     2260992 bytes,      4/18/2011 6:17:55 PM
33373 18:19:29 (0) **   - MAPPING.VER,                   4 bytes,            4/18/2011 6:17:55 PM
33374 18:19:29 (0) **   - MAPPING1.MAP,                  13008 bytes,        4/17/2011 6:24:38 PM
33375 18:19:29 (0) **   - MAPPING2.MAP,                  13008 bytes,        4/18/2011 6:17:55 PM
33376 18:19:29 (0) **   - OBJECTS.DATA,                  24051712 bytes,     4/18/2011 6:17:55 PM
33377 18:19:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33378 18:19:29 (0) ** Windows Firewall: ................................................................................................... NOT INSTALLED.
33379 18:19:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33380 18:19:29 (0) ** DCOM Status: ........................................................................................................ OK.
33381 18:19:29 (0) ** WMI registry setup: ................................................................................................. OK.
33382 18:19:29 (0) ** WMI Service has no dependents: ...................................................................................... OK.
33383 18:19:29 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
33384 18:19:29 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
33385 18:19:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33386 18:19:29 (0) ** WMI service DCOM setup: ............................................................................................. OK.
33387 18:19:29 (0) ** WMI components DCOM registrations: .................................................................................. OK.
33388 18:19:29 (0) ** WMI ProgID registrations: ........................................................................................... OK.
33389 18:19:29 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
33390 18:19:29 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
33391 18:19:29 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
33392 18:19:29 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
33393 18:19:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33394 18:19:29 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Default): .................................................. MODIFIED.
33395 18:19:29 (1) !! ERROR: Default trustee 'NT AUTHORITY\SELF' has been REMOVED!
33396 18:19:29 (0) **        - REMOVED ACE:
33397 18:19:29 (0) **          ACEType:  &h0
33398 18:19:29 (0) **                    ACCESS_ALLOWED_ACE_TYPE
33399 18:19:29 (0) **          ACEFlags: &h0
33400 18:19:29 (0) **          ACEMask:  &h1
33401 18:19:29 (0) **                    DCOM_RIGHT_EXECUTE
33402 18:19:29 (0) **
33403 18:19:29 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
33404 18:19:29 (0) **    Removing default security will cause some operations to fail!
33405 18:19:29 (0) **    It is possible to fix this issue by editing the security descriptor and adding the ACE.
33406 18:19:29 (0) **    For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
33407 18:19:29 (0) **
33408 18:19:29 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED.
33409 18:19:29 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED!
33410 18:19:29 (0) **        - REMOVED ACE:
33411 18:19:29 (0) **          ACEType:  &h0
33412 18:19:29 (0) **                    ACCESS_ALLOWED_ACE_TYPE
33413 18:19:29 (0) **          ACEFlags: &h0
33414 18:19:29 (0) **          ACEMask:  &h1
33415 18:19:29 (0) **                    DCOM_RIGHT_EXECUTE
33416 18:19:29 (0) **
33417 18:19:29 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
33418 18:19:29 (0) **    Removing default security will cause some operations to fail!
33419 18:19:29 (0) **    It is possible to fix this issue by editing the security descriptor and adding the ACE.
33420 18:19:29 (0) **    For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
33421 18:19:29 (0) **
33422 18:19:29 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': ..................................................................... MODIFIED.
33423 18:19:29 (1) !! ERROR: Actual trustee 'NT AUTHORITY\NETWORK SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default)
33424 18:19:29 (0) **        - ACTUAL ACE:
33425 18:19:29 (0) **          ACEType:  &h0
33426 18:19:29 (0) **                    ACCESS_ALLOWED_ACE_TYPE
33427 18:19:29 (0) **          ACEFlags: &h2
33428 18:19:29 (0) **                    CONTAINER_INHERIT_ACE
33429 18:19:29 (0) **          ACEMask:  &h1
33430 18:19:29 (0) **                    WBEM_ENABLE
33431 18:19:29 (0) **        - EXPECTED ACE:
33432 18:19:29 (0) **          ACEType:  &h0
33433 18:19:29 (0) **                    ACCESS_ALLOWED_ACE_TYPE
33434 18:19:29 (0) **          ACEFlags: &h12
33435 18:19:29 (0) **                    CONTAINER_INHERIT_ACE
33436 18:19:29 (0) **                    INHERITED_ACE
33437 18:19:29 (0) **          ACEMask:  &h13
33438 18:19:29 (0) **                    WBEM_ENABLE
33439 18:19:29 (0) **                    WBEM_METHOD_EXECUTE
33440 18:19:29 (0) **                    WBEM_WRITE_PROVIDER
33441 18:19:29 (0) **
33442 18:19:29 (0) ** => The actual ACE has the right(s) '&h12 WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
33443 18:19:29 (0) **    This will cause some operations to fail!
