WMI wouldn't start. My fix.

Summary:
Windows XP. WMI wouldn't start. I fixed it.
I'm no expert on this, so comments invited.
--------------------------------------------------------------------

Background:
I discovered I couldn't start WMI (the classic problem with many
causes),
Found out after installing xp sp2, which needs it for configuring its
firewall.
Had to uninstall sp2 as a result.
Looking in the logs, WMI stopped working sometime in the last year.

I read all the stuff on the web and nothing worked.
I did a winnt32.exe /noattend install of first a slipstreamed xp sp1,
then a straight xp. Followed by all the updates from windowsupdate.
Nothing help.

I deleted wbem folders, changed wbem registry entries, rebuilt
the Repository. I checked permissions on my drive and my registry
entries. (A nice free tool for that is at
http://www.sysinternals.com/ntw2k/s...ccessenum.shtml).

I logged on as Administrator. I tried mofcomp, wbemtest, wmic.
I removed mofs from the wbem autorecover registry entries.
I enabled more extenstive logs. I looked at logs. I tried everything.

Then I started reading more about this WMI, and how it uses DCOM.

I suspected the key issue was not "virus corruption" which everyone
immediately alludes to, but that it wasn't starting up it's connection
to DCOM for some reason.

There are launch permissions for DCOM. There are defaults, and there
are application-specific permissions.

I thought I'd check all this and find something wrong.

I got WMI up. But not how I expected. After looking thru all
this, using the gui's rather than random registry entries, I'm
suspecting many WMI problems are connected with the DCOM startup.
So I'll walk thru that, as much as I know. And end with the fix
for my case.

One funny thing: seems like you can't find out what services WMI is
dependent
on..using the Dependencies tab in it's service. You just have to know.

---------------------------------------------------------------------
Detail:
Easiest to get access to all this stuff thru dcomcnfg

1) Start, Run, dcomcnfg
2) In the left pane, double click on Component Services to expand
3) Double click on Computer to expand
4) Right click on My Computer, and select Properties

Now we'll walk thru the tabs and make sure they're ok. (if you change
any, remember to click OK on the relevant window)

5) Click on the Default Protocols tab
6) Should see Connection-oriented TCP/IP (and maybe
Connection-oriented SPX)
7) Select Connection-oriented TCP/IP, and click on the Properties
button
8) There should be no port ranges listed
9) close the window with OK, then click on the MSDTC tab
10) "Use local coordinator" should be checked, Client Network Protocol
Configuration
should be "TCP/IP"

11) Click on Security Configuration. "Network DTC Access", "Network
Administration"
"Network Transactions", and "XA Transactions" should all be checked.
Others not.
12) The DTC Logon Account should be "NT AUTHORITY\NetworkServices".
Click OK to close window
13) Now click on Default Properties tab (this is still the "My
Computer Properties" window)
14) "Enable Distributed COM on this computer" should be checked.
15) Default Authentication Level shoudl be set to "Connect" (this can
vary, but use "Connect")
16) Default Impersonation Level should be set to "Identify" (this can
vary but use "Identify"
17) Now click to the Default COM Security Tab
18) Click on Edit Default under Access Permissions
19) You should see Administrators and System listed, Select each to
see the Access Permission
Should be Allow on both.
20) Click Ok and now Edit Default under Launch Permissions
21) Should see Administrators, INTERACTIVE, SYSTEM listed. (I think I
may have added
Administrators when I didn't need to on one of these. May not be need.
22) Again, select each to see that they all have Allow on Launch
Permission. Click OK to close window
If necessary, use Add, Advanced, Find Now and select the relevant one
to add, if you want/need to add)

23) Now click OK to close the "My Computer Properties" window.


