| Home | Forums | Reviews | Articles | Register |
 |
| Thread Tools | Rate Thread |
|
gianni
Guest
Posts: n/a
|
The driver file is here:
http://downloadcenter.intel.com/Deta...=4275&lang=eng The system is XP SP2 with all latest updates. The problem is with WMI. Logs are here... ************* LOGS ************************ (Mon Sep 03 15:36:42 2007.546453) : Impersonation failed - Access denied (Mon Sep 03 15:57:40 2007.1804187) : WDM call returned error: 4200 (Mon Sep 03 18:43:19 2007.45750) : Unable to add definition query SELECT * FROM IANet_802dot3TeamEvent to a provider proxy. Error code: 80041002 (Mon Sep 03 18:43:19 2007.45750) : Skipping provider NcsWmiEventProv registration query SELECT * FROM IANet_802dot3TeamEvent failed to merge: 80041002 (Mon Sep 03 18:43:19 2007.45750) : Invalid event class IANet_802dot3VlanEvent in provider registration Query was: SELECT * FROM IANet_802dot3VlanEvent (Mon Sep 03 18:43:19 2007.45765) : Unable to add definition query SELECT * FROM IANet_802dot3VlanEvent to a provider proxy. Error code: 80041002 (Mon Sep 03 18:43:19 2007.45765) : Skipping provider NcsWmiEventProv registration query SELECT * FROM IANet_802dot3VlanEvent failed to merge: 80041002 (Mon Sep 03 18:43:19 2007.45765) : Invalid event class IANet_InternalErrorEvent in provider registration Query was: SELECT * FROM IANet_InternalErrorEvent (Mon Sep 03 18:43:19 2007.45765) : Unable to add definition query SELECT * FROM IANet_InternalErrorEvent to a provider proxy. Error code: 80041002 (Mon Sep 03 18:43:19 2007.45765) : Skipping provider NcsWmiEventProv registration query SELECT * FROM IANet_InternalErrorEvent failed to merge: 80041002 (Mon Sep 03 18:44:23 2007.109953) : NT Event Log Consumer: could not retrieve sid, 0x80041002 A provider, Ncs2, has been registered in the WMI namespace, Root \IntelNCS2, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality. A provider, IntelEthernetDiag, has been registered in the WMI namespace, Root\CIMv2, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality. Event provider attempted to register query "SELECT * FROM IANet_SessionEvent" whose target class "IANet_SessionEvent" does not exist. The query will be ignored. Event provider attempted to register query "SELECT * FROM IANet_InternalErrorEvent" whose target class "IANet_InternalErrorEvent" does not exist. The query will be ignored. Event provider attempted to register query "SELECT * FROM IANet_SessionEvent" whose target class "IANet_SessionEvent" does not exist. The query will be ignored. Event provider attempted to register query "SELECT * FROM IANet_802dot3AdapterEvent" whose target class "IANet_802dot3AdapterEvent" does not exist. The query will be ignored. Event provider attempted to register query "SELECT * FROM IANet_802dot3TeamEvent" whose target class "IANet_802dot3TeamEvent" does not exist. The query will be ignored. Event provider attempted to register query "SELECT * FROM IANet_802dot3VlanEvent" whose target class "IANet_802dot3VlanEvent" does not exist. The query will be ignored. |
|
||
|
||||
|
|
|
| |
|
gianni
Guest
Posts: n/a
|
I am adding more logs and observations.
There appears to be impact made by any version of the intel drivers as inspected with 8.4, 11.2, 12.2 versions. It is sufficient to have them once installed and removed to have error REMAIN. For version 8.4 that is chronologically ... logical. For example I can see IntelNCS remaining in the security properties page... But where and what is it really changed in windows and where do we see those configuration files? Since the system used to work well I suppose that microsoft something changed via automatic updates and then the system became crappy. I tried loosening security for everything in WMI properties except for user "Everyone" but that had no result. While the event viewer is printing same messages all the time (??) the WBEM is printing logs like this... ******************* LOGS ******************************* errors after uninstalling driver and removing 98% of intel proset rekated registry entries... (Tue Sep 04 17:09:46 2007.4008406) : Unable to register event source 'Service Control Manager' on server ''. Error code: 6B5 (Tue Sep 04 17:09:46 2007.4008406) : Event consumer provider is unable to instantiate event consumer NTEventLogEventConsumer="SCM Event Log Consumer": error code 0x80041001 (Tue Sep 04 17:09:46 2007.4008406) : Failed the first attempt to retrieve the sink to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 80041001. WMI will reload and retry. (Tue Sep 04 17:09:46 2007.4008421) : Unable to register event source 'Service Control Manager' on server ''. Error code: 6B5 (Tue Sep 04 17:09:46 2007.4008421) : Event consumer provider is unable to instantiate event consumer NTEventLogEventConsumer="SCM Event Log Consumer": error code 0x80041001 (Tue Sep 04 17:09:46 2007.4008421) : Failed the second attempt to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 80041001. This event is dropped for this consumer. (Tue Sep 04 17:09:46 2007.4008421) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008421) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008421) : Unable to register event source 'Service Control Manager' on server ''. Error code: 6B5 (Tue Sep 04 17:09:46 2007.4008421) : Event consumer provider is unable to instantiate event consumer NTEventLogEventConsumer="SCM Event Log Consumer": error code 0x80041001 (Tue Sep 04 17:09:46 2007.4008421) : Failed the first attempt to retrieve the sink to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 80041001. WMI will reload and retry. (Tue Sep 04 17:09:46 2007.4008421) : Unable to register event source 'Service Control Manager' on server ''. Error code: 6B5 (Tue Sep 04 17:09:46 2007.4008421) : Event consumer provider is unable to instantiate event consumer NTEventLogEventConsumer="SCM Event Log Consumer": error code 0x80041001 (Tue Sep 04 17:09:46 2007.4008421) : Failed the second attempt to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 80041001. This event is dropped for this consumer. (Tue Sep 04 17:09:46 2007.4008421) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008500) : Unable to register event source 'Service Control Manager' on server ''. Error code: 6B5 (Tue Sep 04 17:09:46 2007.4008500) : Event consumer provider is unable to instantiate event consumer NTEventLogEventConsumer="SCM Event Log Consumer": error code 0x80041001 (Tue Sep 04 17:09:46 2007.4008500) : Failed the first attempt to retrieve the sink to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 80041001. WMI will reload and retry. (Tue Sep 04 17:09:46 2007.4008500) : Unable to register event source 'Service Control Manager' on server ''. Error code: 6B5 (Tue Sep 04 17:09:46 2007.4008515) : Event consumer provider is unable to instantiate event consumer NTEventLogEventConsumer="SCM Event Log Consumer": error code 0x80041001 (Tue Sep 04 17:09:46 2007.4008515) : Failed the second attempt to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 80041001. This event is dropped for this consumer. (Tue Sep 04 17:09:46 2007.4008515) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008515) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008515) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008515) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008515) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008515) : Unable to register event source 'Service Control Manager' on server ''. Error code: 6B5 (Tue Sep 04 17:09:46 2007.4008515) : Event consumer provider is unable to instantiate event consumer NTEventLogEventConsumer="SCM Event Log Consumer": error code 0x80041001 (Tue Sep 04 17:09:46 2007.4008515) : Failed the first attempt to retrieve the sink to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 80041001. WMI will reload and retry. (Tue Sep 04 17:09:46 2007.4008531) : Unable to register event source 'Service Control Manager' on server ''. Error code: 6B5 (Tue Sep 04 17:09:46 2007.4008531) : Event consumer provider is unable to instantiate event consumer NTEventLogEventConsumer="SCM Event Log Consumer": error code 0x80041001 (Tue Sep 04 17:09:46 2007.4008531) : Failed the second attempt to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 80041001. This event is dropped for this consumer. (Tue Sep 04 17:09:46 2007.4008531) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008531) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008531) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008531) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008531) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008531) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:11:02 2007.41765) : Invalid event class IANet_SessionEvent in provider registration Query was: SELECT * FROM IANet_SessionEvent (Tue Sep 04 17:11:02 2007.41781) : Unable to add definition query SELECT * FROM IANet_SessionEvent to a provider proxy. Error code: 80041002 (Tue Sep 04 17:11:02 2007.41781) : Skipping provider NcsCoreEvents registration query SELECT * FROM IANet_SessionEvent failed to merge: 80041002 (Tue Sep 04 17:11:02 2007.41781) : Invalid event class IANet_InternalErrorEvent in provider registration Query was: SELECT * FROM IANet_InternalErrorEvent (Tue Sep 04 17:11:02 2007.41781) : Unable to add definition query SELECT * FROM IANet_InternalErrorEvent to a provider proxy. Error code: 80041002 (Tue Sep 04 17:11:02 2007.41781) : Skipping provider NcsCoreEvents registration query SELECT * FROM IANet_InternalErrorEvent failed to merge: 80041002 (Tue Sep 04 17:11:02 2007.41796) : Invalid event class IANet_SessionEvent in provider registration Query was: SELECT * FROM IANet_SessionEvent (Tue Sep 04 17:11:02 2007.41796) : Unable to add definition query SELECT * FROM IANet_SessionEvent to a provider proxy. Error code: 80041002 (Tue Sep 04 17:11:02 2007.41796) : Skipping provider NcsWmiEventProv registration query SELECT * FROM IANet_SessionEvent failed to merge: 80041002 (Tue Sep 04 17:11:02 2007.41796) : Invalid event class IANet_802dot3AdapterEvent in provider registration Query was: SELECT * FROM IANet_802dot3AdapterEvent (Tue Sep 04 17:11:02 2007.41812) : Unable to add definition query SELECT * FROM IANet_802dot3AdapterEvent to a provider proxy. Error code: 80041002 (Tue Sep 04 17:11:02 2007.41812) : Skipping provider NcsWmiEventProv registration query SELECT * FROM IANet_802dot3AdapterEvent failed to merge: 80041002 (Tue Sep 04 17:11:02 2007.41812) : Invalid event class IANet_802dot3TeamEvent in provider registration Query was: SELECT * FROM IANet_802dot3TeamEvent (Tue Sep 04 17:11:02 2007.41812) : Unable to add definition query SELECT * FROM IANet_802dot3TeamEvent to a provider proxy. Error code: 80041002 (Tue Sep 04 17:11:02 2007.41812) : Skipping provider NcsWmiEventProv registration query SELECT * FROM IANet_802dot3TeamEvent failed to merge: 80041002 (Tue Sep 04 17:11:02 2007.41812) : Invalid event class IANet_802dot3VlanEvent in provider registration Query was: SELECT * FROM IANet_802dot3VlanEvent (Tue Sep 04 17:11:02 2007.41812) : Unable to add definition query SELECT * FROM IANet_802dot3VlanEvent to a provider proxy. Error code: 80041002 (Tue Sep 04 17:11:02 2007.41812) : Skipping provider NcsWmiEventProv registration query SELECT * FROM IANet_802dot3VlanEvent failed to merge: 80041002 (Tue Sep 04 17:11:02 2007.41812) : Invalid event class IANet_InternalErrorEvent in provider registration Query was: SELECT * FROM IANet_InternalErrorEvent (Tue Sep 04 17:11:02 2007.41812) : Unable to add definition query SELECT * FROM IANet_InternalErrorEvent to a provider proxy. Error code: 80041002 (Tue Sep 04 17:11:02 2007.41812) : Skipping provider NcsWmiEventProv registration query SELECT * FROM IANet_InternalErrorEvent failed to merge: 80041002 (Tue Sep 04 17:12:05 2007.105343) : NT Event Log Consumer: could not retrieve sid, 0x80041002 (Tue Sep 04 17:12:05 2007.105343) : NT Event Log Consumer: could not retrieve sid, 0x80041002 (Tue Sep 04 17:12:06 2007.105859) : NT Event Log Consumer: could not retrieve sid, 0x80041002 (Tue Sep 04 17:12:06 2007.105859) : NT Event Log Consumer: could not retrieve sid, 0x80041002 (Tue Sep 04 17:12:07 2007.106718) : NT Event Log Consumer: could not retrieve sid, 0x80041002 (Tue Sep 04 17:12:07 2007.106781) : NT Event Log Consumer: could not retrieve sid, 0x80041002 (Tue Sep 04 17:12:07 2007.106781) : NT