33444 18:19:29 (0) **    It is possible to fix this issue by editing the security descriptor and adding the removed right.
33445 18:19:29 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
33446 18:19:29 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace.
33447 18:19:29 (0) **       The security diagnostic is based on the WMI namespace expected defaults.
33448 18:19:29 (0) **       A specific WMI application can always require a security setup different
33449 18:19:29 (0) **       than the WMI security defaults.
33450 18:19:29 (0) **
33451 18:19:29 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': ..................................................................... MODIFIED.
33452 18:19:29 (1) !! ERROR: Actual trustee 'NT AUTHORITY\LOCAL SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default)
33453 18:19:29 (0) **        - ACTUAL ACE:
33454 18:19:29 (0) **          ACEType:  &h0
33455 18:19:29 (0) **                    ACCESS_ALLOWED_ACE_TYPE
33456 18:19:29 (0) **          ACEFlags: &h2
33457 18:19:29 (0) **                    CONTAINER_INHERIT_ACE
33458 18:19:29 (0) **          ACEMask:  &h1
33459 18:19:29 (0) **                    WBEM_ENABLE
33460 18:19:29 (0) **        - EXPECTED ACE:
33461 18:19:29 (0) **          ACEType:  &h0
33462 18:19:29 (0) **                    ACCESS_ALLOWED_ACE_TYPE
33463 18:19:29 (0) **          ACEFlags: &h12
33464 18:19:29 (0) **                    CONTAINER_INHERIT_ACE
33465 18:19:29 (0) **                    INHERITED_ACE
33466 18:19:29 (0) **          ACEMask:  &h13
33467 18:19:29 (0) **                    WBEM_ENABLE
33468 18:19:29 (0) **                    WBEM_METHOD_EXECUTE
33469 18:19:29 (0) **                    WBEM_WRITE_PROVIDER
33470 18:19:29 (0) **
33471 18:19:29 (0) ** => The actual ACE has the right(s) '&h12 WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
33472 18:19:29 (0) **    This will cause some operations to fail!
33473 18:19:29 (0) **    It is possible to fix this issue by editing the security descriptor and adding the removed right.
33474 18:19:29 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
33475 18:19:29 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace.
33476 18:19:29 (0) **       The security diagnostic is based on the WMI namespace expected defaults.
33477 18:19:29 (0) **       A specific WMI application can always require a security setup different
33478 18:19:29 (0) **       than the WMI security defaults.
33479 18:19:29 (0) **
33480 18:19:29 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': ..................................................................... MODIFIED.
33481 18:19:29 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED!
33482 18:19:29 (0) **        - REMOVED ACE:
33483 18:19:29 (0) **          ACEType:  &h0
33484 18:19:29 (0) **                    ACCESS_ALLOWED_ACE_TYPE
33485 18:19:29 (0) **          ACEFlags: &h12
33486 18:19:29 (0) **                    CONTAINER_INHERIT_ACE
33487 18:19:29 (0) **                    INHERITED_ACE
33488 18:19:29 (0) **          ACEMask:  &h13
33489 18:19:29 (0) **                    WBEM_ENABLE
33490 18:19:29 (0) **                    WBEM_METHOD_EXECUTE
33491 18:19:29 (0) **                    WBEM_WRITE_PROVIDER
33492 18:19:29 (0) **
33493 18:19:29 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
33494 18:19:29 (0) **    Removing default security will cause some operations to fail!
33495 18:19:29 (0) **    It is possible to fix this issue by editing the security descriptor and adding the ACE.
33496 18:19:29 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
33497 18:19:29 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace.
