Main Page 
PC Review
Forums
Newsgroups
Windows XP
Windows XP WMI
Shell Name Explorer.exe in Registry not found in process list
Forums
Newsgroups
Windows XP
Windows XP WMI
Shell Name Explorer.exe in Registry not found in process list
 |
Shell Name Explorer.exe in Registry not found in process list |
|
|
Thread Tools |
Rating: 
|
09-07-2004, 11:28 AM
|
#1 |
|
Guest
Posts: n/a
|
Shell Name Explorer.exe in Registry not found in process list
Hello,
Can somebody tell me where to look to solve this. I'm getting every 60sec an new entry in the WMI framework log. Have setup binding with an win32_datafile filter and a activescript consumer. Everything is work good. But it seems that the scrcons.exe process is trying to impersonate to ??what?? . Everything is running under local system. I'm running Win2003 with the latest SP Fixes. Ive setup an same situation an an Win2000 server and where it works without the log entry's... Seems to bee an security setting... ? Here is one snapshot of the framework file: Shell Name Explorer.exe in Registry not found in process list. 07/09/2004 13:03:07.801 thread:4052 [d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp. 156] Unable to locate Shell Process, Impersonation failed. 07/09/2004 13:03:07.817 thread:428 [d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp. 168] THANKS! michelk<remove me>@infosupport.com |
|
|
17-07-2004, 11:00 PM
|
#2 |
|
Guest
Posts: n/a
|
Re: Shell Name Explorer.exe in Registry not found in process list
Can you go in the registry under the following reg key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and see what do you have for the Shell value? You should normally see something like: Shell REG_SZ Explorer.exe Thx_Bogdan "michelk" <michel_replace_this_with_a_@_infosupport.com> wrote in message news:e7TdafaZEHA.3512@TK2MSFTNGP12.phx.gbl... Hello, Can somebody tell me where to look to solve this. I'm getting every 60sec an new entry in the WMI framework log. Have setup binding with an win32_datafile filter and a activescript consumer. Everything is work good. But it seems that the scrcons.exe process is trying to impersonate to ??what?? . Everything is running under local system. I'm running Win2003 with the latest SP Fixes. Ive setup an same situation an an Win2000 server and where it works without the log entry's... Seems to bee an security setting... ? Here is one snapshot of the framework file: Shell Name Explorer.exe in Registry not found in process list. 07/09/2004 13:03:07.801 thread:4052 [d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp. 156] Unable to locate Shell Process, Impersonation failed. 07/09/2004 13:03:07.817 thread:428 [d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp. 168] THANKS! michelk<remove me>@infosupport.com |
|
|
|
18-07-2004, 12:45 AM
|
#3 |
|
Guest
Posts: n/a
|
Re: Shell Name Explorer.exe in Registry not found in process list
Also, if the shell value is OK, what other messages do you have in there? Do
you see this one? "LoadShellName failed" **is trying to impersonate to ??what??** Is trying to impersonate the currently logged on user, but it fails before that. When did this start happening? -- This posting is provided "AS IS" with no warranties, and confers no rights Thx_Bogdan "WMI_News" <bogdanmo@online.microsoft.com> wrote in message news:e07bVHFbEHA.2340@TK2MSFTNGP10.phx.gbl... > Can you go in the registry under the following reg key > > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon > > and see what do you have for the Shell value? > > You should normally see something like: > > Shell REG_SZ Explorer.exe > > Thx_Bogdan > "michelk" <michel_replace_this_with_a_@_infosupport.com> wrote in message > news:e7TdafaZEHA.3512@TK2MSFTNGP12.phx.gbl... > Hello, > > Can somebody tell me where to look to solve this. > I'm getting every 60sec an new entry in the WMI framework log. > Have setup binding with an win32_datafile filter and a activescript > consumer. Everything is work good. But it seems that the scrcons.exe process > is trying to impersonate to ??what?? . Everything is running under local > system. I'm running Win2003 with the latest SP Fixes. Ive setup an same > situation an an Win2000 server and where it works without the log entry's... > Seems to bee an security setting... ? > > Here is one snapshot of the framework file: > > Shell Name Explorer.exe in Registry not found in process list. 07/09/2004 > 13:03:07.801 thread:4052 > [d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp. > 156] > > Unable to locate Shell Process, Impersonation failed. 07/09/2004 > 13:03:07.817 thread:428 > [d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp. > 168] > > > THANKS! > michelk<remove me>@infosupport.com > > |
|
|
|
19-07-2004, 11:44 AM
|
#4 |
|
Guest
Posts: n/a
|
Re: Shell Name Explorer.exe in Registry not found in process list
Hello, Thanks for responding,
I've also launched an support call to Microsoft. They are also on it now. I've included one of the support descriptions I've send to MS. -I've looked at the registry and the explorer key is valid. -The current user I'm logged on is the local Administrator. - Server has joined a domain. (cronos) -Administrator has full NTFS permissions on all the directories. -I'm sure it has something to do with the cim_datafile filter. When I activate this the messages are appearing every 60sec. Shell Name Explorer.exe in Registry not found in process list. 07/19/2004 07:16:29.486 thread:2844 [d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp. 156] Shell Name Explorer.exe in Registry not found in process list. 07/19/2004 07:16:29.502 thread:3528 [d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp. 156] Unable to locate Shell Process, Impersonation failed. 07/19/2004 07:16:29.502 thread:2412 [d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp. 168] Unable to locate Shell Process, Impersonation failed. 07/19/2004 07:16:29.517 thread:3436 [d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp. 168] ........ ---------------------------------------------------------------------------- -------- Here the support mail: Henning, Thanks you for responding. The main problem is basically the impersonation error I'm getting in the framework log. All the logging I've included in my provirus mails. (I've included them again to be sure in this mail) "Unable to locate Shell Process, Impersonation failed" This message I'm getting every 60sec. The NT eventlog shows also every 60sec a Audit Fails. This only oucurs when I activate the Cim_datafile filters. The second problem is that also the eventviewer consumer is not working on the windows2003 server. (but this has no prio) gz, Michel Logon Failure: Reason: An error occurred during logon User Name: Domain: Logon Type: 3 Logon Process: Authz Authentication Package: Kerberos Workstation Name: VNDMITSRMS01 Status code: 0xC000018B Substatus code: 0x0 Caller User Name: VNDMITSRMS01$ Caller Domain: CRONOS Caller Logon ID: -0x0,0x3E7- Caller Process ID: 1104 Transited Services: - Source Network Address: - Source Port: - **************************************************************************** ********************************************* Mof files: **************************************************************************** ********************************************* //************************************************************************** //* File: QueueWatchers.mof //************************************************************************** //************************************************************************** //* This MOF was generated from the "\\.\ROOT\CIMV2" //* namespace on machine ".". //* To compile this MOF on another machine you should edit this pragma. //************************************************************************** #pragma namespace("\\\\.