Event Log Consumer: could not retrieve sid, 0x80041002 (Tue Sep 04 17:12:09 2007.109171) : NT Event Log Consumer: could not retrieve sid, 0x80041002 (Tue Sep 04 17:12:10 2007.110656) : NT Event Log Consumer: could not retrieve sid, 0x80041002 (Tue Sep 04 17:12:10 2007.110656) : NT Event Log Consumer: could not retrieve sid, 0x80041002 (Tue Sep 04 17:12:13 2007.112890) : NT Event Log Consumer: could not retrieve sid, 0x80041002 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ errors after yet another INSTALL of 12.2 driver. it took 10 minutes to complete, then I "REPAIRED" it later on one more time to record logs... notice the moment with syntax error. (Tue Sep 04 17:25:19 2007.898984) : Parsing MOF file: ICmLn.mof (Tue Sep 04 17:25:19 2007.899187) : Finished compiling file:ICmLn.mof (Tue Sep 04 17:25:19 2007.899187) : Parsing MOF file: ICmENU.mfl (Tue Sep 04 17:25:19 2007.899421) : Finished compiling file:ICmENU.mfl (Tue Sep 04 17:25:19 2007.899437) : Parsing MOF file: ICmENU.mfl (Tue Sep 04 17:25:19 2007.899625) : Finished compiling file:ICmENU.mfl (Tue Sep 04 17:25:19 2007.899625) : Parsing MOF file: ICoreLn.mof (Tue Sep 04 17:25:20 2007.899765) : Finished compiling file:ICoreLn.mof (Tue Sep 04 17:25:20 2007.899765) : Parsing MOF file: ICoreENU.mfl (Tue Sep 04 17:25:20 2007.899890) : Finished compiling file:ICoreENU.mfl (Tue Sep 04 17:25:20 2007.899890) : Parsing MOF file: ICoreENU.mfl (Tue Sep 04 17:25:20 2007.900000) : Finished compiling file:ICoreENU.mfl (Tue Sep 04 17:25:20 2007.900015) : Parsing MOF file: IDiagLn.mof (Tue Sep 04 17:25:20 2007.900031) : Finished compiling file:IDiagLn.mof (Tue Sep 04 17:25:20 2007.900046) : Parsing MOF file: IDiagENU.mfl (Tue Sep 04 17:25:20 2007.900078) : Finished compiling file:IDiagENU.mfl (Tue Sep 04 17:25:20 2007.900093) : Parsing MOF file: IDiagENU.mfl (Tue Sep 04 17:25:20 2007.900125) : Finished compiling file:IDiagENU.mfl (Tue Sep 04 17:25:20 2007.900125) : Parsing MOF file: IBootLn.mof (Tue Sep 04 17:25:20 2007.900156) : Finished compiling file:IBootLn.mof (Tue Sep 04 17:25:20 2007.900171) : Parsing MOF file: IBootENU.mfl (Tue Sep 04 17:25:20 2007.900218) : Finished compiling file:IBootENU.mfl (Tue Sep 04 17:25:20 2007.900218) : Parsing MOF file: IBootENU.mfl (Tue Sep 04 17:25:20 2007.900250) : Finished compiling file:IBootENU.mfl (Tue Sep 04 17:25:20 2007.900296) : Parsing MOF file: C2CmLn.mof (Tue Sep 04 17:25:20 2007.900328) : Finished compiling file:C2CmLn.mof (Tue Sep 04 17:25:20 2007.900328) : Parsing MOF file: C2CmENU.mfl (Tue Sep 04 17:25:20 2007.900359) : Finished compiling file:C2CmENU.mfl (Tue Sep 04 17:25:20 2007.900375) : Parsing MOF file: C2CmENU.mfl (Tue Sep 04 17:25:20 2007.900390) : Finished compiling file:C2CmENU.mfl (Tue Sep 04 17:25:20 2007.900406) : Parsing MOF file: C2CdLn.mof (Tue Sep 04 17:25:20 2007.900437) : Finished compiling file:C2CdLn.mof (Tue Sep 04 17:25:20 2007.900437) : Parsing MOF file: C2CdENU.mfl (Tue Sep 04 17:25:20 2007.900484) : Finished compiling file:C2CdENU.mfl (Tue Sep 04 17:25:20 2007.900484) : Parsing MOF file: C2CdENU.mfl (Tue Sep 04 17:25:20 2007.900546) : Finished compiling file:C2CdENU.mfl (Tue Sep 04 17:25:20 2007.900546) : Parsing MOF file: C2ICdLn.mof (Tue Sep 04 17:25:20 2007.900609) : Finished compiling file:C2ICdLn.mof (Tue Sep 04 17:25:20 2007.900609) : Parsing MOF file: C2ICdENU.mfl (Tue Sep 04 17:25:20 2007.900640) : Finished compiling file:C2ICdENU.mfl (Tue Sep 04 17:25:20 2007.900640) : Parsing MOF file: C2ICdENU.mfl (Tue Sep 04 17:25:21 2007.900671) : Finished compiling file:C2ICdENU.mfl (Tue Sep 04 17:25:21 2007.900671) : Parsing MOF file: C2ICrLn.mof (Tue Sep 04 17:25:21 2007.900734) : Finished compiling file:C2ICrLn.mof (Tue Sep 04 17:25:21 2007.900750) : Parsing MOF file: C2ICrENU.mfl (Tue Sep 04 17:25:21 2007.900812) : Finished compiling file:C2ICrENU.mfl (Tue Sep 04 17:25:21 2007.900812) : Parsing MOF file: C2ICrENU.mfl (Tue Sep 04 17:25:21 2007.901140) : Finished compiling file:C2ICrENU.mfl (Tue Sep 04 17:35:58 2007.1538640) : (1): error SYNTAX 0X8004401e: This is not a valid MOF file (Tue Sep 04 17:35:58 2007.1538640) : (1): error SYNTAX 0X8004401e: This is not a valid MOF file (Tue Sep 04 17:36:05 2007.1545031) : Parsing MOF file: ICmLn.mof (Tue Sep 04 17:36:05 2007.1545156) : Finished compiling file:ICmLn.mof (Tue Sep 04 17:36:05 2007.1545156) : Parsing MOF file: ICmENU.mfl (Tue Sep 04 17:36:05 2007.1545406) : Finished compiling file:ICmENU.mfl (Tue Sep 04 17:36:05 2007.1545406) : Parsing MOF file: ICmENU.mfl (Tue Sep 04 17:36:05 2007.1545593) : Finished compiling file:ICmENU.mfl (Tue Sep 04 17:36:05 2007.1545625) : Parsing MOF file: ICoreLn.mof (Tue Sep 04 17:36:06 2007.1545718) : Finished compiling file:ICoreLn.mof (Tue Sep 04 17:36:06 2007.1545718) : Parsing MOF file: ICoreENU.mfl (Tue Sep 04 17:36:06 2007.1545843) : Finished compiling file:ICoreENU.mfl (Tue Sep 04 17:36:06 2007.1545859) : Parsing MOF file: ICoreENU.mfl (Tue Sep 04 17:36:06 2007.1545968) : Finished compiling file:ICoreENU.mfl (Tue Sep 04 17:36:06 2007.1545984) : Parsing MOF file: IDiagLn.mof (Tue Sep 04 17:36:06 2007.1546000) : Finished compiling file:IDiagLn.mof (Tue Sep 04 17:36:06 2007.1546000) : Parsing MOF file: IDiagENU.mfl (Tue Sep 04 17:36:06 2007.1546046) : Finished compiling file:IDiagENU.mfl (Tue Sep 04 17:36:06 2007.1546062) : Parsing MOF file: IDiagENU.mfl (Tue Sep 04 17:36:06 2007.1546109) : Finished compiling file:IDiagENU.mfl (Tue Sep 04 17:36:06 2007.1546109) : Parsing MOF file: IBootLn.mof (Tue Sep 04 17:36:06 2007.1546140) : Finished compiling file:IBootLn.mof (Tue Sep 04 17:36:06 2007.1546140) : Parsing MOF file: IBootENU.mfl (Tue Sep 04 17:36:06 2007.1546234) : Finished compiling file:IBootENU.mfl (Tue Sep 04 17:36:06 2007.1546234) : Parsing MOF file: IBootENU.mfl (Tue Sep 04 17:36:06 2007.1546265) : Finished compiling file:IBootENU.mfl (Tue Sep 04 17:36:06 2007.1546312) : Parsing MOF file: C2CmLn.mof (Tue Sep 04 17:36:06 2007.1546328) : Finished compiling file:C2CmLn.mof (Tue Sep 04 17:36:06 2007.1546343) : Parsing MOF file: C2CmENU.mfl (Tue Sep 04 17:36:06 2007.1546375) : Finished compiling file:C2CmENU.mfl (Tue Sep 04 17:36:06 2007.1546375) : Parsing MOF file: C2CmENU.mfl (Tue Sep 04 17:36:06 2007.1546406) : Finished compiling file:C2CmENU.mfl (Tue Sep 04 17:36:06 2007.1546406) : Parsing MOF file: C2CdLn.mof (Tue Sep 04 17:36:06 2007.1546437) : Finished compiling file:C2CdLn.mof (Tue Sep 04 17:36:06 2007.1546437) : Parsing MOF file: C2CdENU.mfl (Tue Sep 04 17:36:06 2007.1546500) : Finished compiling file:C2CdENU.mfl (Tue Sep 04 17:36:06 2007.1546500) : Parsing MOF file: C2CdENU.mfl (Tue Sep 04 17:36:06 2007.1546546) : Finished compiling file:C2CdENU.mfl (Tue Sep 04 17:36:06 2007.1546546) : Parsing MOF file: C2ICdLn.mof (Tue Sep 04 17:36:06 2007.1546609) : Finished compiling file:C2ICdLn.mof (Tue Sep 04 17:36:06 2007.1546609) : Parsing MOF file: C2ICdENU.mfl (Tue Sep 04 17:36:06 2007.1546640) : Finished compiling file:C2ICdENU.mfl (Tue Sep 04 17:36:06 2007.1546640) : Parsing MOF file: C2ICdENU.mfl (Tue Sep 04 17:36:07 2007.1546671) : Finished compiling file:C2ICdENU.mfl (Tue Sep 04 17:36:07 2007.1546671) : Parsing MOF file: C2ICrLn.mof (Tue Sep 04 17:36:07 2007.1546734) : Finished compiling file:C2ICrLn.mof (Tue Sep 04 17:36:07 2007.1546734) : Parsing MOF file: C2ICrENU.mfl (Tue Sep 04 17:36:07 2007.1546812) : Finished compiling file:C2ICrENU.mfl (Tue Sep 04 17:36:07 2007.1546812) : Parsing MOF file: C2ICrENU.mfl (Tue Sep 04 17:36:07 2007.1546875) : Finished compiling file:C2ICrENU.mfl (Tue Sep 04 17:09:46 2007.4008406) : Unable to register event source 'Service Control Manager' on server ''. Error code: 6B5 (Tue Sep 04 17:09:46 2007.4008406) : Event consumer provider is unable to instantiate event consumer NTEventLogEventConsumer="SCM Event Log Consumer": error code 0x80041001 (Tue Sep 04 17:09:46 2007.4008406) : Failed the first attempt to retrieve the sink to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 80041001. WMI will reload and retry. (Tue Sep 04 17:09:46 2007.4008421) : Unable to register event source 'Service Control Manager' on server ''. Error code: 6B5 (Tue Sep 04 17:09:46 2007.4008421) : Event consumer provider is unable to instantiate event consumer NTEventLogEventConsumer="SCM Event Log Consumer": error code 0x80041001 (Tue Sep 04 17:09:46 2007.4008421) : Failed the second attempt to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 80041001. This event is dropped for this consumer. (Tue Sep 04 17:09:46 2007.4008421) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008421) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008421) : Unable to register event source 'Service Control Manager' on server ''. Error code: 6B5 (Tue Sep 04 17:09:46 2007.4008421) : Event consumer provider is unable to instantiate event consumer NTEventLogEventConsumer="SCM Event Log Consumer": error code 0x80041001 (Tue Sep 04 17:09:46 2007.4008421) : Failed the first attempt to retrieve the sink to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 80041001. WMI will reload and retry. (Tue Sep 04 17:09:46 2007.4008421) : Unable to register event source 'Service Control Manager' on server ''. Error code: 6B5 (Tue Sep 04 17:09:46 2007.4008421) : Event consumer provider is unable to instantiate event consumer NTEventLogEventConsumer="SCM Event Log Consumer": error code 0x80041001 (Tue Sep 04 17:09:46 2007.4008421) : Failed the second attempt to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 80041001. This event is dropped for this consumer. (Tue Sep 04 17:09:46 2007.4008421) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008500) : Unable to register event source 'Service Control Manager' on server ''. Error code: 6B5 (Tue Sep 04 17:09:46 2007.4008500) : Event consumer provider is unable to instantiate event consumer NTEventLogEventConsumer="SCM Event Log Consumer": error code 0x80041001 (Tue Sep 04 17:09:46 2007.4008500) : Failed the first attempt to retrieve the sink to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 80041001. WMI will reload and retry. (Tue Sep 04 17:09:46 2007.4008500) : Unable to register event source 'Service Control Manager' on server ''. Error code: 6B5 (Tue Sep 04 17:09:46 2007.4008515) : Event consumer provider is unable to instantiate event consumer NTEventLogEventConsumer="SCM Event Log Consumer": error code 0x80041001 (Tue Sep 04 17:09:46 2007.4008515) : Failed the second attempt to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 80041001. This event is dropped for this consumer. (Tue Sep 04 17:09:46 2007.4008515) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008515) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008515) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008515) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008515) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008515) : Unable to register event source 'Service Control Manager' on server ''. Error code: 6B5 (Tue Sep 04 17:09:46 2007.4008515) : Event consumer provider is unable to instantiate event consumer NTEventLogEventConsumer="SCM Event Log Consumer": error code 0x80041001 (Tue Sep 04 17:09:46 2007.4008515) : Failed the first attempt to retrieve the sink to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 80041001. WMI will reload and retry. (Tue Sep 04 17:09:46 2007.4008531) : Unable to register event source 'Service Control Manager' on server ''. Error code: 6B5 (Tue Sep 04 17:09:46 2007.4008531) : Event consumer provider is unable to instantiate event consumer NTEventLogEventConsumer="SCM Event Log Consumer": error code 0x80041001 (Tue Sep 04 17:09:46 2007.4008531) : Failed the second attempt to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 80041001. This event is dropped for this consumer. (Tue Sep 04 17:09:46 2007.4008531) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008531) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008531) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008531) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008531) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:09:46 2007.4008531) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription (Tue Sep 04 17:11:02 2007.41765) : Invalid event class IANet_SessionEvent in provider registration Query was: SELECT * FROM IANet_SessionEvent (Tue Sep 04 17:11:02 2007.41781) : Unable to add