33498 18:19:29 (0) **       The security diagnostic is based on the WMI namespace expected defaults.
33499 18:19:29 (0) **       A specific WMI application can always require a security setup different
33500 18:19:29 (0) **       than the WMI security defaults.
33501 18:19:29 (0) **
33502 18:19:29 (0) **
33503 18:19:29 (0) ** DCOM security warning(s) detected: .................................................................................. 0.
33504 18:19:29 (0) ** DCOM security error(s) detected: .................................................................................... 2.
33505 18:19:29 (0) ** WMI security warning(s) detected: ................................................................................... 0.
33506 18:19:29 (0) ** WMI security error(s) detected: ..................................................................................... 3.
33507 18:19:29 (0) **
33508 18:19:29 (1) !! ERROR: Overall DCOM security status: ................................................................................ ERROR!
33509 18:19:29 (1) !! ERROR: Overall WMI security status: ................................................................................. ERROR!
33510 18:19:29 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
33511 18:19:29 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 54.
33512 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA44".
33513 18:19:29 (0) **   'select * from MSMCAEvent_InvalidError where (type = 2147811432) and (LogToEventlog <> 0)'
33514 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA23".
33515 18:19:29 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553235) and (LogToEventlog <> 0)'
33516 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA32".
33517 18:19:29 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811420) and (LogToEventlog <> 0)'
33518 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA14".
33519 18:19:29 (0) **   'select * from MSMCAEvent_MemoryError where (type = 2147811402) and (LogToEventlog <> 0)'
33520 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA37".
33521 18:19:29 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553249) and (LogToEventlog <> 0)'
33522 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer".
33523 18:19:29 (0) **   'select * from MSFT_SCMEventLogEvent'
33524 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA5".
33525 18:19:29 (0) **   'select * from MSMCAEvent_CPUError where (type = 3221553217) and (LogToEventlog <> 0)'
33526 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA18".
33527 18:19:29 (0) **   'select * from MSMCAEvent_SystemEventError where (type = 2147811406) and (LogToEventlog <> 0)'
33528 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA3".
33529 18:19:29 (0) **   'select * from MSMCAEvent_CPUError where (type = 3221553215) and (LogToEventlog <> 0)'
33530 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA41".
33531 18:19:29 (0) **   'select * from MSMCAEvent_SMBIOSError where (type = 3221553253) and (LogToEventlog <> 0)'
33532 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA26".
33533 18:19:29 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811414) and (LogToEventlog <> 0)'
33534 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA36".
33535 18:19:29 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811424) and (LogToEventlog <> 0)'
33536 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA9".
33537 18:19:29 (0) **   'select * from MSMCAEvent_CPUError where (type = 3221553221) and (LogToEventlog <> 0) and not ((MSSid = 0) and ((MsOp <> 3) or (MSOp <> 4)))'
33538 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA10".
33539 18:19:29 (0) **   'select * from MSMCAEvent_MemoryError where (type = 2147811398) and (LogToEventlog <> 0)'
33540 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA17".
33541 18:19:29 (0) **   'select * from MSMCAEvent_MemoryError where (type = 3221553229) and (LogToEventlog <> 0)'
33542 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA1".
33543 18:19:29 (0) **   'select * from MSMCAEvent_CPUError where (type = 3221553213) and (LogToEventlog <> 0)'
33544 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA42".
33545 18:19:29 (0) **   'select * from MSMCAEvent_PlatformSpecificError where (type = 2147811430) and (LogToEventlog <> 0)'
33546 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA4".
33547 18:19:29 (0) **   'select * from MSMCAEvent_CPUError where (type = 2147811392) and (LogToEventlog <> 0)'
33548 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA25".
33549 18:19:29 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553237) and (LogToEventlog <> 0)'
33550 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA49".
33551 18:19:29 (0) **   'select * from MSMCAEvent_CPUError where (MajorErrorType = 4) and (MSSid = 0) and (MSOp = 4) and (LogToEventlog <> 0)'
33552 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA27".
33553 18:19:29 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553239) and (LogToEventlog <> 0)'
33554 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA45".
33555 18:19:29 (0) **   'select * from MSMCAEvent_InvalidError where (type = 3221553257) and (LogToEventlog <> 0)'
33556 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA8".