\\ROOT\\CIMV2") //************************************************************************** //* Class: ActiveScriptEventConsumer //* Derived from: __EventConsumer //************************************************************************** [locale(1033)] //************************************************************************** //* Instances of: ActiveScriptEventConsumer //************************************************************************** instance of ActiveScriptEventConsumer { CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156, 98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0}; Name = "RMSQMNG_QUEUE_SEND_LOW"; ScriptFilename = "d:\\isrms\\RMSSCHEDULING\\RMSA\\MSGBULDER\\send_queu_LOW.vbs"; ScriptingEngine = "VBScript"; }; instance of ActiveScriptEventConsumer { CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156, 98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0}; Name = "RMSQMNG_QUEUE_SEND_MEDIUM"; ScriptFilename = "d:\\isrms\\RMSSCHEDULING\\RMSA\\MSGBULDER\\send_queu_MEDIUM.vbs"; ScriptingEngine = "VBScript"; }; instance of ActiveScriptEventConsumer { CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156, 98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0}; Name = "RMSQMNG_QUEUE_SEND_HIGH"; ScriptFilename = "d:\\isrms\\RMSSCHEDULING\\RMSA\\MSGBULDER\\send_queu_HIGH.vbs"; ScriptingEngine = "VBScript"; }; //************************************************************************** //* Instances of: __EventFilter //************************************************************************** instance of __EventFilter { CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156, 98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0}; Name = "RMSQMNG_QUEUE_HIGH"; Query = "SELECT * FROM __InstanceOperationEvent WITHIN 60 WHERE TargetInstance ISA 'CIM_DataFile' and TargetInstance.Drive='D:' and TargetInstance.Path='\\\\ISRMS\\\\RMSSCHEDULING\\\\RMSA\\\\QUEUE\\\\1\\\\'"; QueryLanguage = "WQL"; }; instance of __EventFilter { CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156, 98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0}; Name = "RMSQMNG_QUEUE_LOW"; Query = "SELECT * FROM __InstanceOperationEvent WITHIN 3600 WHERE TargetInstance ISA 'CIM_DataFile' and TargetInstance.Drive='D:' and TargetInstance.Path='\\\\ISRMS\\\\RMSSCHEDULING\\\\RMSA\\\\QUEUE\\\\3\\\\'"; QueryLanguage = "WQL"; }; instance of __EventFilter { CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156, 98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0}; Name = "RMSQMNG_QUEUE_MEDIUM"; Query = "SELECT * FROM __InstanceOperationEvent WITHIN 300 WHERE TargetInstance ISA 'CIM_DataFile' and TargetInstance.Drive='D:' and TargetInstance.Path='\\\\ISRMS\\\\RMSSCHEDULING\\\\RMSA\\\\QUEUE\\\\2\\\\'"; QueryLanguage = "WQL"; }; //************************************************************************** //* Instances of: __FilterToConsumerBinding //************************************************************************** instance of __FilterToConsumerBinding { Consumer = "\\\\.\\ROOT\\CIMV2:ActiveScriptEventConsumer.Name=\"RMSQMNG_QUEUE_SEND_HIGH \""; CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156, 98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0}; Filter = "\\\\.\\ROOT\\CIMV2:__EventFilter.Name=\"RMSQMNG_QUEUE_HIGH\""; }; instance of __FilterToConsumerBinding { Consumer = "\\\\.\\ROOT\\CIMV2:ActiveScriptEventConsumer.Name=\"RMSQMNG_QUEUE_SEND_MEDI UM\""; CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156, 98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0}; Filter = "\\\\.\\ROOT\\CIMV2:__EventFilter.Name=\"RMSQMNG_QUEUE_MEDIUM\""; }; instance of __FilterToConsumerBinding { Consumer = "\\\\.\\ROOT\\CIMV2:ActiveScriptEventConsumer.Name=\"RMSQMNG_QUEUE_SEND_LOW\ ""; CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156, 98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0}; Filter = "\\\\.\\ROOT\\CIMV2:__EventFilter.Name=\"RMSQMNG_QUEUE_LOW\""; }; //* EOF QueueWatchers.mof **************************************************************************** ********************************************* **************************************************************************** ********************************************* **************************************************************************** ********************************************* //************************************************************************** //* File: NewMOF.mof //************************************************************************** //************************************************************************** //* This MOF was generated from the "\\.\ROOT\subscription" //* namespace on machine "VNDMITSRMS01". //* To compile this MOF on another machine you should edit this pragma. //************************************************************************** #pragma namespace("\\\\.\\ROOT\\subscription") //************************************************************************** //* Instances of: __EventFilter //************************************************************************** instance of __EventFilter { CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 10, 215, 209, 235, 146, 241, 90, 124, 88, 70, 35, 25, 244, 1, 0, 0}; EventNamespace = "root\\cimv2"; Name = "RMSQMIMP_ERROR"; Query = "SELECT * FROM __InstanceCreationEvent WITHIN 60 WHERE TargetInstance ISA 'CIM_DataFile' and TargetInstance.Drive='D:' and TargetInstance.Path='\\\\ISRMS\\\\RMSSCHEDULING\\\\RMSQMIMP\\\\error\\\\'"; QueryLanguage = "Wql"; }; instance of __EventFilter { CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 10, 215, 209, 235, 146, 241, 90, 124, 88, 70, 35, 25, 244, 1, 0, 0}; EventNamespace = "root\\cimv2"; Name = "RMSQMIMP_in"; Query = "SELECT * FROM __InstanceCreationEvent WITHIN 60 WHERE TargetInstance ISA 'CIM_DataFile' and TargetInstance.Drive='D:' and TargetInstance.Path='\\\\ISRMS\\\\RMSSCHEDULING\\\\RMSQMIMP\\\\in\\\\'"; QueryLanguage = "Wql"; }; //************************************************************************** //* Instances of: __FilterToConsumerBinding //************************************************************************** instance of __FilterToConsumerBinding { Consumer = "\\\\VNDMITSRMS01\\ROOT\\subscription:CommandLineEventConsumer.Name=\"RMSQMI MP_startImport\""; CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 10, 215, 209, 235, 146, 241, 90, 124, 88, 70, 35, 25, 244, 1, 0, 0}; Filter = "\\\\VNDMITSRMS01\\ROOT\\subscription:__EventFilter.Name=\"RMSQMIMP_in\""; }; instance of __FilterToConsumerBinding { Consumer = "\\\\VNDMITSRMS01\\ROOT\\subscription:SMTPEventConsumer.Name=\"MAIL_TO_SUPPO RT\""; CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 10, 215, 209, 235, 146, 241, 90, 124, 88, 70, 35, 25, 244, 1, 0, 0}; Filter = "\\\\VNDMITSRMS01\\ROOT\\subscription:__EventFilter.Name=\"RMSQMIMP_ERROR\"" ; }; //************************************************************************** //* Instances of: CommandLineEventConsumer //************************************************************************** instance of CommandLineEventConsumer { CommandLineTemplate = "c:\\\\windows\\\\system32\\\\cmd.exe /c \"D:\\\\ISRMS\\\\RMSSCHEDULING\\RMSQMIMP\\\\RMSQMIMP_D_000_010.cmd\""; CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 10, 215, 209, 235, 146, 241, 90, 124, 88, 70, 35, 25, 244, 1, 0, 0}; ExecutablePath = "c:\\\\windows\\\\system32\\\\cmd.exe"; Name = "RMSQMIMP_startImport"; }; //************************************************************************** //* Instances of: SMTPEventConsumer //************************************************************************** instance of SMTPEventConsumer { CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 10, 215, 209, 235, 146, 241, 90, 124, 88, 70, 35, 25, 244, 1, 0, 0}; FromLine = "isrms@infosupport.com"; Message = "FAILED to import an RMS Message. %TargetInstance.caption%. See rms log for details. ( http://vndmitsrms01/isrms )"; Name = "MAIL_TO_SUPPORT"; SMTPServer = "vndsrvex"; Subject = "WARNING: RMS QUEUE MANAGER IMPORTER (RMSQMIMP)"; ToLine = "support@infosupport.com"; }; //* EOF NewMOF.mof **************************************************************************** ********************************************* ***** wbemess.log **************************************************************************** ********************************************* **************************************************************************** ********************************************* (Mon Jul 12 10:11:47 2004.133218) : ESS unable to load consumer provider EventViewerConsumer from provider subsystem: 0x80041013 (Mon Jul 12 10:11:47 2004.133218) : Failed the first attempt to retrieve the sink to deliver an event to event consumer EventViewerConsumer="testf" with error code 80041013. WMI will reload and retry. (Mon Jul 12 10:11:47 2004.133250) : ESS unable to load consumer provider EventViewerConsumer from provider subsystem: 0x80041013 (Mon Jul 12 10:11:47 2004.133250) : Failed the second attempt to deliver an event to event consumer EventViewerConsumer="testf" with error code 80041013. This