definition query SELECT * FROM IANet_SessionEvent to a provider proxy. Error code: 80041002 (Tue Sep 04 17:11:02 2007.41781) : Skipping provider NcsCoreEvents registration query SELECT * FROM IANet_SessionEvent failed to merge: 80041002 (Tue Sep 04 17:11:02 2007.41781) : Invalid event class IANet_InternalErrorEvent in provider registration Query was: SELECT * FROM IANet_InternalErrorEvent (Tue Sep 04 17:11:02 2007.41781) : Unable to add definition query SELECT * FROM IANet_InternalErrorEvent to a provider proxy. Error code: 80041002 (Tue Sep 04 17:11:02 2007.41781) : Skipping provider NcsCoreEvents registration query SELECT * FROM IANet_InternalErrorEvent failed to merge: 80041002 (Tue Sep 04 17:11:02 2007.41796) : Invalid event class IANet_SessionEvent in provider registration Query was: SELECT * FROM IANet_SessionEvent (Tue Sep 04 17:11:02 2007.41796) : Unable to add definition query SELECT * FROM IANet_SessionEvent to a provider proxy. Error code: 80041002 (Tue Sep 04 17:11:02 2007.41796) : Skipping provider NcsWmiEventProv registration query SELECT * FROM IANet_SessionEvent failed to merge: 80041002 (Tue Sep 04 17:11:02 2007.41796) : Invalid event class IANet_802dot3AdapterEvent in provider registration Query was: SELECT * FROM IANet_802dot3AdapterEvent (Tue Sep 04 17:11:02 2007.41812) : Unable to add definition query SELECT * FROM IANet_802dot3AdapterEvent to a provider proxy. Error code: 80041002 (Tue Sep 04 17:11:02 2007.41812) : Skipping provider NcsWmiEventProv registration query SELECT * FROM IANet_802dot3AdapterEvent failed to merge: 80041002 (Tue Sep 04 17:11:02 2007.41812) : Invalid event class IANet_802dot3TeamEvent in provider registration Query was: SELECT * FROM IANet_802dot3TeamEvent (Tue Sep 04 17:11:02 2007.41812) : Unable to add definition query SELECT * FROM IANet_802dot3TeamEvent to a provider proxy. Error code: 80041002 (Tue Sep 04 17:11:02 2007.41812) : Skipping provider NcsWmiEventProv registration query SELECT * FROM IANet_802dot3TeamEvent failed to merge: 80041002 (Tue Sep 04 17:11:02 2007.41812) : Invalid event class IANet_802dot3VlanEvent in provider registration Query was: SELECT * FROM IANet_802dot3VlanEvent (Tue Sep 04 17:11:02 2007.41812) : Unable to add definition query SELECT * FROM IANet_802dot3VlanEvent to a provider proxy. Error code: 80041002 (Tue Sep 04 17:11:02 2007.41812) : Skipping provider NcsWmiEventProv registration query SELECT * FROM IANet_802dot3VlanEvent failed to merge: 80041002 (Tue Sep 04 17:11:02 2007.41812) : Invalid event class IANet_InternalErrorEvent in provider registration Query was: SELECT * FROM IANet_InternalErrorEvent (Tue Sep 04 17:11:02 2007.41812) : Unable to add definition query SELECT * FROM IANet_InternalErrorEvent to a provider proxy. Error code: 80041002 (Tue Sep 04 17:11:02 2007.41812) : Skipping provider NcsWmiEventProv registration query SELECT * FROM IANet_InternalErrorEvent failed to merge: 80041002 (Tue Sep 04 17:12:05 2007.105343) : NT Event Log Consumer: could not retrieve sid, 0x80041002 (Tue Sep 04 17:12:05 2007.105343) : NT Event Log Consumer: could not retrieve sid, 0x80041002 (Tue Sep 04 17:12:06 2007.105859) : NT Event Log Consumer: could not retrieve sid, 0x80041002 (Tue Sep 04 17:12:06 2007.105859) : NT Event Log Consumer: could not retrieve sid, 0x80041002 (Tue Sep 04 17:12:07 2007.106718) : NT Event Log Consumer: could not retrieve sid, 0x80041002 (Tue Sep 04 17:12:07 2007.106781) : NT Event Log Consumer: could not retrieve sid, 0x80041002 (Tue Sep 04 17:12:07 2007.106781) : NT Event Log Consumer: could not retrieve sid, 0x80041002 (Tue Sep 04 17:12:09 2007.109171) : NT Event Log Consumer: could not retrieve sid, 0x80041002 (Tue Sep 04 17:12:10 2007.110656) : NT Event Log Consumer: could not retrieve sid, 0x80041002 (Tue Sep 04 17:12:10 2007.110656) : NT Event Log Consumer: could not retrieve sid, 0x80041002 (Tue Sep 04 17:12:13 2007.112890) : NT Event Log Consumer: could not retrieve sid, 0x80041002 (Tue Sep 04 17:24:26 2007.845843) : NT Event Log Consumer: could not retrieve sid, 0x80041002 (Tue Sep 04 17:11:56 2007.95984) : ConnectViaDCOM, CoCreateInstanceEx resulted in hr = 0x80010002 (Tue Sep 04 17:12:01 2007.101078) : ConnectViaDCOM, CoCreateInstanceEx resulted in hr = 0x80010002 (Tue Sep 04 17:24:50 2007.870031) : NTLMLogin resulted in hr = 0x8004100e (Tue Sep 04 17:24:50 2007.870046) : NTLMLogin resulted in hr = 0x8004100e Login Warning - provider with that name already existed, overridden with latest provider login (root \cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 09/04/2007 17:30:49.765 thread:3136 [d:\xpsprtm\admin\wmi\wbem\sdk\framedyn \wbemglue.cpp.2252] |
|
||
|
|
||||
|
gianni
Guest
Posts: n/a
|
21964 18:26:42 (0) ** WMIDiag v2.0 started on Tuesday, September 04,
2007 at 18:21. 21965 18:26:42 (0) ** 21966 18:26:42 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - January 2007. 21967 18:26:42 (0) ** 21968 18:26:42 (0) ** This script is not supported under any Microsoft standard support program or service. 21969 18:26:42 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all 21970 18:26:42 (0) ** implied warranties including, without limitation, any implied warranties of merchantability 21971 18:26:42 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance 21972 18:26:42 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors, 21973 18:26:42 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for 21974 18:26:42 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits, 21975 18:26:42 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of 21976 18:26:42 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised 21977 18:26:42 (0) ** of the possibility of such damages. 21978 18:26:42 (0) ** 21979 18:26:42 (0) ** 21980 18:26:42 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 21981 18:26:42 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ---------------------------------------------------------- 21982 18:26:42 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 21983 18:26:42 (0) ** 21984 18:26:42 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 21985 18:26:42 (0) ** Windows XP - Service pack 2 - 32-bit (2600) - User 'USR-B405AA75F52\USR' on computer 'USR-B405AA75F52'. 21986 18:26:42 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 21987 18:26:42 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)! 21988 18:26:42 (0) ** INFO: => 1 incorrect shutdown(s) detected on: 21989 18:26:42 (0) ** - Shutdown on 31 August 2007 14:55:45 (GMT+2). 21990 18:26:42 (0) ** 21991 18:26:42 (0) ** System drive: ....................................................................................................... C: (Disk #0 Partition #0). 21992 18:26:42 (0) ** Drive type: ......................................................................................................... IDE (WDC WD4000AAKS-00TMA0). 21993 18:26:42 (0) ** There are no missing WMI system files: .............................................................................. OK. 21994 18:26:42 (0) ** There are no missing WMI repository files: .......................................................................... OK. 21995 18:26:42 (0) ** WMI repository state: ............................................................................................... NOT TESTED. 21996 18:26:42 (0) ** BEFORE running WMIDiag: 21997 18:26:42 (0) ** The WMI repository has a size of: ................................................................................... 27 MB. 21998 18:26:42 (0) ** - Disk free space on 'C:': .......................................................................................... 33973 MB. 21999 18:26:42 (0) ** - INDEX.BTR, 2269184 bytes, 9/4/2007 6:20:47 PM 22000 18:26:42 (0) ** - INDEX.MAP, 1360 bytes, 9/4/2007 6:20:47 PM 22001 18:26:42 (0) ** - MAPPING.VER, 4 bytes, 9/4/2007 6:20:47 PM 22002 18:26:42 (0) ** - MAPPING1.MAP, 16172 bytes, 9/4/2007 6:20:47 PM 22003 18:26:42 (0) ** - MAPPING2.MAP, 16172 bytes, 9/4/2007 6:20:40 PM 22004 18:26:42 (0) ** - OBJECTS.DATA, 25845760 bytes, 9/4/2007 6:20:47 PM 22005 18:26:42 (0) ** - OBJECTS.MAP, 14832 bytes, 9/4/2007 6:20:47 PM 22006 18:26:42 (0) ** AFTER running WMIDiag: 22007 18:26:42 (0) ** The WMI repository has a size of: ................................................................................... 27 MB. 22008 18:26:42 (0) ** - Disk free space on 'C:': .......................................................................................... 34017 MB. 22009 18:26:42 (0) ** - INDEX.BTR, 2269184 bytes, 9/4/2007 6:20:47 PM 22010 18:26:42 (0) ** - INDEX.MAP, 1360 bytes, 9/4/2007 6:20:47 PM 22011 18:26:42 (0) ** - MAPPING.VER, 4 bytes, 9/4/2007 6:20:47 PM 22012 18:26:42 (0) ** - MAPPING1.MAP, 16172 bytes, 9/4/2007 6:20:47 PM 22013 18:26:42 (0) ** - MAPPING2.MAP, 16172 bytes, 9/4/2007 6:20:40 PM 22014 18:26:42 (0) ** - OBJECTS.DATA, 25845760 bytes, 9/4/2007 6:20:47 PM 22015 18:26:42 (0) ** - OBJECTS.MAP, 14832 bytes, 9/4/2007 6:20:47 PM 22016 18:26:42 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22017 18:26:42 (0) ** INFO: Windows Firewall status: ...................................................................................... ENABLED. 22018 18:26:42 (0) ** Windows Firewall Profile: ........................................................................................... STANDARD. 22019 18:26:42 (0) ** Windows Firewall 'RemoteAdmin' status: .............................................................................. DISABLED. 22020 18:26:42 (0) ** => This will prevent any WMI remote connectivity to this machine. 22021 18:26:42 (0) ** - You can adjust the configuration by executing the following command: 22022 18:26:42 (0) ** i.e. 'NETSH.EXE FIREWALL SET SERVICE REMOTEADMIN ENABLE SUBNET' 22023 18:26:42 (0) ** 22024 18:26:42 (0) ** Windows Firewall application exception for 'UNSECAPP.EXE': .......................................................... MISSING. 22025 18:26:42 (0) ** => This will prevent any script and MMC application asynchronous callbacks to this machine. 22026 18:26:42 (0) ** - You can adjust the configuration by executing the following command: 22027 18:26:42 (0) ** i.e. 'NETSH.EXE FIREWALL SET ALLOWEDPROGRAM C: \WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE WMICALLBACKS ENABLE' 22028 18:26:42 (0) ** 22029 18:26:42 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22030 18:26:42 (0) ** DCOM Status: ........................................................................................................ OK. 22031 18:26:42 (0) ** WMI registry setup: ................................................................................................. OK. 22032 18:26:42 (0) ** INFO: WMI service has dependents: ................................................................................... 3 SERVICE(S)! 22033 18:26:42 (0) ** - Security Center (WSCSVC, StartMode='Automatic') 22034 18:26:42 (0) ** - Windows Firewall/Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Automatic') 22035 18:26:42 (0) ** - IPv6 Helper Service (6TO4, StartMode='Automatic') 22036 18:26:42 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well. 22037 18:26:42 (0) ** Note: If the service is marked with (*), it means that the service/application uses WMI but 22038 18:26:42 (0) ** there is no hard dependency on WMI. However, if the WMI service is stopped, 22039 18:26:42 (0) ** this can prevent the service/ application to work as expected. 22040 18:26:42 (0) ** 22041 18:26:42 (0) ** RPCSS service: ...................................................................................................... OK (Already started). 22042 18:26:42 (0) ** WINMGMT service: .................................................................................................... OK (Already started). 22043 18:26:42 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22044 18:26:42 (0) ** WMI service DCOM setup: ............................................................................................. OK. 22045 18:26:42 (0) ** WMI components DCOM registrations: .................................................................................. OK. 22046 18:26:42 (0) ** WMI ProgID registrations: ........................................................................................... OK. 22047 18:26:42 (2) !! WARNING: WMI provider DCOM registrations missing for the following provider(s): ..................................... 