33557 18:19:29 (0) **   'select * from MSMCAEvent_CPUError where (type = 2147811396) and (LogToEventlog <> 0) and not ((MSSid = 0) and ((MsOp <> 3) or (MSOp <> 4)))'
33558 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA40".
33559 18:19:29 (0) **   'select * from MSMCAEvent_SMBIOSError where (type = 2147811428) and (LogToEventlog <> 0)'
33560 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA39".
33561 18:19:29 (0) **   'select * from MSMCAEvent_PCIComponentError where (type = 3221553251) and (LogToEventlog <> 0)'
33562 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA29".
33563 18:19:29 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553241) and (LogToEventlog <> 0)'
33564 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA20".
33565 18:19:29 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811408) and (LogToEventlog <> 0)'
33566 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA48".
33567 18:19:29 (0) **   'select * from MSMCAEvent_CPUError where (MajorErrorType = 4) and (MSSid = 0) and (MSOp = 3) and (LogToEventlog <> 0)'
33568 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA28".
33569 18:19:29 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811416) and (LogToEventlog <> 0)'
33570 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA33".
33571 18:19:29 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553245) and (LogToEventlog <> 0)'
33572 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA7".
33573 18:19:29 (0) **   'select * from MSMCAEvent_CPUError where (type = 3221553219) and (LogToEventlog <> 0)'
33574 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA16".
33575 18:19:29 (0) **   'select * from MSMCAEvent_MemoryError where (type = 2147811404) and (LogToEventlog <> 0)'
33576 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA43".
33577 18:19:29 (0) **   'select * from MSMCAEvent_PlatformSpecificError where (type = 3221553255) and (LogToEventlog <> 0)'
33578 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA21".
33579 18:19:29 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553233) and (LogToEventlog <> 0)'
33580 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA6".
33581 18:19:29 (0) **   'select * from MSMCAEvent_CPUError where (type = 2147811394) and (LogToEventlog <> 0)'
33582 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA31".
33583 18:19:29 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553243) and (LogToEventlog <> 0)'
33584 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA12".
33585 18:19:29 (0) **   'select * from MSMCAEvent_MemoryError where (type = 2147811400) and (LogToEventlog <> 0)'
33586 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA46".
33587 18:19:29 (0) **   'select * from MSMCAEvent_InvalidError where (type = 2147811434) and (LogToEventlog <> 0)'
33588 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA47".
33589 18:19:29 (0) **   'select * from MSMCAEvent_InvalidError where (type = 3221553259) and (LogToEventlog <> 0)'
33590 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA35".
33591 18:19:29 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 3221553247) and (LogToEventlog <> 0)'
33592 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA0".
33593 18:19:29 (0) **   'select * from MSMCAEvent_CPUError where (type = 2147811388) and (LogToEventlog <> 0)'
33594 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA19".
33595 18:19:29 (0) **   'select * from MSMCAEvent_SystemEventError where (type = 3221553231) and (LogToEventlog <> 0)'
33596 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA11".
33597 18:19:29 (0) **   'select * from MSMCAEvent_MemoryError where (type = 3221553223) and (LogToEventlog <> 0)'
33598 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA52".
33599 18:19:29 (0) **   'select * from MSMCAEvent_MemoryPageRemoved'
33600 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA30".
33601 18:19:29 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811418) and (LogToEventlog <> 0)'
33602 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA15".
33603 18:19:29 (0) **   'select * from MSMCAEvent_MemoryError where (type = 3221553227) and (LogToEventlog <> 0)'
33604 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA38".
33605 18:19:29 (0) **   'select * from MSMCAEvent_PCIComponentError where (type = 2147811426) and (LogToEventlog <> 0)'
33606 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA34".
33607 18:19:29 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811422) and (LogToEventlog <> 0)'
33608 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA2".
33609 18:19:29 (0) **   'select * from MSMCAEvent_CPUError where (type = 2147811390) and (LogToEventlog <> 0)'
33610 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA22".
33611 18:19:29 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811410) and (LogToEventlog <> 0)'
33612 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA13".