event is dropped for this consumer. (Mon Jul 12 10:11:47 2004.133250) : Dropping event destined for event consumer EventViewerConsumer="testf" in namespace //./root/CIMV2 (Mon Jul 12 10:11:47 2004.133250) : Dropping event destined for event consumer EventViewerConsumer="testf" in namespace //./root/CIMV2 (Mon Jul 12 10:11:47 2004.133250) : Dropping event destined for event consumer EventViewerConsumer="testf" in namespace //./root/CIMV2 (Mon Jul 12 10:11:47 2004.133250) : Dropping event destined for event consumer EventViewerConsumer="testf" in namespace //./root/CIMV2 (Mon Jul 12 10:12:03 2004.149343) : ESS unable to load consumer provider EventViewerConsumer from provider subsystem: 0x80041013 (Mon Jul 12 10:12:03 2004.149343) : Failed the first attempt to retrieve the sink to deliver an event to event consumer EventViewerConsumer="testf" with error code 80041013. WMI will reload and retry. (Mon Jul 12 10:12:03 2004.149406) : ESS unable to load consumer provider EventViewerConsumer from provider subsystem: 0x80041013 (Mon Jul 12 10:12:03 2004.149406) : Failed the second attempt to deliver an event to event consumer EventViewerConsumer="testf" with error code 80041013. This event is dropped for this consumer. (Mon Jul 12 10:12:03 2004.149406) : Dropping event destined for event consumer EventViewerConsumer="testf" in namespace //./root/CIMV2 (Mon Jul 12 10:13:04 2004.209328) : ESS unable to load consumer provider EventViewerConsumer from provider subsystem: 0x80041013 (Mon Jul 12 10:13:04 2004.209328) : Failed the first attempt to retrieve the sink to deliver an event to event consumer EventViewerConsumer="testf" with error code 80041013. WMI will reload and retry. (Mon Jul 12 10:13:04 2004.209359) : ESS unable to load consumer provider EventViewerConsumer from provider subsystem: 0x80041013 (Mon Jul 12 10:13:04 2004.209375) : Failed the second attempt to deliver an event to event consumer EventViewerConsumer="testf" with error code 80041013. This event is dropped for this consumer. (Mon Jul 12 10:13:04 2004.209375) : Dropping event destined for event consumer EventViewerConsumer="testf" in namespace //./root/CIMV2 (Mon Jul 12 10:16:47 2004.430687) : Unloading consumer provider NTEventLogEventConsumer on (null) (Mon Jul 12 10:16:48 2004.432156) : Unloading event consumer sink NTEventLogEventConsumer="SCM Event Log Consumer" **************************************************************************** ********************************************* ************ NTEVT.log **************************************************************************** ********************************************* **************************************************************************** ********************************************* (Mon Jul 12 10:11:35 2004.121203) : CEventLogFile::QueryRegForFileName:Failed (Mon Jul 12 10:11:35 2004.121203) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894 (Mon Jul 12 10:11:35 2004.121203) : CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value (Mon Jul 12 10:11:35 2004.121203) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912 (Mon Jul 12 10:11:35 2004.121203) : CEventLogFile::QueryRegForFileName:Failed (Mon Jul 12 10:11:35 2004.121203) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:228 (Mon Jul 12 10:11:35 2004.121203) : CEventlogRecord::GenerateInstance:Log: Application (Mon Jul 12 10:11:35 2004.121203) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:251 (Mon Jul 12 10:11:35 2004.121203) : CEventlogRecord::GenerateInstance:Record: 791 (Mon Jul 12 10:11:35 2004.121203) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:266 (Mon Jul 12 10:11:35 2004.121203) : CEventlogRecord::GenerateInstance:Source: MSSQLSERVER (Mon Jul 12 10:11:35 2004.121203) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:280 (Mon Jul 12 10:11:35 2004.121203) : CEventlogRecord::GenerateInstance:TimeGenerated: 20040712101007.000000+120 (Mon Jul 12 10:11:35 2004.121203) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:175 (Mon Jul 12 10:11:35 2004.121203) : CEventProviderManager::SendEvent (Mon Jul 12 10:11:35 2004.121203) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:151 (Mon Jul 12 10:11:35 2004.121203) : CEventProviderManager::GetNamespacePtr (Mon Jul 12 10:11:35 2004.121218) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894 (Mon Jul 12 10:11:35 2004.121218) : CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value (Mon Jul 12 10:11:35 2004.121218) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912 (Mon Jul 12 10:11:35 2004.121218) : CEventLogFile::QueryRegForFileName:Failed (Mon Jul 12 10:11:35 2004.121218) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894 (Mon Jul 12 10:11:35 2004.121218) : CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value (Mon Jul 12 10:11:35 2004.121218) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912 (Mon Jul 12 10:11:35 2004.121218) : CEventLogFile::QueryRegForFileName:Failed (Mon Jul 12 10:11:35 2004.121218) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:228 (Mon Jul 12 10:11:35 2004.121218) : CEventlogRecord::GenerateInstance:Log: Application (Mon Jul 12 10:11:35 2004.121218) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:251 (Mon Jul 12 10:11:35 2004.121218) : CEventlogRecord::GenerateInstance:Record: 792 (Mon Jul 12 10:11:35 2004.121218) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:266 (Mon Jul 12 10:11:35 2004.121218) : CEventlogRecord::GenerateInstance:Source: MSSQLSERVER (Mon Jul 12 10:11:35 2004.121218) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:280 (Mon Jul 12 10:11:35 2004.121218) : CEventlogRecord::GenerateInstance:TimeGenerated: 20040712101007.000000+120 (Mon Jul 12 10:11:35 2004.121218) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:175 (Mon Jul 12 10:11:35 2004.121218) : CEventProviderManager::SendEvent (Mon Jul 12 10:11:35 2004.121218) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:151 (Mon Jul 12 10:11:35 2004.121218) : CEventProviderManager::GetNamespacePtr (Mon Jul 12 10:11:35 2004.121218) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894 (Mon Jul 12 10:11:35 2004.121218) : CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value (Mon Jul 12 10:11:35 2004.121218) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912 (Mon Jul 12 10:11:35 2004.121218) : CEventLogFile::QueryRegForFileName:Failed (Mon Jul 12 10:11:35 2004.121218) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894 (Mon Jul 12 10:11:35 2004.121218) : CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value (Mon Jul 12 10:11:35 2004.121218) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912 (Mon Jul 12 10:11:35 2004.121218) : CEventLogFile::QueryRegForFileName:Failed (Mon Jul 12 10:11:35 2004.121218) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:228 (Mon Jul 12 10:11:35 2004.121218) : CEventlogRecord::GenerateInstance:Log: Application (Mon Jul 12 10:11:35 2004.121218) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:251 (Mon Jul 12 10:11:35 2004.121218) : CEventlogRecord::GenerateInstance:Record: 793 (Mon Jul 12 10:11:35 2004.121218) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:266 (Mon Jul 12 10:11:35 2004.121234) : CEventlogRecord::GenerateInstance:Source: MSSQLSERVER (Mon Jul 12 10:11:35 2004.121234) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:280 (Mon Jul 12 10:11:35 2004.121234) : CEventlogRecord::GenerateInstance:TimeGenerated: 20040712101007.000000+120 (Mon Jul 12 10:11:35 2004.121234) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:175 (Mon Jul 12 10:11:35 2004.121234) : CEventProviderManager::SendEvent (Mon Jul 12 10:11:35 2004.121234) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:151 (Mon Jul 12 10:11:35 2004.121250) : CEventProviderManager::GetNamespacePtr (Mon Jul 12 10:11:35 2004.121250) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894 (Mon Jul 12 10:11:35 2004.121250) : CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value (Mon Jul 12 10:11:35 2004.121250) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912 (Mon Jul 12 10:11:35 2004.121250) : CEventLogFile::QueryRegForFileName:Failed (Mon Jul 12 10:11:35 2004.121250) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894 (Mon Jul 12 10:11:35 2004.121250) : CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value (Mon Jul 12 10:11:35 2004.121250) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912 (Mon Jul 12 10:11:35 2004.121250) : CEventLogFile::QueryRegForFileName:Failed (Mon Jul 12 10:11:35 2004.121250) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:228 (Mon Jul 12 10:11:35 2004.121250) : CEventlogRecord::GenerateInstance:Log: Application (Mon Jul 12 10:11:35 2004.121250) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:251 (Mon Jul 12 10:11:35 2004.121250) : CEventlogRecord::GenerateInstance:Record: 794 (Mon Jul 12 10:11:35 2004.121250) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:266 (Mon Jul 12 10:11:35 2004.121250) : CEventlogRecord::GenerateInstance:Source: MSSQLSERVER (Mon Jul 12 10:11:35 2004.121250) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:280 (Mon Jul 12 10:11:35 2004.121250) : CEventlogRecord::GenerateInstance:TimeGenerated: 20040712101007.000000+120 (Mon Jul 12 10:11:35 2004.121250) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:175 (Mon Jul 12 10:11:35 2004.121250) : CEventProviderManager::SendEvent (Mon Jul 12 10:11:35 2004.121250) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:151 (Mon Jul 12 10:11:35 2004.121250) : CEventProviderManager::GetNamespacePtr (Mon Jul 12 10:11:35 2004.121250) : d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:228 **************************************************************************** ********************************************* ********** WMIPROV.log **************************************************************************** ********************************************* **************************************************************************** ********************************************* (Mon Jul 12 10:11:34 2004.120593) : Instance Provider constructed (Mon Jul 12 10:11:34 2004.120609) : Successfully Registered for Mof Events (Mon Jul 12 10:11:34 2004.120609) : WDM call returned error: 4200 (Mon Jul 12 10:11:35 2004.121687) : *************************************** (Mon Jul 12 10:11:35 2004.121687) : Binary mof succeeded for: (Mon Jul 12 10:11:35 2004.121687) : c:\windows\system32\DNSAPI.dll[MofResource](Mon Jul 12 10:11:35 2004.121687) : (Mon Jul 12 10:11:35 2004.121687) : *************************************** (Mon Jul 12 10:11:35 2004.121828) : Deleting Old Classes for Driver (Mon Jul 12 10:11:35 2004.121828) : c:\windows\system32\DNSAPI.dll[MofResource](Mon Jul 12 10:11:35 2004.121828) : (Mon Jul 12 10:11:35 2004.121828) : *************************************** (Mon Jul 12 10:11:35 2004.121953) : Deleting Old Drivers (Mon Jul 12 10:11:35 2004.121953) : *************************************** (Mon Jul 12 10:11:35 2004.121953) : Deleting Old Classes for Driver (Mon Jul 12 10:11:35 2004.121953) : C:\WINDOWS\system32\comsvcs.dll[COSMofResource](Mon Jul 12 10:11:35 2004.121953) : (Mon Jul 12 10:11:35 2004.121953) : *************************************** (Mon Jul 12 10:11:46 2004.132046) : We have been requested to delete this instance: (Mon Jul 12 10:11:46 2004.132046) : WMIBinaryMofResource.HighDateTime=29625108,LowDateTime=3479532032,Name="C:\\ WINDOWS\\system32\\comsvcs.dll[COSMofResource]"(Mon Jul 12 10:11:46 2004.132046) : (Mon Jul 12 10:11:46 2004.132140) : End of processing Binary MOFS (Mon Jul 12 10:11:46 2004.132140) : *************************************** (Mon Jul 12 10:11:46 2004.132359) : Event Provider constructed (Mon Jul 12 10:12:03 2004.149125) : Instance Provider constructed (Mon Jul 12 10:14:08 2004.272859) : WDM call returned error: 4200 (Mon Jul 12 10:14:08 2004.272859) : *************************************** (Mon Jul 12 10:14:08 2004.272859) : BinaryMofsHaveChanged returned FALSE: (Mon Jul 12 10:17:38 2004.481640) : Instance Provider destructed (Mon Jul 12 10:17:38 2004.481640) : Instance Provider destructed **************************************************************************** ********************************************* ***** framework.log **************************************************************************** ********************************************* **************************************************************************** ********************************************* CWbemProviderGlue::Init 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.195] Failed to open thread token: (1008) 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\createmutexasprocess.cpp.210] FrameworkLogin: root\cimv2:Win32_PageFileUsage 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_Registry 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_Process 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:CIM_ProcessExecutable 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_DiskPartition 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:CIM_LogicalFile 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_LogonSession 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_LoggedOnUser 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_SessionProcess 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_MappedLogicalDisk 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_1394Controller 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_AutoChkSetting 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_Battery 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_BIOS 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_BootConfiguration 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_BaseService 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_Bus 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:CIM_DataFile 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_CIMLogicalDeviceCIMDataFile 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_CodecFile 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_ComputerSystem 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_DependentService 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_Desktop 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_DesktopMonitor 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_AssociatedBattery 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_DeviceBus 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_DeviceMemoryAddress 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_PNPDevice 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_Directory 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:CIM_DirectoryContainsFile 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_DiskDrive 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_DisplayConfiguration 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_DisplayControllerConfiguration 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_DriverForDevice 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_UserDesktop 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_Environment 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_FloppyDrive 07/12/2004 10:39:27.569 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_FloppyController 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_Group 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_GroupUser 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_IDEController 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_IRQResource 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_InfraredDevice 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_Keyboard 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_LoadOrderGroupServiceDependencies 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_LoadOrderGroupServiceMembers 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_LoadOrderGroup 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_LogicalDiskToPartition 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_LogicalDisk 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_LogicalMemoryConfiguration 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_LogicalProgramGroup 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_LogicalProgramGroupItem 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_LogicalShareAccess 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_LogicalShareAuditing 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_NetworkLoginProfile 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_MotherBoardDevice 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_NetworkAdapter 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_NetworkAdapterConfiguration 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_NetworkClient 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_NetworkConnection 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_OperatingSystem 