1 WARNING(S)! 22048 18:26:42 (0) ** - ROOT/CIMV2, NcsWmiEventProv ({E4E01430-7348-467D-B2B8-170D716EF5C4}) 22049 18:26:42 (0) ** Provider DLL: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 22050 18:26:42 (0) ** => This is an issue because there are still some WMI classes referencing this list of providers 22051 18:26:42 (0) ** while the DCOM registration is wrong or missing. This can be due to: 22052 18:26:42 (0) ** - a de-installation of the software. 22053 18:26:42 (0) ** - a deletion of some registry key data. 22054 18:26:42 (0) ** - a registry corruption. 22055 18:26:42 (0) ** => You can correct the DCOM configuration by: 22056 18:26:42 (0) ** - Executing the 'REGSVR32.EXE <Provider.DLL>' command. 22057 18:26:42 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag. 22058 18:26:42 (0) ** (This list can be built on a similar and working WMI Windows installation) 22059 18:26:42 (0) ** The following command line must be used: 22060 18:26:42 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider' 22061 18:26:42 (2) !! WARNING: Re-registering with REGSVR32.EXE all DLL from 'C:\WINDOWS\SYSTEM32\WBEM\' 22062 18:26:42 (0) ** may not solve the problem as the DLL supporting the WMI class(es) 22063 18:26:42 (0) ** can be located in a different folder. 22064 18:26:42 (0) ** You must refer to the class name to determine the software delivering the related DLL. 22065 18:26:42 (0) ** => If the software has been de-installed intentionally, then this information must be 22066 18:26:42 (0) ** removed from the WMI repository. You can use the 'WMIC.EXE' command to remove 22067 18:26:42 (0) ** the provider registration data. 22068 18:26:42 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT\CIMV2 path __Win32Provider Where Name='NcsWmiEventProv' DELETE' 22069 18:26:42 (0) ** => If the namespace was ENTIRELY dedicated to the intentionally de-installed software, 22070 18:26:42 (0) ** the namespace and ALL its content can be ENTIRELY deleted. 22071 18:26:42 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT path __NAMESPACE Where Name='CIMV2' DELETE' 22072 18:26:42 (0) ** - Re-installing the software. 22073 18:26:42 (0) ** 22074 18:26:42 (0) ** WMI provider CIM registrations: ..................................................................................... OK. 22075 18:26:42 (0) ** WMI provider CLSIDs: ................................................................................................ OK. 22076 18:26:42 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK. 22077 18:26:42 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22078 18:26:42 (0) ** WMI namespace security for 'ROOT/ SERVICEMODEL': ..................................................................... MODIFIED. 22079 18:26:42 (1) !! ERROR: Actual trustee 'NT AUTHORITY\NETWORK SERVICE' DOES NOT match corresponding expected trustee rights (Actual- >Default) 22080 18:26:42 (0) ** - ACTUAL ACE: 22081 18:26:42 (0) ** ACEType: &h0 22082 18:26:42 (0) ** ACCESS_ALLOWED_ACE_TYPE 22083 18:26:42 (0) ** ACEFlags: &h2 22084 18:26:42 (0) ** CONTAINER_INHERIT_ACE 22085 18:26:42 (0) ** ACEMask: &h1 22086 18:26:42 (0) ** WBEM_ENABLE 22087 18:26:42 (0) ** - EXPECTED ACE: 22088 18:26:42 (0) ** ACEType: &h0 22089 18:26:42 (0) ** ACCESS_ALLOWED_ACE_TYPE 22090 18:26:42 (0) ** ACEFlags: &h12 22091 18:26:42 (0) ** CONTAINER_INHERIT_ACE 22092 18:26:42 (0) ** INHERITED_ACE 22093 18:26:42 (0) ** ACEMask: &h13 22094 18:26:42 (0) ** WBEM_ENABLE 22095 18:26:42 (0) ** WBEM_METHOD_EXECUTE 22096 18:26:42 (0) ** WBEM_WRITE_PROVIDER 22097 18:26:42 (0) ** 22098 18:26:42 (0) ** => The actual ACE has the right(s) '&h12 WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed! 22099 18:26:42 (0) ** This will cause some operations to fail! 22100 18:26:42 (0) ** It is possible to fix this issue by editing the security descriptor and adding the removed right. 22101 18:26:42 (0) ** For WMI namespaces, this can be done with 'WMIMGMT.MSC'. 22102 18:26:42 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace. 22103 18:26:42 (0) ** The security diagnostic is based on the WMI namespace expected defaults. 22104 18:26:42 (0) ** A specific WMI application can always require a security setup different 22105 18:26:42 (0) ** than the WMI security defaults. 22106 18:26:42 (0) ** 22107 18:26:42 (0) ** WMI namespace security for 'ROOT/ SERVICEMODEL': ..................................................................... MODIFIED. 22108 18:26:42 (1) !! ERROR: Actual trustee 'NT AUTHORITY\LOCAL SERVICE' DOES NOT match corresponding expected trustee rights (Actual- >Default) 22109 18:26:42 (0) ** - ACTUAL ACE: 22110 18:26:42 (0) ** ACEType: &h0 22111 18:26:42 (0) ** ACCESS_ALLOWED_ACE_TYPE 22112 18:26:42 (0) ** ACEFlags: &h2 22113 18:26:42 (0) ** CONTAINER_INHERIT_ACE 22114 18:26:42 (0) ** ACEMask: &h1 22115 18:26:42 (0) ** WBEM_ENABLE 22116 18:26:42 (0) ** - EXPECTED ACE: 22117 18:26:42 (0) ** ACEType: &h0 22118 18:26:42 (0) ** ACCESS_ALLOWED_ACE_TYPE 22119 18:26:42 (0) ** ACEFlags: &h12 22120 18:26:42 (0) ** CONTAINER_INHERIT_ACE 22121 18:26:42 (0) ** INHERITED_ACE 22122 18:26:42 (0) ** ACEMask: &h13 22123 18:26:42 (0) ** WBEM_ENABLE 22124 18:26:42 (0) ** WBEM_METHOD_EXECUTE 22125 18:26:42 (0) ** WBEM_WRITE_PROVIDER 22126 18:26:42 (0) ** 22127 18:26:42 (0) ** => The actual ACE has the right(s) '&h12 WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed! 22128 18:26:42 (0) ** This will cause some operations to fail! 22129 18:26:42 (0) ** It is possible to fix this issue by editing the security descriptor and adding the removed right. 22130 18:26:42 (0) ** For WMI namespaces, this can be done with 'WMIMGMT.MSC'. 22131 18:26:42 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace. 22132 18:26:42 (0) ** The security diagnostic is based on the WMI namespace expected defaults. 22133 18:26:42 (0) ** A specific WMI application can always require a security setup different 22134 18:26:42 (0) ** than the WMI security defaults. 22135 18:26:42 (0) ** 22136 18:26:42 (0) ** WMI namespace security for 'ROOT/ SERVICEMODEL': ..................................................................... MODIFIED. 22137 18:26:42 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED! 22138 18:26:42 (0) ** - REMOVED ACE: 22139 18:26:42 (0) ** ACEType: &h0 22140 18:26:42 (0) ** ACCESS_ALLOWED_ACE_TYPE 22141 18:26:42 (0) ** ACEFlags: &h12 22142 18:26:42 (0) ** CONTAINER_INHERIT_ACE 22143 18:26:42 (0) ** INHERITED_ACE 22144 18:26:42 (0) ** ACEMask: &h13 22145 18:26:42 (0) ** WBEM_ENABLE 22146 18:26:42 (0) ** WBEM_METHOD_EXECUTE 22147 18:26:42 (0) ** WBEM_WRITE_PROVIDER 22148 18:26:42 (0) ** 22149 18:26:42 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 22150 18:26:42 (0) ** Removing default security will cause some operations to fail! 22151 18:26:42 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 22152 18:26:42 (0) ** For WMI namespaces, this can be done with 'WMIMGMT.MSC'. 22153 18:26:42 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace. 22154 18:26:42 (0) ** The security diagnostic is based on the WMI namespace expected defaults. 22155 18:26:42 (0) ** A specific WMI application can always require a security setup different 22156 18:26:42 (0) ** than the WMI security defaults. 22157 18:26:42 (0) ** 22158 18:26:42 (0) ** 22159 18:26:42 (0) ** DCOM security warning(s) detected: .................................................................................. 0. 22160 18:26:42 (0) ** DCOM security error(s) detected: .................................................................................... 0. 22161 18:26:42 (0) ** WMI security warning(s) detected: ................................................................................... 0. 22162 18:26:42 (0) ** WMI security error(s) detected: ..................................................................................... 3. 22163 18:26:42 (0) ** 22164 18:26:42 (0) ** Overall DCOM security status: ....................................................................................... OK. 22165 18:26:42 (1) !! ERROR: Overall WMI security status: ................................................................................. ERROR! 22166 18:26:42 (0) ** - Started at 'Root' -------------------------------------------------------------------------------------------------------------- 22167 18:26:42 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 2. 22168 18:26:42 (0) ** - ROOT/SUBSCRIPTION, MSFT_UCScenarioControl.Name="Microsoft WMI Updating Consumer Scenario Control". 22169 18:26:42 (0) ** 'SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario'' 22170 18:26:42 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer". 22171 18:26:42 (0) ** 'select * from MSFT_SCMEventLogEvent' 22172 18:26:42 (0) ** 22173 18:26:42 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE. 22174 18:26:42 (0) ** WMI ADAP status: .................................................................................................... OK. 22175 18:26:42 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: .................................................................... 1 NAMESPACE(S)! 22176 18:26:42 (0) ** - ROOT/SERVICEMODEL. 22177 18:26:42 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to 22178 18:26:42 (0) ** use an encrypted connection by specifying the PACKET PRIVACY authentication level. 22179 18:26:42 (0) ** (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags) 22180 18:26:42 (0) ** i.e. 'WMIC.EXE /NODE:"USR-B405AA75F52" / AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class __SystemSecurity' 22181 18:26:42 (0) ** 22182 18:26:42 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK. 22183 18:26:42 (0) ** WMI CONNECTIONS: .................................................................................................... OK. 22184 18:26:42 (0) ** WMI GET operations: ................................................................................................. OK. 22185 18:26:42 (0) ** WMI MOF representations: ............................................................................................ OK. 22186 18:26:42 (0) ** WMI QUALIFIER access operations: .................................................................................... OK. 22187 18:26:42 (0) ** WMI ENUMERATION operations: ......................................................................................... OK. 22188 18:26:42 (0) ** WMI EXECQUERY operations: ........................................................................................... OK. 22189 18:26:42 (0) ** WMI GET VALUE operations: ........................................................................................... OK. 22190 18:26:42 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED. 22191 18:26:42 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED. 22192 18:26:42 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED. 22193 18:26:42 (0) ** WMI static instances retrieved: ..................................................................................... 746. 22194 18:26:42 (0) ** WMI dynamic instances retrieved: .................................................................................... 0. 22195 18:26:42 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 0. 22196 18:26:42 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22197 18:26:42 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s): 22198 18:26:42 (0) ** DCOM: ............................................................................................................. 10. 22199 18:26:42 (0) ** WINMGMT: .......................................................................................................... 213. 22200 18:26:42 (0) ** WMIADAPTER: ....................................................................................................... 0. 22201 18:26:42 (0) ** => Verify the WMIDiag LOG at line #20130 for more details. 22202 18:26:42 (0) ** 22203 18:26:42 (0) ** # of additional Event Log events AFTER WMIDiag execution: 22204 18:26:42 (0) ** DCOM: ............................................................................................................. 0. 22205 18:26:42 (0) ** WINMGMT: .......................................................................................................... 0. 22206 18:26:42 (0) ** WMIADAPTER: ....................................................................................................... 0. 22207 18:26:42 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22208 18:26:42 (0) ** WMI Registry key setup: ............................................................................................. OK. 22209 18:26:42 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22210 18:26:42 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22211 18:26:42 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22212 18:26:42 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22213 18:26:42 (0) ** 22214 18:26:42 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22215 18:26:42 (0) ** ------------------------------------------------------ WMI REPORT: END ----------------------------------------------------------- 22216 18:26:42 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22217 18:26:42 (0) ** 22218 18:26:42 (0) ** WARNING: WMIDiag determined that WMI works CORRECTLY. HOWEVER, some issues were detected. Check 'C:\DOCUMENTS AND SETTINGS\USR\LOCAL SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.SP2.32_USR- B405AA75F52_2007.09.04_18.21.54.LOG' for details. 22219 18:26:42 (0) ** 22220 18:26:42 (0) ** WMIDiag v2.0 ended on Tuesday, September 04, 2007 at 18:26 (W:111 E:5 S:2). |