33613 18:19:29 (0) **   'select * from MSMCAEvent_MemoryError where (type = 3221553225) and (LogToEventlog <> 0)'
33614 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA50".
33615 18:19:29 (0) **   'select * from MSMCAEvent_CPUError where (type = 2147811441) and (LogToEventlog <> 0)'
33616 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA51".
33617 18:19:29 (0) **   'select * from MSMCAEvent_CPUError where (type = 3221553266) and (LogToEventlog <> 0)'
33618 18:19:29 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA24".
33619 18:19:29 (0) **   'select * from MSMCAEvent_PCIBusError where (type = 2147811412) and (LogToEventlog <> 0)'
33620 18:19:29 (0) **
33621 18:19:29 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
33622 18:19:29 (0) ** WMI ADAP status: .................................................................................................... OK.
33623 18:19:29 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: .................................................................... 2 NAMESPACE(S)!
33624 18:19:29 (0) ** - ROOT/SERVICEMODEL.
33625 18:19:29 (0) ** - ROOT/MICROSOFTIISV2.
33626 18:19:29 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to
33627 18:19:29 (0) **    use an encrypted connection by specifying the PACKET PRIVACY authentication level.
33628 18:19:29 (0) **    (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags)
33629 18:19:29 (0) **    i.e. 'WMIC.EXE /NODE:"CAVOBSMRSIDE01" /AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\MICROSOFTIISV2 Class __SystemSecurity'
33630 18:19:29 (0) **
33631 18:19:29 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK.
33632 18:19:29 (0) ** WMI CONNECTIONS: .................................................................................................... OK.
33633 18:19:29 (0) ** WMI GET operations: ................................................................................................. OK.
33634 18:19:29 (0) ** WMI MOF representations: ............................................................................................ OK.
33635 18:19:29 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
33636 18:19:29 (0) ** WMI ENUMERATION operations: ......................................................................................... OK.
33637 18:19:29 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
33638 18:19:29 (0) ** WMI GET VALUE operations: ........................................................................................... OK.
33639 18:19:29 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
33640 18:19:29 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
33641 18:19:29 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
33642 18:19:29 (0) ** WMI static instances retrieved: ..................................................................................... 1235.
33643 18:19:29 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
33644 18:19:29 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 0.
33645 18:19:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33646 18:19:29 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
33647 18:19:29 (0) **   DCOM: ............................................................................................................. 0.
33648 18:19:29 (0) **   WINMGMT: .......................................................................................................... 0.
33649 18:19:29 (0) **   WMIADAPTER: ....................................................................................................... 0.
33650 18:19:29 (0) **
33651 18:19:29 (0) ** # of additional Event Log events AFTER WMIDiag execution:
33652 18:19:29 (0) **   DCOM: ............................................................................................................. 0.
33653 18:19:29 (0) **   WINMGMT: .......................................................................................................... 0.
33654 18:19:29 (0) **   WMIADAPTER: ....................................................................................................... 0.
33655 18:19:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33656 18:19:29 (0) ** WMI Registry key setup: ............................................................................................. OK.
33657 18:19:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33658 18:19:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33659 18:19:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33660 18:19:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33661 18:19:29 (0) **
33662 18:19:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33663 18:19:29 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
33664 18:19:29 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
33665 18:19:29 (0) **
33666 18:19:29 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!.  Check 'C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\WMIDIAG-V2.0_2003_.SRV.RTM.32_CAVOBSMRSIDE01_2011.04.18_18.15.17.LOG' for details.
33667 18:19:29 (0) **
33668 18:19:29 (0) ** WMIDiag v2.0 ended on Monday, April 18, 2011 at 18:19 (W:64 E:7 S:1).
The thins that look odd to me are these
 !! ERROR: Default trustee 'EVERYONE' has been REMOVED!

33452 18:19:29 (1) !! ERROR: Actual trustee 'NT AUTHORITY\LOCAL SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default)

33394 18:19:29 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Default): .................................................. MODIFIED.
33395 18:19:29 (1) !! ERROR: Default trustee 'NT AUTHORITY\SELF' has been REMOVED!

How do i fix these
any help experts
ASKER CERTIFIED SOLUTION
Avatar of NCSA SCADA
NCSA SCADA
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I was unable to get a solution