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_PageFile 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_PageFileSetting 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_ParallelPort 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_PCMCIAController 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_PointingDevice 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_PortResource 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_UninterruptiblePowerSupply 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_Printer 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_PrinterDriver 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_TCPIPPrinterPort 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_PrinterConfiguration 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_PrinterController 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_PrinterDriverDLL 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] FrameworkLogin: root\cimv2:Win32_PrinterShare 07/12/2004 10:39:27.584 thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] ....... Leaving CTimerQueue::dwNextTimerEvent 07/12/2004 10:39:27.881 thread:3352 [d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\timerqueue.cpp.40 9] ExecQueryAsync: select * from Win32_ShortcutFile where (Path = "\\ISRMS\\RMSSCHEDULING\\RMSA\\QUEUE\\1\\" AND Drive = "D:") - Succeeded 07/12/2004 10:39:27.881 thread:3356 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.888] CWbemProviderGlue::Release, count is (approx) 2 07/12/2004 10:39:27.881 thread:3356 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.514] Met vriendelijke groeten, Michel Kamp "Boggie [MSFT]" <bogdanmo@online.microsoft.com> wrote in message news:%23EVyGCGbEHA.2388@TK2MSFTNGP11.phx.gbl... > Also, if the shell value is OK, what other messages do you have in there? Do > you see this one? "LoadShellName failed" > > **is trying to impersonate to ??what??** > Is trying to impersonate the currently logged on user, but it fails before > that. > > When did this start happening? > -- > This posting is provided "AS IS" with no warranties, and confers no rights > Thx_Bogdan > > > "WMI_News" <bogdanmo@online.microsoft.com> wrote in message > news:e07bVHFbEHA.2340@TK2MSFTNGP10.phx.gbl... > > Can you go in the registry under the following reg key > > > > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon > > > > and see what do you have for the Shell value? > > > > You should normally see something like: > > > > Shell REG_SZ Explorer.exe > > > > Thx_Bogdan > > "michelk" <michel_replace_this_with_a_@_infosupport.com> wrote in message > > news:e7TdafaZEHA.3512@TK2MSFTNGP12.phx.gbl... > > Hello, > > > > Can somebody tell me where to look to solve this. > > I'm getting every 60sec an new entry in the WMI framework log. > > Have setup binding with an win32_datafile filter and a activescript > > consumer. Everything is work good. But it seems that the scrcons.exe > process > > is trying to impersonate to ??what?? . Everything is running under local > > system. I'm running Win2003 with the latest SP Fixes. Ive setup an same > > situation an an Win2000 server and where it works without the log > entry's... > > Seems to bee an security setting... ? > > > > Here is one snapshot of the framework file: > > > > Shell Name Explorer.exe in Registry not found in process list. 07/09/2004 > > 13:03:07.801 thread:4052 > > > [d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp. > > 156] > > > > Unable to locate Shell Process, Impersonation failed. 07/09/2004 > > 13:03:07.817 thread:428 > > > [d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp. > > 168] > > > > > > THANKS! > > michelk<remove me>@infosupport.com > > > > > > |
|
|
|
06-08-2004, 06:42 AM
|
#5 |
|
Guest
Posts: n/a
|
Re: Shell Name Explorer.exe in Registry not found in process list
Hello, After a time.. Microsoft say's "You can Ignore this , it's by design" . It has something to do with the Kerberos/ NTLM authorization. On win2003 machines Kerberos used instead of NTLM. But WMI is first trying NTLM , this fails and the log records are created, then WMI try's Kerberos. My question , is this also happening on other systems .. can soneone please test and respond this... "michelk" <michel_replace_this_with_a_@_infosupport.com> wrote in message news:e%23BYIXYbEHA.596@TK2MSFTNGP11.phx.gbl... > Hello, Thanks for responding, > > I've also launched an support call to Microsoft. They are also on it now. > I've included one of the support descriptions I've send to MS. > > -I've looked at the registry and the explorer key is valid. > -The current user I'm logged on is the local Administrator. > - Server has joined a domain. (cronos) > -Administrator has full NTFS permissions on all the directories. > -I'm sure it has something to do with the cim_datafile filter. When I > activate this the messages are appearing every 60sec. > > Shell Name Explorer.exe in Registry not found in process list. 07/19/2004 > 07:16:29.486 thread:2844 > [d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp. > 156] > Shell Name Explorer.exe in Registry not found in process list. 07/19/2004 > 07:16:29.502 thread:3528 > [d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp. > 156] > Unable to locate Shell Process, Impersonation failed. 07/19/2004 > 07:16:29.502 thread:2412 > [d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp. > 168] > Unable to locate Shell Process, Impersonation failed. 07/19/2004 > 07:16:29.517 thread:3436 > [d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp. > 168] > ....... > -------------------------------------------------------------------------- -- > -------- > Here the support mail: > Henning, > > Thanks you for responding. The main problem is basically the impersonation > error I'm getting in the framework log. > All the logging I've included in my provirus mails. (I've included them > again to be sure in this mail) > "Unable to locate Shell Process, Impersonation failed" > This message I'm getting every 60sec. The NT eventlog shows also every 60sec > a Audit Fails. This only oucurs when I activate the Cim_datafile filters. > The second problem is that also the eventviewer consumer is not working on > the windows2003 server. (but this has no prio) > > gz, Michel > > Logon Failure: > > Reason: An error occurred during logon > > User Name: > > Domain: > > Logon Type: 3 > > Logon Process: Authz > > Authentication Package: Kerberos > > Workstation Name: VNDMITSRMS01 > > Status code: 0xC000018B > > Substatus code: 0x0 > > Caller User Name: VNDMITSRMS01$ > > Caller Domain: CRONOS > > Caller Logon ID: -0x0,0x3E7- > > Caller Process ID: 1104 > > Transited Services: - > > Source Network Address: - > > Source Port: - > > > > **************************************************************************** > ********************************************* > Mof files: > **************************************************************************** > ********************************************* > //************************************************************************** > //* File: QueueWatchers.mof > //************************************************************************** > > //************************************************************************** > //* This MOF was generated from the "\\.\ROOT\CIMV2" > //* namespace on machine ".". > //* To compile this MOF on another machine you should edit this pragma. > //************************************************************************** > #pragma namespace("\\\\.