|
||
|
|
||||
|
gianni
Guest
Posts: n/a
|
22021 18:38:48 (0) ** WMIDiag v2.0 started on Tuesday, September 04,
2007 at 18:33. 22022 18:38:48 (0) ** 22023 18:38:48 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - January 2007. 22024 18:38:48 (0) ** 22025 18:38:48 (0) ** This script is not supported under any Microsoft standard support program or service. 22026 18:38:48 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all 22027 18:38:48 (0) ** implied warranties including, without limitation, any implied warranties of merchantability 22028 18:38:48 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance 22029 18:38:48 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors, 22030 18:38:48 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for 22031 18:38:48 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits, 22032 18:38:48 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of 22033 18:38:48 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised 22034 18:38:48 (0) ** of the possibility of such damages. 22035 18:38:48 (0) ** 22036 18:38:48 (0) ** 22037 18:38:48 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22038 18:38:48 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ---------------------------------------------------------- 22039 18:38:48 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22040 18:38:48 (0) ** 22041 18:38:48 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22042 18:38:48 (0) ** Windows XP - Service pack 2 - 32-bit (2600) - User 'USR-B405AA75F52\USR' on computer 'USR-B405AA75F52'. 22043 18:38:48 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22044 18:38:48 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)! 22045 18:38:48 (0) ** INFO: => 1 incorrect shutdown(s) detected on: 22046 18:38:48 (0) ** - Shutdown on 31 August 2007 14:55:45 (GMT+2). 22047 18:38:48 (0) ** 22048 18:38:48 (0) ** System drive: ....................................................................................................... C: (Disk #0 Partition #0). 22049 18:38:48 (0) ** Drive type: ......................................................................................................... IDE (WDC WD4000AAKS-00TMA0). 22050 18:38:48 (0) ** There are no missing WMI system files: .............................................................................. OK. 22051 18:38:48 (0) ** There are no missing WMI repository files: .......................................................................... OK. 22052 18:38:48 (0) ** WMI repository state: ............................................................................................... NOT TESTED. 22053 18:38:48 (0) ** BEFORE running WMIDiag: 22054 18:38:48 (0) ** The WMI repository has a size of: ................................................................................... 27 MB. 22055 18:38:48 (0) ** - Disk free space on 'C:': .......................................................................................... 34055 MB. 22056 18:38:48 (0) ** - INDEX.BTR, 2269184 bytes, 9/4/2007 6:32:42 PM 22057 18:38:48 (0) ** - INDEX.MAP, 1360 bytes, 9/4/2007 6:32:42 PM 22058 18:38:48 (0) ** - MAPPING.VER, 4 bytes, 9/4/2007 6:32:42 PM 22059 18:38:48 (0) ** - MAPPING1.MAP, 16172 bytes, 9/4/2007 6:32:42 PM 22060 18:38:48 (0) ** - MAPPING2.MAP, 16172 bytes, 9/4/2007 6:32:34 PM 22061 18:38:48 (0) ** - OBJECTS.DATA, 25845760 bytes, 9/4/2007 6:32:42 PM 22062 18:38:48 (0) ** - OBJECTS.MAP, 14832 bytes, 9/4/2007 6:32:42 PM 22063 18:38:48 (0) ** AFTER running WMIDiag: 22064 18:38:48 (0) ** The WMI repository has a size of: ................................................................................... 27 MB. 22065 18:38:48 (0) ** - Disk free space on 'C:': .......................................................................................... 34053 MB. 22066 18:38:48 (0) ** - INDEX.BTR, 2269184 bytes, 9/4/2007 6:32:42 PM 22067 18:38:48 (0) ** - INDEX.MAP, 1360 bytes, 9/4/2007 6:32:42 PM 22068 18:38:48 (0) ** - MAPPING.VER, 4 bytes, 9/4/2007 6:32:42 PM 22069 18:38:48 (0) ** - MAPPING1.MAP, 16172 bytes, 9/4/2007 6:32:42 PM 22070 18:38:48 (0) ** - MAPPING2.MAP, 16172 bytes, 9/4/2007 6:32:34 PM 22071 18:38:48 (0) ** - OBJECTS.DATA, 25845760 bytes, 9/4/2007 6:32:42 PM 22072 18:38:48 (0) ** - OBJECTS.MAP, 14832 bytes, 9/4/2007 6:32:42 PM 22073 18:38:48 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22074 18:38:48 (0) ** INFO: Windows Firewall status: ...................................................................................... ENABLED. 22075 18:38:48 (0) ** Windows Firewall Profile: ........................................................................................... STANDARD. 22076 18:38:48 (0) ** Windows Firewall 'RemoteAdmin' status: .............................................................................. DISABLED. 22077 18:38:48 (0) ** => This will prevent any WMI remote connectivity to this machine. 22078 18:38:48 (0) ** - You can adjust the configuration by executing the following command: 22079 18:38:48 (0) ** i.e. 'NETSH.EXE FIREWALL SET SERVICE REMOTEADMIN ENABLE SUBNET' 22080 18:38:48 (0) ** 22081 18:38:48 (0) ** Windows Firewall application exception for 'UNSECAPP.EXE': .......................................................... MISSING. 22082 18:38:48 (0) ** => This will prevent any script and MMC application asynchronous callbacks to this machine. 22083 18:38:48 (0) ** - You can adjust the configuration by executing the following command: 22084 18:38:48 (0) ** i.e. 'NETSH.EXE FIREWALL SET ALLOWEDPROGRAM C: \WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE WMICALLBACKS ENABLE' 22085 18:38:48 (0) ** 22086 18:38:48 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22087 18:38:48 (0) ** DCOM Status: ........................................................................................................ OK. 22088 18:38:48 (0) ** WMI registry setup: ................................................................................................. OK. 22089 18:38:48 (0) ** INFO: WMI service has dependents: ................................................................................... 3 SERVICE(S)! 22090 18:38:48 (0) ** - Security Center (WSCSVC, StartMode='Automatic') 22091 18:38:48 (0) ** - Windows Firewall/Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Automatic') 22092 18:38:48 (0) ** - IPv6 Helper Service (6TO4, StartMode='Automatic') 22093 18:38:48 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well. 22094 18:38:48 (0) ** Note: If the service is marked with (*), it means that the service/application uses WMI but 22095 18:38:48 (0) ** there is no hard dependency on WMI. However, if the WMI service is stopped, 22096 18:38:48 (0) ** this can prevent the service/ application to work as expected. 22097 18:38:48 (0) ** 22098 18:38:48 (0) ** RPCSS service: ...................................................................................................... OK (Already started). 22099 18:38:48 (0) ** WINMGMT service: .................................................................................................... OK (Already started). 22100 18:38:48 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22101 18:38:48 (0) ** WMI service DCOM setup: ............................................................................................. OK. 22102 18:38:48 (0) ** WMI components DCOM registrations: .................................................................................. OK. 22103 18:38:48 (0) ** WMI ProgID registrations: ........................................................................................... OK. 22104 18:38:48 (2) !! WARNING: WMI provider DCOM registrations missing for the following provider(s): ..................................... 1 WARNING(S)! 22105 18:38:48 (0) ** - ROOT/CIMV2, NcsWmiEventProv ({E4E01430-7348-467D-B2B8-170D716EF5C4}) 22106 18:38:48 (0) ** Provider DLL: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 22107 18:38:48 (0) ** => This is an issue because there are still some WMI classes referencing this list of providers 22108 18:38:48 (0) ** while the DCOM registration is wrong or missing. This can be due to: 22109 18:38:48 (0) ** - a de-installation of the software. 22110 18:38:48 (0) ** - a deletion of some registry key data. 22111 18:38:48 (0) ** - a registry corruption. 22112 18:38:48 (0) ** => You can correct the DCOM configuration by: 22113 18:38:48 (0) ** - Executing the 'REGSVR32.EXE <Provider.DLL>' command. 22114 18:38:48 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag. 22115 18:38:48 (0) ** (This list can be built on a similar and working WMI Windows installation) 22116 18:38:48 (0) ** The following command line must be used: 22117 18:38:48 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider' 22118 18:38:48 (2) !! WARNING: Re-registering with REGSVR32.EXE all DLL from 'C:\WINDOWS\SYSTEM32\WBEM\' 22119 18:38:48 (0) ** may not solve the problem as the DLL supporting the WMI class(es) 22120 18:38:48 (0) ** can be located in a different folder. 22121 18:38:48 (0) ** You must refer to the class name to determine the software delivering the related DLL. 22122 18:38:48 (0) ** => If the software has been de-installed intentionally, then this information must be 22123 18:38:48 (0) ** removed from the WMI repository. You can use the 'WMIC.EXE' command to remove 22124 18:38:48 (0) ** the provider registration data. 22125 18:38:48 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT\CIMV2 path __Win32Provider Where Name='NcsWmiEventProv' DELETE' 22126 18:38:48 (0) ** => If the namespace was ENTIRELY dedicated to the intentionally de-installed software, 22127 18:38:48 (0) ** the namespace and ALL its content can be ENTIRELY deleted. 22128 18:38:48 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT path __NAMESPACE Where Name='CIMV2' DELETE' 22129 18:38:48 (0) ** - Re-installing the software. 22130 18:38:48 (0) ** 22131 18:38:48 (0) ** WMI provider CIM registrations: ..................................................................................... OK. 22132 18:38:48 (0) ** WMI provider CLSIDs: ................................................................................................ OK. 22133 18:38:48 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK. 22134 18:38:48 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22135 18:38:48 (0) ** WMI namespace security for 'ROOT/ SERVICEMODEL': ..................................................................... MODIFIED. 22136 18:38:48 (1) !! ERROR: Actual trustee 'NT AUTHORITY\NETWORK SERVICE' DOES NOT match corresponding expected trustee rights (Actual- >Default) 22137 18:38:48 (0) ** - ACTUAL ACE: 22138 18:38:48 (0) ** ACEType: &h0 22139 18:38:48 (0) ** ACCESS_ALLOWED_ACE_TYPE 22140 18:38:48 (0) ** ACEFlags: &h2 22141 18:38:48 (0) ** CONTAINER_INHERIT_ACE 22142 18:38:48 (0) ** ACEMask: &h1 22143 18:38:48 (0) ** WBEM_ENABLE 22144 18:38:48 (0) ** - EXPECTED ACE: 22145 18:38:48 (0) ** ACEType: &h0 22146 18:38:48 (0) ** ACCESS_ALLOWED_ACE_TYPE 22147 18:38:48 (0) ** ACEFlags: &h12 22148 18:38:48 (0) ** CONTAINER_INHERIT_ACE 22149 18:38:48 (0) ** INHERITED_ACE 22150 18:38:48 (0) ** ACEMask: &h13 22151 18:38:48 (0) ** WBEM_ENABLE 22152 18:38:48 (0) ** WBEM_METHOD_EXECUTE 22153 18:38:48 (0) ** WBEM_WRITE_PROVIDER 22154 18:38:48 (0) ** 22155 18:38:48 (0) ** => The actual ACE has the right(s) '&h12 WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed! 22156 18:38:48 (0) ** This will cause some operations to fail! 22157 18:38:48 (0) ** It is possible to fix this issue by editing the security descriptor and adding the removed right. 22158 18:38:48 (0) ** For WMI namespaces, this can be done with 'WMIMGMT.MSC'. 22159 18:38:48 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace. 22160 18:38:48 (0) ** The security diagnostic is based on the WMI namespace expected defaults. 22161 18:38:48 (0) ** A specific WMI application can always require a security setup different 22162 18:38:48 (0) ** than the WMI security defaults. 22163 18:38:48 (0) ** 22164 18:38:48 (0) ** WMI namespace security for 'ROOT/ SERVICEMODEL': ..................................................................... MODIFIED. 22165 18:38:48 (1) !! ERROR: Actual trustee 'NT AUTHORITY\LOCAL SERVICE' DOES NOT match corresponding expected trustee rights (Actual- >Default) 22166 18:38:48 (0) ** - ACTUAL ACE: 22167 18:38:48 (0) ** ACEType: &h0 22168 18:38:48 (0) ** ACCESS_ALLOWED_ACE_TYPE 22169 18:38:48 (0) ** ACEFlags: &h2 22170 18:38:48 (0) ** CONTAINER_INHERIT_ACE 22171 18:38:48 (0) ** ACEMask: &h1 22172 18:38:48 (0) ** WBEM_ENABLE 22173 18:38:48 (0) ** - EXPECTED ACE: 22174 18:38:48 (0) ** ACEType: &h0 22175 18:38:48 (0) ** ACCESS_ALLOWED_ACE_TYPE 22176 18:38:48 (0) ** ACEFlags: &h12 22177 18:38:48 (0) ** CONTAINER_INHERIT_ACE 22178 18:38:48 (0) ** INHERITED_ACE 22179 18:38:48 (0) ** ACEMask: &h13 22180 18:38:48 (0) ** WBEM_ENABLE 22181 18:38:48 (0) ** WBEM_METHOD_EXECUTE 22182 18:38:48 (0) ** WBEM_WRITE_PROVIDER 22183 18:38:48 (0) ** 22184 18:38:48 (0) ** => The actual ACE has the right(s) '&h12 WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed! 22185 18:38:48 (0) ** This will cause some operations to fail! 22186 18:38:48 (0) ** It is possible to fix this issue by editing the security descriptor and adding the removed right. 22187 18:38:48 (0) ** For WMI namespaces, this can be done with 'WMIMGMT.MSC'. 22188 18:38:48 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace. 22189 18:38:48 (0) ** The security diagnostic is based on the WMI namespace expected defaults. 22190 18:38:48 (0) ** A specific WMI application can always require a security setup different 22191 18:38:48 (0) ** than the WMI security defaults. 22192 18:38:48 (0) ** 22193 18:38:48 (0) ** WMI namespace security for 'ROOT/ SERVICEMODEL': ..................................................................... MODIFIED. 22194 18:38:48 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED! 22195 18:38:48 (0) ** - REMOVED ACE: 22196 18:38:48 (0) ** ACEType: &h0 22197 18:38:48 (0) ** ACCESS_ALLOWED_ACE_TYPE 22198 18:38:48 (0) ** ACEFlags: &h12 22199 18:38:48 (0) ** CONTAINER_INHERIT_ACE 22200 18:38:48 (0) ** INHERITED_ACE 22201 18:38:48 (0) ** ACEMask: &h13 22202 18:38:48 (0) ** WBEM_ENABLE 22203 18:38:48 (0) ** WBEM_METHOD_EXECUTE 22204 18:38:48 (0) ** WBEM_WRITE_PROVIDER 22205 18:38:48 (0) ** 22206 18:38:48 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 22207 18:38:48 (0) ** Removing default security will cause some operations to fail! 22208 18:38:48 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 22209 18:38:48 (0) ** For WMI namespaces, this can be done with 'WMIMGMT.MSC'. 22210 18:38:48 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace. 22211 18:38:48 (0) ** The security diagnostic is based on the WMI namespace expected defaults. 22212 18:38:48 (0) ** A specific WMI application can always require a security setup different 22213 18:38:48 (0) ** than the WMI security defaults. 22214 18:38:48 (0) ** 22215 18:38:48 (0) ** 22216 18:38:48 (0) ** DCOM security warning(s) detected: .................................................................................. 0. 22217 18:38:48 (0) ** DCOM security error(s) detected: .................................................................................... 0. 22218 18:38:48 (0) ** WMI security warning(s) detected: ................................................................................... 0. 22219 18:38:48 (0) ** WMI security error(s) detected: ..................................................................................... 3. 22220 18:38:48 (0) ** 22221 18:38:48 (0) ** Overall DCOM security status: ....................................................................................... OK. 22222 18:38:48 (1) !! ERROR: Overall WMI security status: ................................................................................. ERROR! 22223 18:38:48 (0) ** - Started at 'Root' -------------------------------------------------------------------------------------------------------------- 22224 18:38:48 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 2. 22225 18:38:48 (0) ** - ROOT/SUBSCRIPTION, MSFT_UCScenarioControl.Name="Microsoft WMI Updating Consumer Scenario Control". 22226 18:38:48 (0) ** 'SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario'' 22227 18:38:48 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer". 22228 18:38:48 (0) ** 'select * from MSFT_SCMEventLogEvent' 22229 18:38:48 (0) ** 22230 18:38:48 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE. 22231 18:38:48 (0) ** WMI ADAP status: .................................................................................................... OK. 22232 18:38:48 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: .................................................................... 1 NAMESPACE(S)! 22233 18:38:48 (0) ** - ROOT/SERVICEMODEL. 22234 18:38:48 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to 22235 18:38:48 (0) ** use an encrypted connection by specifying the PACKET PRIVACY authentication level. 22236 18:38:48 (0) ** (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags) 22237 18:38:48 (0) ** i.e. 'WMIC.EXE /NODE:"USR-B405AA75F52" / AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class __SystemSecurity' 22238 18:38:48 (0) ** 22239 18:38:48 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK. 22240 18:38:48 (0) ** WMI CONNECTIONS: .................................................................................................... OK. 22241 18:38:48 (0) ** WMI GET operations: ................................................................................................. OK. 22242 18:38:48 (0) ** WMI MOF representations: ............................................................................................ OK. 22243 18:38:48 (0) ** WMI QUALIFIER access operations: .................................................................................... OK. 22244 18:38:48 (0) ** WMI ENUMERATION operations: ......................................................................................... OK. 22245 18:38:48 (0) ** WMI EXECQUERY operations: ........................................................................................... OK. 22246 18:38:48 (0) ** WMI GET VALUE operations: ........................................................................................... OK. 22247 18:38:48 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED. 22248 18:38:48 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED. 22249 18:38:48 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED. 22250 18:38:48 (0) ** WMI static instances retrieved: ..................................................................................... 746. 22251 18:38:48 (0) ** WMI dynamic instances retrieved: .................................................................................... 0. 22252 18:38:48 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 0. 22253 18:38:48 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22254 18:38:48 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s): 22255 18:38:48 (0) ** DCOM: ............................................................................................................. 10. 22256 18:38:48 (0) ** WINMGMT: .......................................................................................................... 220. 22257 18:38:48 (0) ** WMIADAPTER: ....................................................................................................... 0. 22258 18:38:48 (0) ** => Verify the WMIDiag LOG at line #20159 for more details. 22259 18:38:48 (0) ** 22260 18:38:48 (0) ** # of additional Event Log events AFTER WMIDiag execution: 22261 18:38:48 (0) ** DCOM: ............................................................................................................. 0. 22262 18:38:48 (0) ** WINMGMT: .......................................................................................................... 0. 22263 18:38:48 (0) ** WMIADAPTER: ....................................................................................................... 0. 22264 18:38:48 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22265 18:38:48 (0) ** WMI Registry key setup: ............................................................................................. OK. 22266 18:38:48 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22267 18:38:48 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22268 18:38:48 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22269 18:38:48 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22270 18:38:48 (0) ** 22271 18:38:48 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22272 18:38:48 (0) ** ------------------------------------------------------ WMI REPORT: END ----------------------------------------------------------- 22273 18:38:48 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 22274 18:38:48 (0) ** 22275 18:38:48 (0) ** WARNING: WMIDiag determined that WMI works CORRECTLY. HOWEVER, some issues were detected. Check 'C:\DOCUMENTS AND SETTINGS\USR\LOCAL SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.SP2.32_USR- B405AA75F52_2007.09.04_18.33.00.LOG' for details. 22276 18:38:48 (0) ** 22277 18:38:48 (0) ** WMIDiag v2.0 ended on Tuesday, September 04, 2007 at 18:38 (W:112 E:5 S:2). |
|
||
|
|
||||
|
gianni
Guest
Posts: n/a
|
File "versions"....
08/04/2004 02:56 AM 1,352,192 cimwin32.dll 08/04/2004 02:56 AM 45,568 CmdEvTgProv.dll 08/23/2001 04:00 PM 120,320 dsprov.dll 08/04/2004 02:56 AM 247,808 esscli.dll 08/04/2004 02:56 AM 22,016 evntrprv.dll 08/04/2004 02:56 AM 472,064 fastprox.dll 08/04/2004 02:56 AM 185,856 framedyn.dll 08/23/2001 04:00 PM 53,248 fwdprov.dll 08/04/2004 02:56 AM 24,576 krnlprov.dll 08/04/2004 02:56 AM 123,904 mofd.dll 08/23/2001 04:00 PM 273,920 msiprov.dll 08/04/2004 02:56 AM 47,104 ncprov.dll 08/04/2004 02:56 AM 212,992 ntevt.dll 08/04/2004 02:56 AM 92,672 policman.dll 08/04/2004 02:56 AM 237,056 provthrd.dll 08/04/2004 02:56 AM 177,152 repdrvfs.dll 08/23/2001 04:00 PM 40,960 smtpcons.dll 08/04/2004 02:56 AM 86,528 stdprov.dll 08/23/2001 04:00 PM 61,952 tmplprov.dll 08/23/2001 04:00 PM 59,904 trnsprov.dll 08/23/2001 04:00 PM 116,224 updprov.dll 08/04/2004 02:56 AM 131,584 viewprov.dll 08/23/2001 04:00 PM 12,288 wbemads.dll 08/04/2004 02:56 AM 196,608 wbemcntl.dll 08/04/2004 02:56 AM 214,528 wbemcomn.dll 08/04/2004 02:56 AM 71,680 wbemcons.dll 08/04/2004 02:56 AM 530,944 wbemcore.dll 08/04/2004 02:56 AM 178,176 wbemdisp.dll 08/04/2004 02:56 AM 273,920 wbemess.dll 08/04/2004 02:56 AM 43,008 wbemperf.dll 08/04/2004 02:56 AM 18,944 wbemprox.dll 08/04/2004 02:56 AM 43,520 wbemsvc.dll 08/04/2004 02:56 AM 197,120 wbemupgd.dll 08/23/2001 04:00 PM 16,384 winmgmtr.dll 08/04/2004 02:56 AM 6,656 wmiapres.dll 08/04/2004 02:56 AM 89,088 wmiaprpl.dll 08/04/2004 02:56 AM 60,928 wmicookr.dll 08/04/2004 02:56 AM 140,800 wmidcprv.dll 08/23/2001 04:00 PM 61,440 wmimsg.dll 08/04/2004 02:56 AM 156,672 wmipcima.dll 08/04/2004 02:56 AM 132,096 wmipdskq.dll 08/23/2001 04:00 PM 75,264 wmipicmp.dll 08/04/2004 02:56 AM 62,464 wmipiprt.dll 08/04/2004 02:56 AM 62,976 wmipjobj.dll 08/04/2004 02:56 AM 144,896 wmiprov.dll 08/04/2004 02:56 AM 437,248 wmiprvsd.dll 08/04/2004 02:56 AM 41,472 wmipsess.dll 08/04/2004 02:56 AM 144,896 wmisvc.dll 08/23/2001 04:00 PM 52,224 wmitimep.dll 08/04/2004 02:56 AM 95,232 wmiutils.dll 50 File(s) 7,747,072 bytes 0 Dir(s) 35,704,152,064 bytes free |
|
||
|
|
||||
|
gianni
Guest
Posts: n/a
|
What was done...