\\ROOT\\CIMV2") > //************************************************************************** > //* Class: ActiveScriptEventConsumer > //* Derived from: __EventConsumer > //************************************************************************** > [locale(1033)] > > > //************************************************************************** > //* Instances of: ActiveScriptEventConsumer > //************************************************************************** > instance of ActiveScriptEventConsumer > { > CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156, > 98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0}; > Name = "RMSQMNG_QUEUE_SEND_LOW"; > ScriptFilename = > "d:\\isrms\\RMSSCHEDULING\\RMSA\\MSGBULDER\\send_queu_LOW.vbs"; > ScriptingEngine = "VBScript"; > }; > instance of ActiveScriptEventConsumer > { > CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156, > 98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0}; > Name = "RMSQMNG_QUEUE_SEND_MEDIUM"; > ScriptFilename = > "d:\\isrms\\RMSSCHEDULING\\RMSA\\MSGBULDER\\send_queu_MEDIUM.vbs"; > ScriptingEngine = "VBScript"; > }; > instance of ActiveScriptEventConsumer > { > CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156, > 98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0}; > Name = "RMSQMNG_QUEUE_SEND_HIGH"; > ScriptFilename = > "d:\\isrms\\RMSSCHEDULING\\RMSA\\MSGBULDER\\send_queu_HIGH.vbs"; > ScriptingEngine = "VBScript"; > }; > > //************************************************************************** > //* Instances of: __EventFilter > //************************************************************************** > > > instance of __EventFilter > { > CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156, > 98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0}; > Name = "RMSQMNG_QUEUE_HIGH"; > Query = "SELECT * FROM __InstanceOperationEvent WITHIN 60 WHERE > TargetInstance ISA 'CIM_DataFile' and TargetInstance.Drive='D:' and > TargetInstance.Path='\\\\ISRMS\\\\RMSSCHEDULING\\\\RMSA\\\\QUEUE\\\\1\\\\'"; > QueryLanguage = "WQL"; > }; > > instance of __EventFilter > { > CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156, > 98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0}; > Name = "RMSQMNG_QUEUE_LOW"; > Query = "SELECT * FROM __InstanceOperationEvent WITHIN 3600 WHERE > TargetInstance ISA 'CIM_DataFile' and TargetInstance.Drive='D:' and > TargetInstance.Path='\\\\ISRMS\\\\RMSSCHEDULING\\\\RMSA\\\\QUEUE\\\\3\\\\'"; > QueryLanguage = "WQL"; > }; > > instance of __EventFilter > { > CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156, > 98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0}; > Name = "RMSQMNG_QUEUE_MEDIUM"; > Query = "SELECT * FROM __InstanceOperationEvent WITHIN 300 WHERE > TargetInstance ISA 'CIM_DataFile' and TargetInstance.Drive='D:' and > TargetInstance.Path='\\\\ISRMS\\\\RMSSCHEDULING\\\\RMSA\\\\QUEUE\\\\2\\\\'"; > QueryLanguage = "WQL"; > }; > > > > > //************************************************************************** > > //* Instances of: __FilterToConsumerBinding > //************************************************************************** > instance of __FilterToConsumerBinding > { > Consumer = > "\\\\.\\ROOT\\CIMV2:ActiveScriptEventConsumer.Name=\"RMSQMNG_QUEUE_SEND_HIGH > \""; > CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156, > 98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0}; > Filter = "\\\\.\\ROOT\\CIMV2:__EventFilter.Name=\"RMSQMNG_QUEUE_HIGH\""; > }; > > instance of __FilterToConsumerBinding > { > Consumer = > "\\\\.\\ROOT\\CIMV2:ActiveScriptEventConsumer.Name=\"RMSQMNG_QUEUE_SEND_MEDI > UM\""; > CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156, > 98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0}; > Filter = "\\\\.\\ROOT\\CIMV2:__EventFilter.Name=\"RMSQMNG_QUEUE_MEDIUM\""; > }; > > instance of __FilterToConsumerBinding > { > Consumer = > "\\\\.\\ROOT\\CIMV2:ActiveScriptEventConsumer.Name=\"RMSQMNG_QUEUE_SEND_LOW\ > ""; > CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156, > 98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0}; > Filter = "\\\\.\\ROOT\\CIMV2:__EventFilter.Name=\"RMSQMNG_QUEUE_LOW\""; > }; > > > //* EOF QueueWatchers.mof > > **************************************************************************** > ********************************************* > **************************************************************************** > ********************************************* > **************************************************************************** > ********************************************* > //************************************************************************** > //* File: NewMOF.mof > //************************************************************************** > > //************************************************************************** > //* This MOF was generated from the "\\.\ROOT\subscription" > //* namespace on machine "VNDMITSRMS01". > //* To compile this MOF on another machine you should edit this pragma. > //************************************************************************** > #pragma namespace("\\\\.\\ROOT\\subscription") > > > //************************************************************************** > //* Instances of: __EventFilter > //************************************************************************** > instance of __EventFilter > { > CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 10, 215, 209, 235, 146, > 241, 90, 124, 88, 70, 35, 25, 244, 1, 0, 0}; > EventNamespace = "root\\cimv2"; > Name = "RMSQMIMP_ERROR"; > Query = "SELECT * FROM __InstanceCreationEvent WITHIN 60 WHERE > TargetInstance ISA 'CIM_DataFile' and TargetInstance.Drive='D:' and > TargetInstance.Path='\\\\ISRMS\\\\RMSSCHEDULING\\\\RMSQMIMP\\\\error\\\\'"; > QueryLanguage = "Wql"; > }; > > instance of __EventFilter > { > CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 10, 215, 209, 235, 146, > 241, 90, 124, 88, 70, 35, 25, 244, 1, 0, 0}; > EventNamespace = "root\\cimv2"; > Name = "RMSQMIMP_in"; > Query = "SELECT * FROM __InstanceCreationEvent WITHIN 60 WHERE > TargetInstance ISA 'CIM_DataFile' and TargetInstance.Drive='D:' and > TargetInstance.Path='\\\\ISRMS\\\\RMSSCHEDULING\\\\RMSQMIMP\\\\in\\\\'"; > QueryLanguage = "Wql"; > }; > > //************************************************************************** > //* Instances of: __FilterToConsumerBinding > //************************************************************************** > instance of __FilterToConsumerBinding > { > Consumer = > "\\\\VNDMITSRMS01\\ROOT\\subscription:CommandLineEventConsumer.Name=\"RMSQMI > MP_startImport\""; > CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 10, 215, 209, 235, 146, > 241, 90, 124, 88, 70, 35, 25, 244, 1, 0, 0}; > Filter = > "\\\\VNDMITSRMS01\\ROOT\\subscription:__EventFilter.Name=\"RMSQMIMP_in\""; > }; > > instance of __FilterToConsumerBinding > { > Consumer = > "\\\\VNDMITSRMS01\\ROOT\\subscription:SMTPEventConsumer.Name=\"MAIL_TO_SUPPO > RT\""; > CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 10, 215, 209, 235, 146, > 241, 90, 124, 88, 70, 35, 25, 244, 1, 0, 0}; > Filter = > "\\\\VNDMITSRMS01\\ROOT\\subscription:__EventFilter.Name=\"RMSQMIMP_ERROR\"" > ; > }; > > //************************************************************************** > //* Instances of: CommandLineEventConsumer > //************************************************************************** > instance of CommandLineEventConsumer > { > CommandLineTemplate = "c:\\\\windows\\\\system32\\\\cmd.exe /c > \"D:\\\\ISRMS\\\\RMSSCHEDULING\\RMSQMIMP\\\\RMSQMIMP_D_000_010.cmd\""; > CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 10, 215, 209, 235, 146, > 241, 90, 124, 88, 70, 35, 25, 244, 1, 0, 0}; > ExecutablePath = "c:\\\\windows\\\\system32\\\\cmd.exe"; > Name = "RMSQMIMP_startImport"; > }; > > //************************************************************************** > //* Instances of: SMTPEventConsumer > //************************************************************************** > instance of SMTPEventConsumer > { > CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 10, 215, 209, 235, 146, > 241, 90, 124, 88, 70, 35, 25, 244, 1, 0, 0}; > FromLine = "isrms@infosupport.com"; > Message = "FAILED to import an RMS Message. %TargetInstance.caption%. See > rms log for details. ( http://vndmitsrms01/isrms )"; > Name = "MAIL_TO_SUPPORT"; > SMTPServer = "vndsrvex"; > Subject = "WARNING: RMS QUEUE MANAGER IMPORTER (RMSQMIMP)"; > ToLine = "support@infosupport.com"; > }; > > //* EOF NewMOF.mof > > > > > > **************************************************************************** > ********************************************* > ***** wbemess.log > **************************************************************************** > ********************************************* > **************************************************************************** > ********************************************* > > (Mon Jul 12 10:11:47 2004.133218) : ESS unable to load consumer provider > EventViewerConsumer from provider subsystem: 0x80041013 > (Mon Jul 12 10:11:47 2004.133218) : Failed the first attempt to retrieve the > sink to deliver an event to event consumer EventViewerConsumer="testf" with > error code 80041013. > WMI will reload and retry. > (Mon Jul 12 10:11:47 2004.133250) : ESS unable to load consumer provider > EventViewerConsumer from provider subsystem: 0x80041013 > (Mon Jul 12 10:11:47 2004.133250) : Failed the second attempt to deliver an > event to event consumer EventViewerConsumer="testf" with error code > 80041013. > This event is dropped for this consumer. > (Mon Jul 12 10:11:47 2004.133250) : Dropping event destined for event > consumer EventViewerConsumer="testf" in namespace //./root/CIMV2 > (Mon Jul 12 10:11:47 2004.133250) : Dropping event destined for event > consumer EventViewerConsumer="testf" in namespace //./root/CIMV2 > (Mon Jul 12 10:11:47 2004.133250) : Dropping event destined for event > consumer EventViewerConsumer="testf" in namespace //./root/CIMV2 > (Mon Jul 12 10:11:47 2004.133250) : Dropping event destined for event > consumer EventViewerConsumer="testf" in namespace //./root/CIMV2 > (Mon Jul 12 10:12:03 2004.149343) : ESS unable to load consumer provider > EventViewerConsumer from provider subsystem: 0x80041013 > (Mon Jul 12 10:12:03 2004.149343) : Failed the first attempt to retrieve the > sink to deliver an event to event consumer EventViewerConsumer="testf" with > error code 80041013. > WMI will reload and retry. > (Mon Jul 12 10:12:03 2004.149406) : ESS unable to load consumer provider > EventViewerConsumer from provider subsystem: 0x80041013 > (Mon Jul 12 10:12:03 2004.149406) : Failed the second attempt to deliver an > event to event consumer EventViewerConsumer="testf" with error code > 80041013. > This event is dropped for this consumer. > (Mon Jul 12 10:12:03 2004.149406) : Dropping event destined for event > consumer EventViewerConsumer="testf" in namespace //./root/CIMV2 > (Mon Jul 12 10:13:04 2004.209328) : ESS unable to load consumer provider > EventViewerConsumer from provider subsystem: 0x80041013 > (Mon Jul 12 10:13:04 2004.209328) : Failed the first attempt to retrieve the > sink to deliver an event to event consumer EventViewerConsumer="testf" with > error code 80041013. > WMI will reload and retry. > (Mon Jul 12 10:13:04 2004.209359) : ESS unable to load consumer provider > EventViewerConsumer from provider subsystem: 0x80041013 > (Mon Jul 12 10:13:04 2004.209375) : Failed the second attempt to deliver an > event to event consumer EventViewerConsumer="testf" with error code > 80041013. > This event is dropped for this consumer. > (Mon Jul 12 10:13:04 2004.209375) : Dropping event destined for event > consumer EventViewerConsumer="testf" in namespace //./root/CIMV2 > (Mon Jul 12 10:16:47 2004.430687) : Unloading consumer provider > NTEventLogEventConsumer on (null) > (Mon Jul 12 10:16:48 2004.432156) : Unloading event consumer sink > NTEventLogEventConsumer="SCM Event Log Consumer" > > **************************************************************************** > ********************************************* > ************ NTEVT.log > **************************************************************************** > ********************************************* > **************************************************************************** > ********************************************* > > (Mon Jul 12 10:11:35 2004.121203) : > CEventLogFile::QueryRegForFileName:Failed > > (Mon Jul 12 10:11:35 2004.121203) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894 > > (Mon Jul 12 10:11:35 2004.121203) : > CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value > > (Mon Jul 12 10:11:35 2004.121203) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912 > > (Mon Jul 12 10:11:35 2004.121203) : > CEventLogFile::QueryRegForFileName:Failed > > (Mon Jul 12 10:11:35 2004.121203) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:228 > > (Mon Jul 12 10:11:35 2004.121203) : CEventlogRecord::GenerateInstance:Log: > Application > > (Mon Jul 12 10:11:35 2004.121203) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:251 > > (Mon Jul 12 10:11:35 2004.121203) : > CEventlogRecord::GenerateInstance:Record: 791 > > (Mon Jul 12 10:11:35 2004.121203) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:266 > > (Mon Jul 12 10:11:35 2004.121203) : > CEventlogRecord::GenerateInstance:Source: MSSQLSERVER > > (Mon Jul 12 10:11:35 2004.121203) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:280 > > (Mon Jul 12 10:11:35 2004.121203) : > CEventlogRecord::GenerateInstance:TimeGenerated: 20040712101007.000000+120 > > (Mon Jul 12 10:11:35 2004.121203) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:175 > > (Mon Jul 12 10:11:35 2004.121203) : CEventProviderManager::SendEvent > > (Mon Jul 12 10:11:35 2004.121203) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:151 > > (Mon Jul 12 10:11:35 2004.121203) : CEventProviderManager::GetNamespacePtr > > (Mon Jul 12 10:11:35 2004.121218) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894 > > (Mon Jul 12 10:11:35 2004.121218) : > CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value > > (Mon Jul 12 10:11:35 2004.121218) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912 > > (Mon Jul 12 10:11:35 2004.121218) : > CEventLogFile::QueryRegForFileName:Failed > > (Mon Jul 12 10:11:35 2004.121218) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894 > > (Mon Jul 12 10:11:35 2004.121218) : > CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value > > (Mon Jul 12 10:11:35 2004.121218) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912 > > (Mon Jul 12 10:11:35 2004.121218) : > CEventLogFile::QueryRegForFileName:Failed > > (Mon Jul 12 10:11:35 2004.121218) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:228 > > (Mon Jul 12 10:11:35 2004.121218) : CEventlogRecord::GenerateInstance:Log: > Application > > (Mon Jul 12 10:11:35 2004.121218) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:251 > > (Mon Jul 12 10:11:35 2004.121218) : > CEventlogRecord::GenerateInstance:Record: 792 > > (Mon Jul 12 10:11:35 2004.121218) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:266 > > (Mon Jul 12 10:11:35 2004.121218) : > CEventlogRecord::GenerateInstance:Source: MSSQLSERVER > > (Mon Jul 12 10:11:35 2004.121218) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:280 > > (Mon Jul 12 10:11:35 2004.121218) : > CEventlogRecord::GenerateInstance:TimeGenerated: 20040712101007.000000+120 > > (Mon Jul 12 10:11:35 2004.121218) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:175 > > (Mon Jul 12 10:11:35 2004.121218) : CEventProviderManager::SendEvent > > (Mon Jul 12 10:11:35 2004.121218) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:151 > > (Mon Jul 12 10:11:35 2004.121218) : CEventProviderManager::GetNamespacePtr > > (Mon Jul 12 10:11:35 2004.121218) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894 > > (Mon Jul 12 10:11:35 2004.121218) : > CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value > > (Mon Jul 12 10:11:35 2004.121218) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912 > > (Mon Jul 12 10:11:35 2004.121218) : > CEventLogFile::QueryRegForFileName:Failed > > (Mon Jul 12 10:11:35 2004.121218) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894 > > (Mon Jul 12 10:11:35 2004.121218) : > CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value > > (Mon Jul 12 10:11:35 2004.121218) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912 > > (Mon Jul 12 10:11:35 2004.121218) : > CEventLogFile::QueryRegForFileName:Failed > > (Mon Jul 12 10:11:35 2004.121218) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:228 > > (Mon Jul 12 10:11:35 2004.121218) : CEventlogRecord::GenerateInstance:Log: > Application > > (Mon Jul 12 10:11:35 2004.121218) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:251 > > (Mon Jul 12 10:11:35 2004.121218) : > CEventlogRecord::GenerateInstance:Record: 793 > > (Mon Jul 12 10:11:35 2004.121218) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:266 > > (Mon Jul 12 10:11:35 2004.121234) : > CEventlogRecord::GenerateInstance:Source: MSSQLSERVER > > (Mon Jul 12 10:11:35 2004.121234) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:280 > > (Mon Jul 12 10:11:35 2004.121234) : > CEventlogRecord::GenerateInstance:TimeGenerated: 20040712101007.000000+120 > > (Mon Jul 12 10:11:35 2004.121234) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:175 > > (Mon Jul 12 10:11:35 2004.121234) : CEventProviderManager::SendEvent > > (Mon Jul 12 10:11:35 2004.121234) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:151 > > (Mon Jul 12 10:11:35 2004.121250) : CEventProviderManager::GetNamespacePtr > > (Mon Jul 12 10:11:35 2004.121250) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894 > > (Mon Jul 12 