C:\WINDOWS\system32\wbem>REGSVR32.EXE cimwin32.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE CmdEvTgProv.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE dsprov.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE esscli.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE evntrprv.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE fastprox.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE framedyn.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE fwdprov.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE krnlprov.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE mofd.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE msiprov.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE ncprov.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE ntevt.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE policman.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE provthrd.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE repdrvfs.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE smtpcons.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE stdprov.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE tmplprov.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE trnsprov.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE updprov.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE viewprov.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wbemads.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wbemcntl.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wbemcomn.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wbemcons.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wbemcore.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wbemdisp.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wbemess.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wbemperf.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wbemprox.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wbemsvc.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wbemupgd.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE winmgmtr.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wmiapres.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wmiaprpl.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wmicookr.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wmidcprv.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wmimsg.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wmipcima.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wmipdskq.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wmipicmp.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wmipiprt.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wmipjobj.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wmiprov.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wmiprvsd.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wmipsess.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wmisvc.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wmitimep.dll C:\WINDOWS\system32\wbem>REGSVR32.EXE wmiutils.dll Setting environment for using Microsoft Visual Studio 2005 x86 tools. C:\Program Files\Microsoft Visual Studio 8\VC>NETSH.EXE FIREWALL SET SERVICE REM OTEADMIN ENABLE SUBNET Ok. C:\Program Files\Microsoft Visual Studio 8\VC>NETSH.EXE FIREWALL SET ALLOWEDPROG RAM C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE WMICALLBACKS ENABLE Ok. C:\Program Files\Microsoft Visual Studio 8\VC>WMIC.EXE /NAMESPACE:\ \ROOT\CIMV2 p ath __Win32Provider Where Name='NcsWmiEventProv' DELETE Deleting instance \\USR-B405AA75F52\ROOT \cimv2:__Win32Provider.Name="NcsWmiEvent Prov" Instance deletion successful. C:\Program Files\Microsoft Visual Studio 8\VC>WMIC.EXE /NAMESPACE:\ \ROOT path __ NAMESPACE Where Name='IntelNCS' DELETE Deleting instance \\USR-B405AA75F52\ROOT:__NAMESPACE.Name="IntelNCS" Instance deletion successful. C:\Program Files\Microsoft Visual Studio 8\VC>WMIC.EXE /NAMESPACE:\ \ROOT path __ NAMESPACE Where Name='IntelNCS2' DELETE Deleting instance \\USR-B405AA75F52\ROOT:__NAMESPACE.Name="IntelNCS2" Instance deletion successful. C:\Program Files\Microsoft Visual Studio 8\VC>WMIMGMT.MSC C:\Program Files\Microsoft Visual Studio 8\VC>WMIMGMT.MSC C:\Program Files\Microsoft Visual Studio 8\VC>WMIC.EXE /NODE:"USR- B405AA75F52" / AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class __SystemSecurity <DIV CLASS="mofclass"> <SPAN CLASS="mofqualifierset"> <br /></SPAN> <SPAN CLASS="mofkeyword">class</SPAN> __SystemSecurity <BR /> <SPAN CLASS="mofsymbol">{</SPAN><BR /> <DIV CLASS="mofmethod"> <SPAN CLASS="mofqualifierset"> </SPAN> <SPAN CLASS="mofkeyword">uint32</SPAN> <SPAN CLASS="mofmethod">GetSD</SPAN> <SPAN CLASS="mofsymbol">(</SPAN> <SPAN CLASS="mofsymbol">);</SPAN> </DIV> <DIV CLASS="mofmethod"> <SPAN CLASS="mofqualifierset"> </SPAN> <SPAN CLASS="mofkeyword">uint32</SPAN> <SPAN CLASS="mofmethod">Get9XUserList</SPAN> <SPAN CLASS="mofsymbol">(</SPAN> <SPAN CLASS="mofsymbol">);</SPAN> </DIV> <DIV CLASS="mofmethod"> <SPAN CLASS="mofqualifierset"> </SPAN> <SPAN CLASS="mofkeyword">uint32</SPAN> <SPAN CLASS="mofmethod">SetSD</SPAN> <SPAN CLASS="mofsymbol">(</SPAN> <SPAN CLASS="mofsymbol">);</SPAN> </DIV> <DIV CLASS="mofmethod"> <SPAN CLASS="mofqualifierset"> </SPAN> <SPAN CLASS="mofkeyword">uint32</SPAN> <SPAN CLASS="mofmethod">Set9XUserList</SPAN> <SPAN CLASS="mofsymbol">(</SPAN> <SPAN CLASS="mofsymbol">);</SPAN> </DIV> <DIV CLASS="mofmethod"> <SPAN CLASS="mofqualifierset"> </SPAN> <SPAN CLASS="mofkeyword">uint32</SPAN> <SPAN CLASS="mofmethod">GetCallerAccessRights</SPAN> <SPAN CLASS="mofsymbol">(</SPAN> <SPAN CLASS="mofsymbol">);</SPAN> </DIV> <SPAN CLASS="mofsymbol">};</SPAN> </DIV> |
|
||
|
|
||||
|
gianni
Guest
Posts: n/a
|
21040 19:26:58 (0) ** WMIDiag v2.0 started on Tuesday, September 04,
2007 at 19:21. 21041 19:26:58 (0) ** 21042 19:26:58 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - January 2007. 21043 19:26:58 (0) ** 21044 19:26:58 (0) ** This script is not supported under any Microsoft standard support program or service. 21045 19:26:58 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all 21046 19:26:58 (0) ** implied warranties including, without limitation, any implied warranties of merchantability 21047 19:26:58 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance 21048 19:26:58 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors, 21049 19:26:58 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for 21050 19:26:58 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits, 21051 19:26:58 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of 21052 19:26:58 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised 21053 19:26:58 (0) ** of the possibility of such damages. 21054 19:26:58 (0) ** 21055 19:26:58 (0) ** 21056 19:26:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 21057 19:26:58 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ---------------------------------------------------------- 21058 19:26:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 21059 19:26:58 (0) ** 21060 19:26:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 21061 19:26:58 (0) ** Windows XP - Service pack 2 - 32-bit (2600) - User 'USR-B405AA75F52\USR' on computer 'USR-B405AA75F52'. 21062 19:26:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 21063 19:26:58 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)! 21064 19:26:58 (0) ** INFO: => 1 incorrect shutdown(s) detected on: 21065 19:26:58 (0) ** - Shutdown on 31 August 2007 14:55:45 (GMT+2). 21066 19:26:58 (0) ** 21067 19:26:58 (0) ** System drive: ....................................................................................................... C: (Disk #0 Partition #0). 21068 19:26:58 (0) ** Drive type: ......................................................................................................... IDE (WDC WD4000AAKS-00TMA0). 21069 19:26:58 (0) ** There are no missing WMI system files: .............................................................................. OK. 21070 19:26:58 (0) ** There are no missing WMI repository files: .......................................................................... OK. 21071 19:26:58 (0) ** WMI repository state: ............................................................................................... NOT TESTED. 21072 19:26:58 (0) ** BEFORE running WMIDiag: 21073 19:26:58 (0) ** The WMI repository has a size of: ................................................................................... 35 MB. 21074 19:26:58 (0) ** - Disk free space on 'C:': .......................................................................................... 34030 MB. 21075 19:26:58 (0) ** - INDEX.BTR, 2269184 bytes, 9/4/2007 7:15:08 PM 21076 19:26:58 (0) ** - INDEX.MAP, 1360 bytes, 9/4/2007 7:15:08 PM 21077 19:26:58 (0) ** - MAPPING.VER, 4 bytes, 9/4/2007 7:15:08 PM 21078 19:26:58 (0) ** - MAPPING1.MAP, 20220 bytes, 9/4/2007 7:15:08 PM 21079 19:26:58 (0) ** - MAPPING2.MAP, 20220 bytes, 9/4/2007 7:14:08 PM 21080 19:26:58 (0) ** - OBJECTS.DATA, 34201600 bytes, 9/4/2007 7:15:08 PM 21081 19:26:58 (0) ** - OBJECTS.MAP, 18884 bytes, 9/4/2007 7:15:08 PM 21082 19:26:58 (0) ** AFTER running WMIDiag: 21083 19:26:58 (0) ** The WMI repository has a size of: ................................................................................... 35 MB. 21084 19:26:58 (0) ** - Disk free space on 'C:': .......................................................................................... 34027 MB. 21085 19:26:58 (0) ** - INDEX.BTR, 2269184 bytes, 9/4/2007 7:15:08 PM 21086 19:26:58 (0) ** - INDEX.MAP, 1360 bytes, 9/4/2007 7:21:24 PM 21087 19:26:58 (0) ** - MAPPING.VER, 4 bytes, 9/4/2007 7:21:24 PM 21088 19:26:58 (0) ** - MAPPING1.MAP, 20220 bytes, 9/4/2007 7:15:08 PM 21089 19:26:58 (0) ** - MAPPING2.MAP, 20220 bytes, 9/4/2007 7:21:24 PM 21090 19:26:58 (0) ** - OBJECTS.DATA, 34201600 bytes, 9/4/2007 7:21:24 PM 21091 19:26:58 (0) ** - OBJECTS.MAP, 18884 bytes, 9/4/2007 7:21:24 PM 21092 19:26:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 21093 19:26:58 (0) ** INFO: Windows Firewall status: ...................................................................................... ENABLED. 21094 19:26:58 (0) ** Windows Firewall Profile: ........................................................................................... STANDARD. 21095 19:26:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 21096 19:26:58 (0) ** DCOM Status: ........................................................................................................ OK. 21097 19:26:58 (0) ** WMI registry setup: ................................................................................................. OK. 21098 19:26:58 (0) ** INFO: WMI service has dependents: ................................................................................... 3 SERVICE(S)! 21099 19:26:58 (0) ** - Security Center (WSCSVC, StartMode='Automatic') 21100 19:26:58 (0) ** - Windows Firewall/Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Automatic') 21101 19:26:58 (0) ** - IPv6 Helper Service (6TO4, StartMode='Automatic') 21102 19:26:58 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well. 21103 19:26:58 (0) ** Note: If the service is marked with (*), it means that the service/application uses WMI but 21104 19:26:58 (0) ** there is no hard dependency on WMI. However, if the WMI service is stopped, 21105 19:26:58 (0) ** this can prevent the service/ application to work as expected. 21106 19:26:58 (0) ** 21107 19:26:58 (0) ** RPCSS service: ...................................................................................................... OK (Already started). 21108 19:26:58 (0) ** WINMGMT service: .................................................................................................... OK (Already started). 21109 19:26:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 21110 19:26:58 (0) ** WMI service DCOM setup: ............................................................................................. OK. 21111 19:26:58 (0) ** WMI components DCOM registrations: .................................................................................. OK. 21112 19:26:58 (0) ** WMI ProgID registrations: ........................................................................................... OK. 21113 19:26:58 (0) ** WMI provider DCOM registrations: .................................................................................... OK. 21114 19:26:58 (0) ** WMI provider CIM registrations: ..................................................................................... OK. 21115 19:26:58 (0) ** WMI provider CLSIDs: ................................................................................................ OK. 21116 19:26:58 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK. 21117 19:26:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 21118 19:26:58 (0) ** Overall DCOM security status: ....................................................................................... OK. 21119 19:26:58 (0) ** Overall WMI security status: ........................................................................................ OK. 21120 19:26:58 (0) ** - Started at 'Root' -------------------------------------------------------------------------------------------------------------- 21121 19:26:58 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 2. 21122 19:26:58 (0) ** - ROOT/SUBSCRIPTION, MSFT_UCScenarioControl.Name="Microsoft WMI Updating Consumer Scenario Control". 21123 19:26:58 (0) ** 'SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario'' 21124 19:26:58 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer". 21125 19:26:58 (0) ** 'select * from MSFT_SCMEventLogEvent' 21126 19:26:58 (0) ** 21127 19:26:58 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE. 21128 19:26:58 (0) ** WMI ADAP status: .................................................................................................... OK. 21129 19:26:58 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: .................................................................... 1 NAMESPACE(S)! 21130 19:26:58 (0) ** - ROOT/SERVICEMODEL. 21131 19:26:58 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to 21132 19:26:58 (0) ** use an encrypted connection by specifying the PACKET PRIVACY authentication level. 21133 19:26:58 (0) ** (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags) 21134 19:26:58 (0) ** i.e. 'WMIC.EXE /NODE:"USR-B405AA75F52" / AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class __SystemSecurity' 21135 19:26:58 (0) ** 21136 19:26:58 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK. 21137 19:26:58 (0) ** WMI CONNECTIONS: .................................................................................................... OK. 21138 19:26:58 (0) ** WMI GET operations: ................................................................................................. OK. 21139 19:26:58 (0) ** WMI MOF representations: ............................................................................................ OK. 21140 19:26:58 (0) ** WMI QUALIFIER access operations: .................................................................................... OK. 21141 19:26:58 (0) ** WMI ENUMERATION operations: ......................................................................................... OK. 21142 19:26:58 (0) ** WMI EXECQUERY operations: ........................................................................................... OK. 21143 19:26:58 (0) ** WMI GET VALUE operations: ........................................................................................... OK. 21144 19:26:58 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED. 21145 19:26:58 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED. 21146 19:26:58 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED. 21147 19:26:58 (0) ** WMI static instances retrieved: ..................................................................................... 737. 21148 19:26:58 (0) ** WMI dynamic instances retrieved: .................................................................................... 0. 21149 19:26:58 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 0. 21150 19:26:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 21151 19:26:58 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s): 21152 19:26:58 (0) ** DCOM: ............................................................................................................. 10. 21153 19:26:58 (0) ** WINMGMT: .......................................................................................................... 231. 21154 19:26:58 (0) ** WMIADAPTER: ....................................................................................................... 0. 21155 19:26:58 (0) ** => Verify the WMIDiag LOG at line #19224 for more details. 21156 19:26:58 (0) ** 21157 19:26:58 (0) ** # of additional Event Log events AFTER WMIDiag execution: 21158 19:26:58 (0) ** DCOM: ............................................................................................................. 0. 21159 19:26:58 (0) ** WINMGMT: .......................................................................................................... 0. 21160 19:26:58 (0) ** WMIADAPTER: ....................................................................................................... 0. 21161 19:26:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 21162 19:26:58 (0) ** WMI Registry key setup: ............................................................................................. OK. 21163 19:26:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 21164 19:26:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 21165 19:26:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 21166 19:26:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 21167 19:26:58 (0) ** 21168 19:26:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 21169 19:26:58 (0) ** ------------------------------------------------------ WMI REPORT: END ----------------------------------------------------------- 21170 19:26:58 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 21171 19:26:58 (0) ** 21172 19:26:58 (0) ** SUCCESS: WMIDiag determined that WMI works CORRECTLY. 21173 19:26:58 (0) ** 21174 19:26:58 (0) ** WMIDiag v2.0 ended on Tuesday, September 04, 2007 at 19:26 (W:97 E:0 S:0). |
|
||
|
|
||||
|
gianni
Guest
Posts: n/a
|
Also, corrected to "the usual crap" values of security in Root
\Securitymodel and added user "Everyone" with usual... gave ASP.NET and networkservice and localservice full rights... |
|
||
|
|
||||
|
gianni
Guest
Posts: n/a
|
In today's episode....
we find some clues in the wmdiag2.0 log file (longest of three). This is a small portion; comments follow. 16076 15:33:48 (0) ** Verifying WMI namespace 'ROOT/DIRECTORY/ LDAP' (L=3). 16077 15:33:48 (3) Retrieving WMI system class(es) static information. 16078 15:33:49 (3) 45/45 system class(es) found. 16079 15:33:49 (3) Verifying Permanent subscription(s) for 'ROOT/ DIRECTORY/LDAP'. 16080 15:33:57 (3) 0 permanent subscription(s) in 'ROOT/DIRECTORY/ LDAP' namespace. 16081 15:33:57 (3) 0 Timer instruction(s) in 'ROOT/DIRECTORY/LDAP' namespace. 16082 15:33:57 (3) Deciphering WMI namespace security for 'ROOT/ DIRECTORY/LDAP' 16083 15:33:57 (4) +- Security Descriptor ------------------------------------------------------------------------------------------ 16084 15:33:57 (4) | Owner: ................................. BUILTIN\ADMINISTRATORS 16085 15:33:57 (4) | Group: ................................. BUILTIN\ADMINISTRATORS 16086 15:33:57 (4) | Revision: .............................. 1 16087 15:33:57 (4) | Control: ............................... &h8004 16088 15:33:57 (4) SE_DACL_PRESENT 16089 15:33:57 (4) SE_SELF_RELATIVE 16090 15:33:57 (4) |+- DiscretionaryAcl -------------------------------------------------------------------------------------------- 16091 15:33:57 (4) ||+- ACE #01 ---------------------------------------------------------------------------------------------------- 16092 15:33:57 (4) ||| Trustee: ............................. BUILTIN\ADMINISTRATORS 16093 15:33:57 (4) ||| AceType: ............................. &h0 16094 15:33:57 (4) ACCESS_ALLOWED_ACE_TYPE 16095 15:33:57 (4) ||| AceFlags: ............................ &h12 16096 15:33:57 (4) CONTAINER_INHERIT_ACE 16097 15:33:57 (4) INHERITED_ACE 16098 15:33:57 (4) ||| AccessMask: .......................... &h6003F 16099 15:33:57 (4) WBEM_ENABLE 16100 15:33:57 (4) WBEM_METHOD_EXECUTE 16101 15:33:57 (4) WBEM_FULL_WRITE_REP 16102 15:33:57 (4) WBEM_PARTIAL_WRITE_REP 16103 15:33:57 (4) WBEM_WRITE_PROVIDER 16104 15:33:57 (4) WBEM_REMOTE_ACCESS 16105 15:33:57 (4) WBEM_WRITE_DAC 16106 15:33:57 (4) WBEM_READ_CONTROL 16107 15:33:57 (4) || +-------------------------------------------------------------------------------------------------------------- 16108 15:33:57 (4) ||+- ACE #02 ---------------------------------------------------------------------------------------------------- 16109 15:33:57 (4) ||| Trustee: ............................. EVERYONE 16110 15:33:57 (4) ||| AceType: ............................. &h0 16111 15:33:57 (4) ACCESS_ALLOWED_ACE_TYPE 16112 15:33:57 (4) ||| AceFlags: ............................ &h12 16113 15:33:57 (4) CONTAINER_INHERIT_ACE 16114 15:33:57 (4) INHERITED_ACE 16115 15:33:57 (4) ||| AccessMask: .......................... &h6003F 16116 15:33:57 (4) WBEM_ENABLE 16117 15:33:57 (4) WBEM_METHOD_EXECUTE 16118 15:33:57 (4) WBEM_FULL_WRITE_REP 16119 15:33:57 (4) WBEM_PARTIAL_WRITE_REP 16120 15:33:57 (4) WBEM_WRITE_PROVIDER 16121 15:33:57 (4) WBEM_REMOTE_ACCESS 16122 15:33:57 (4) WBEM_WRITE_DAC 16123 15:33:57 (4) WBEM_READ_CONTROL 16124 15:33:57 (4) || +-------------------------------------------------------------------------------------------------------------- 16125 15:33:57 (4) ||+- ACE #03 ---------------------------------------------------------------------------------------------------- 16126 15:33:57 (4) ||| Trustee: ............................. NT AUTHORITY\LOCAL SERVICE 16127 15:33:57 (4) ||| AceType: ............................. &h0 16128 15:33:57 (4) ACCESS_ALLOWED_ACE_TYPE 16129 15:33:57 (4) ||| AceFlags: ............................ &h12 16130 15:33:57 (4) CONTAINER_INHERIT_ACE 16131 15:33:57 (4) INHERITED_ACE 16132 15:33:57 (4) ||| AccessMask: .......................... &h6003F 16133 15:33:57 (4) WBEM_ENABLE 16134 15:33:57 (4) WBEM_METHOD_EXECUTE 16135 15:33:57 (4) WBEM_FULL_WRITE_REP 16136 15:33:57 (4) WBEM_PARTIAL_WRITE_REP 16137 15:33:57 (4) WBEM_WRITE_PROVIDER 16138 15:33:57 (4) WBEM_REMOTE_ACCESS 16139 15:33:57 (4) WBEM_WRITE_DAC 16140 15:33:57 (4) WBEM_READ_CONTROL 16141 15:33:57 (4) || +-------------------------------------------------------------------------------------------------------------- 16142 15:33:57 (4) ||+- ACE #04 ---------------------------------------------------------------------------------------------------- 16143 15:33:57 (4) ||| Trustee: ............................. NT AUTHORITY\NETWORK SERVICE 16144 15:33:57 (4) ||| AceType: ............................. &h0 16145 15:33:57 (4) ACCESS_ALLOWED_ACE_TYPE 16146 15:33:57 (4) ||| AceFlags: ............................ &h12 16147 15:33:57 (4) CONTAINER_INHERIT_ACE 16148 15:33:57 (4) INHERITED_ACE 16149 15:33:57 (4) ||| AccessMask: .......................... &h6003F 16150 15:33:57 (4) WBEM_ENABLE 16151 15:33:57 (4) WBEM_METHOD_EXECUTE 16152 15:33:57 (4) WBEM_FULL_WRITE_REP 16153 15:33:57 (4) WBEM_PARTIAL_WRITE_REP 16154 15:33:57 (4) WBEM_WRITE_PROVIDER 16155 15:33:57 (4) WBEM_REMOTE_ACCESS 16156 15:33:57 (4) WBEM_WRITE_DAC 16157 15:33:57 (4) WBEM_READ_CONTROL 16158 15:33:57 (4) || +-------------------------------------------------------------------------------------------------------------- 16159 15:33:57 (4) | +--------------------------------------------------------------------------------------------------------------- 16160 15:33:57 (4) +----------------------------------------------------------------------------------------------------------------- 16161 15:33:57 (3) Searching if namespace 'ROOT/DIRECTORY/LDAP' security analysis must be SKIPPED ... 16162 15:33:57 (3) Searching if namespace 'ROOT/DIRECTORY/LDAP' security settings use a SYSTEM specific security ... 16163 15:33:57 (3) Namespace 'ROOT/DIRECTORY/LDAP' uses a SYSTEM specific namespace security. 16164 15:33:57 (3) Verifying actual trustees in ACEs against the default trustees in ACEs to locate actual trustee additions. 16165 15:33:57 (2) !! WARNING: Actual trustee 'EVERYONE' DOES NOT match corresponding expected trustee rights for ACE #2. 16166 15:33:57 (3) The ACE has the right(s) '&h6002C,WBEM_FULL_WRITE_REP,WBEM_PARTIAL_WRITE_REP,WBEM_REMOTE_ACCESS,WBEM_WRITE_DAC,WBEM_READ_CONTROL' added! 16167 15:33:57 (2) !! WARNING: Actual trustee 'NT AUTHORITY\LOCAL SERVICE' DOES NOT match corresponding expected trustee rights for ACE #3. 16168 15:33:57 (3) The ACE has the right(s) '&h6002C,WBEM_FULL_WRITE_REP,WBEM_PARTIAL_WRITE_REP,WBEM_REMOTE_ACCESS,WBEM_WRITE_DAC,WBEM_READ_CONTROL' added! 16169 15:33:57 (2) !! WARNING: Actual trustee 'NT AUTHORITY\NETWORK SERVICE' DOES NOT match corresponding expected trustee rights for ACE #4. 16170 15:33:57 (3) The ACE has the right(s) '&h6002C,WBEM_FULL_WRITE_REP,WBEM_PARTIAL_WRITE_REP,WBEM_REMOTE_ACCESS,WBEM_WRITE_DAC,WBEM_READ_CONTROL' added! 16171 15:33:57 (3) Verifying default trustee in ACEs against the actual trustees in ACEs to locate default trustee removals. 16172 15:33:57 (3) What we are seeing here is that I allowed all sort of permissions in WMI properties - but which was done afterwards with no effect except to see the same message. I don't understand what it means that "actual trustee doesn't match expected trustee rights for ACE". I never messed with anything to begin with so? |
|
||
|
|
||||
|
gianni
Guest
Posts: n/a
|
what was done...
allowed local service to log on as service allowed local and network service to impersonate a client ~~~~~~~~~~~~~~~~~~ analyzed log entry: #000915: DCOM (10016) - Error - 03 September 2007 01:19:18 (GMT+2) 19349 15:35:03 (3) The application-specific permission settings do not grant Local Launch 19350 15:35:03 (3) permission for the COM Server application with CLSID {D851F103-8C90-4321-AFF0-58BA5BD421C2} 19351 15:35:03 (3) to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission 19352 15:35:03 (3) can be modified using the Component Services administrative tool. .....and DCOM security was loosened.... before I saw there is no such application so the registry entry was removed. I don't know how exactly to grant local launch. |
|
||
|
|
||||
|
|
|
| |
|
| Thread Tools | |
| Rate This Thread | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| INTEL DRIVER CHIPSET INF Update Utility - Primarily for Intel® 4, 3, 900 Series Chipsets (2455KB) 9.0.0.1008 6/2/2008 are the same Intel Driver Chipset for Vista and XP? | rebelscum0000 | Windows Vista General Discussion | 5 | 25th Jun 2008 05:32 AM |
| NO Vista driver for Intel 915 graphics card | =?Utf-8?B?SnVsaWU=?= | Windows Vista General Discussion | 33 | 11th Feb 2007 05:54 AM |
| EWF and Intel Software Raid Driver | JS | Windows XP Embedded | 0 | 5th Sep 2006 11:55 PM |
| Driver error 31 in network card | ezacon | Windows XP General | 0 | 27th Dec 2003 11:40 PM |
| ERROR REPORT HARDWARE & SOFTWARE DRIVER | JEANENE | Windows XP New Users | 0 | 11th Jul 2003 10:38 PM |
Powered by vBulletin®. Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2010, Crawlability, Inc. |