10:11:35 2004.121250) : > CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value > > (Mon Jul 12 10:11:35 2004.121250) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912 > > (Mon Jul 12 10:11:35 2004.121250) : > CEventLogFile::QueryRegForFileName:Failed > > (Mon Jul 12 10:11:35 2004.121250) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894 > > (Mon Jul 12 10:11:35 2004.121250) : > CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value > > (Mon Jul 12 10:11:35 2004.121250) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912 > > (Mon Jul 12 10:11:35 2004.121250) : > CEventLogFile::QueryRegForFileName:Failed > > (Mon Jul 12 10:11:35 2004.121250) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:228 > > (Mon Jul 12 10:11:35 2004.121250) : CEventlogRecord::GenerateInstance:Log: > Application > > (Mon Jul 12 10:11:35 2004.121250) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:251 > > (Mon Jul 12 10:11:35 2004.121250) : > CEventlogRecord::GenerateInstance:Record: 794 > > (Mon Jul 12 10:11:35 2004.121250) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:266 > > (Mon Jul 12 10:11:35 2004.121250) : > CEventlogRecord::GenerateInstance:Source: MSSQLSERVER > > (Mon Jul 12 10:11:35 2004.121250) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:280 > > (Mon Jul 12 10:11:35 2004.121250) : > CEventlogRecord::GenerateInstance:TimeGenerated: 20040712101007.000000+120 > > (Mon Jul 12 10:11:35 2004.121250) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:175 > > (Mon Jul 12 10:11:35 2004.121250) : CEventProviderManager::SendEvent > > (Mon Jul 12 10:11:35 2004.121250) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:151 > > (Mon Jul 12 10:11:35 2004.121250) : CEventProviderManager::GetNamespacePtr > > (Mon Jul 12 10:11:35 2004.121250) : > d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:228 > > > **************************************************************************** > ********************************************* > ********** WMIPROV.log > **************************************************************************** > ********************************************* > **************************************************************************** > ********************************************* > > (Mon Jul 12 10:11:34 2004.120593) : Instance Provider constructed > (Mon Jul 12 10:11:34 2004.120609) : Successfully Registered for Mof Events > (Mon Jul 12 10:11:34 2004.120609) : WDM call returned error: 4200 > (Mon Jul 12 10:11:35 2004.121687) : *************************************** > (Mon Jul 12 10:11:35 2004.121687) : Binary mof succeeded for: > (Mon Jul 12 10:11:35 2004.121687) : > c:\windows\system32\DNSAPI.dll[MofResource](Mon Jul 12 10:11:35 2004.121687) > : > (Mon Jul 12 10:11:35 2004.121687) : *************************************** > (Mon Jul 12 10:11:35 2004.121828) : Deleting Old Classes for Driver > (Mon Jul 12 10:11:35 2004.121828) : > c:\windows\system32\DNSAPI.dll[MofResource](Mon Jul 12 10:11:35 2004.121828) > : > (Mon Jul 12 10:11:35 2004.121828) : *************************************** > (Mon Jul 12 10:11:35 2004.121953) : Deleting Old Drivers > (Mon Jul 12 10:11:35 2004.121953) : *************************************** > (Mon Jul 12 10:11:35 2004.121953) : Deleting Old Classes for Driver > (Mon Jul 12 10:11:35 2004.121953) : > C:\WINDOWS\system32\comsvcs.dll[COSMofResource](Mon Jul 12 10:11:35 > 2004.121953) : > (Mon Jul 12 10:11:35 2004.121953) : *************************************** > (Mon Jul 12 10:11:46 2004.132046) : We have been requested to delete this > instance: > (Mon Jul 12 10:11:46 2004.132046) : > WMIBinaryMofResource.HighDateTime=29625108,LowDateTime=3479532032,Name="C:\\ > WINDOWS\\system32\\comsvcs.dll[COSMofResource]"(Mon Jul 12 10:11:46 > 2004.132046) : > (Mon Jul 12 10:11:46 2004.132140) : End of processing Binary MOFS > (Mon Jul 12 10:11:46 2004.132140) : *************************************** > (Mon Jul 12 10:11:46 2004.132359) : Event Provider constructed > (Mon Jul 12 10:12:03 2004.149125) : Instance Provider constructed > (Mon Jul 12 10:14:08 2004.272859) : WDM call returned error: 4200 > (Mon Jul 12 10:14:08 2004.272859) : *************************************** > (Mon Jul 12 10:14:08 2004.272859) : BinaryMofsHaveChanged returned FALSE: > (Mon Jul 12 10:17:38 2004.481640) : Instance Provider destructed > (Mon Jul 12 10:17:38 2004.481640) : Instance Provider destructed > > > **************************************************************************** > ********************************************* > ***** framework.log > **************************************************************************** > ********************************************* > **************************************************************************** > ********************************************* > > CWbemProviderGlue::Init 07/12/2004 10:39:27.569 thread:3336 > [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.195] > Failed to open thread token: (1008) 07/12/2004 10:39:27.569 thread:3336 > [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\createmutexasprocess.cpp.210] > FrameworkLogin: root\cimv2:Win32_PageFileUsage 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_Registry 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_Process 07/12/2004 10:39:27.569 thread:3336 > [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:CIM_ProcessExecutable 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_DiskPartition 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:CIM_LogicalFile 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_LogonSession 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_LoggedOnUser 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_SessionProcess 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_MappedLogicalDisk 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_1394Controller 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_AutoChkSetting 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_Battery 07/12/2004 10:39:27.569 thread:3336 > [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_BIOS 07/12/2004 10:39:27.569 thread:3336 > [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_BootConfiguration 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_BaseService 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_Bus 07/12/2004 10:39:27.569 thread:3336 > [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:CIM_DataFile 07/12/2004 10:39:27.569 thread:3336 > [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_CIMLogicalDeviceCIMDataFile 07/12/2004 > 10:39:27.569 thread:3336 > [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_CodecFile 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_ComputerSystem 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_DependentService 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_Desktop 07/12/2004 10:39:27.569 thread:3336 > [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_DesktopMonitor 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_AssociatedBattery 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_DeviceBus 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_DeviceMemoryAddress 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_PNPDevice 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_Directory 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:CIM_DirectoryContainsFile 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_DiskDrive 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_DisplayConfiguration 07/12/2004 > 10:39:27.569 thread:3336 > [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_DisplayControllerConfiguration 07/12/2004 > 10:39:27.569 thread:3336 > [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_DriverForDevice 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_UserDesktop 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_Environment 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_FloppyDrive 07/12/2004 10:39:27.569 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_FloppyController 07/12/2004 10:39:27.584 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_Group 07/12/2004 10:39:27.584 thread:3336 > [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_GroupUser 07/12/2004 10:39:27.584 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\cimv2:Win32_IDEController 07/12/2004 10:39:27.584 > thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209] > FrameworkLogin: root\c |