Go back to the dcomcnfg window

24) Double click on My Computer to expand
25) Double click on DCOM Config to expand
26) scroll down and find the "Windows Management and Instrumentation"
entry. Right click
and select Properties on it.
27) You'll get a window for it. With the General tab selected,
You should see Authenication Level: "Connect"
(Default is probably okay. I have Connect)
28) Click on the "Location" tab. should be a check next to "Run
application
on this computer"
29) Click on the Security Tab. It's easiest if the Launch Permission
and Access Permission
are selected to be "Use Default". If you want to leave on "Customize"
You have to click
Edit to check for basically what you just put in as default for the
dcom config. Just select
default here for Launch and Access Permission.

30) Under Configuration Permissions, it probably has Customize
selected (should
be that way already). Click Edit to see who...it's a longer list and
it's probably okay.
click ok to close window
31) Click Identity tab. Should see "...default system protocols"
listed. Click Ok to close.


Go back to the dcomcnfg window
32) Left click on "Services (Local)" (at the bottom of the left pane)
33) Find "Event Log" in the right pane window
34) Right click it and select Properties
35) This next step is key....
The Startup type: must NOT say "Disabled". It HAS to say "Automatic"
change if necessary. T
36) If you click on the Dependencies tab, you will see "Windows
Management Instrumentation"
as being dependent on this service..but only when you get WMI running!
At this
point you won't see it!! So how could you know??
click ok to close window.

37) You may want to rebuild your wbem Repository. if so do this
open cmd.exe and copy/paste the following commands in order.
%homedrive%
cd %windir%\system32\wbem\repository
net stop winmgmt
del * /s /q
regsvr32 wbemupgd.dll

38) Now start the WMI service if not already started.
In the same Services (Local) pane where you looked at the Event Log
service,
find the "Windows Management Instrumentation" service.
Right click and select properties. check that Startup Type says
"Automatic". Click OK

39) If it's not already started, then right click it and select Start.

40) It should say it's started at this point. (a little window will
come
up with a moving green bar)

It turns out for me, that the only issue apparently was that the Event
Log
was disabled. But thought I'd include all the above, as a sanity check
for possible other issues related to WMI/DCOM startup.


-lev

After having problems with WMI and SP2 (corruption error messages and
WMI says not found) I followed your advice and things are now fixed.
The antivirus part of the security centre now says ON, I have Norton
2004 Pro.

I don't fully understand all that you wrote but I was able to follow
along enough to get my problem sorted so a big thank you for taking
the time to write this up.



levitation30@yahoo.com wrote in message news:<2eb5391d.0408121657.6ac79915@posting.google.com>...
> Summary:
> Windows XP. WMI wouldn't start. I fixed it.
> I'm no expert on this, so comments invited.
> --------------------------------------------------------------------
>
> Background:
> I discovered I couldn't start WMI (the classic problem with many
> causes),
> Found out after installing xp sp2, which needs it for configuring its
> firewall.
> Had to uninstall sp2 as a result.
> Looking in the logs, WMI stopped working sometime in the last year.
>
> I read all the stuff on the web and nothing worked.
> I did a winnt32.exe /noattend install of first a slipstreamed xp sp1,
> then a straight xp. Followed by all the updates from windowsupdate.
> Nothing help.
>
> I deleted wbem folders, changed wbem registry entries, rebuilt
> the Repository. I checked permissions on my drive and my registry
> entries. (A nice free tool for that is at
> http://www.sysinternals.com/ntw2k/s...ccessenum.shtml).
>
> I logged on as Administrator. I tried mofcomp, wbemtest, wmic.
> I removed mofs from the wbem autorecover registry entries.
> I enabled more extenstive logs. I looked at logs. I tried everything.
>
> Then I started reading more about this WMI, and how it uses DCOM.
>
> I suspected the key issue was not "virus corruption" which everyone
> immediately alludes to, but that it wasn't starting up it's connection
> to DCOM for some reason.
>
> There are launch permissions for DCOM. There are defaults, and there
> are application-specific permissions.
>
> I thought I'd check all this and find something wrong.
>
> I got WMI up. But not how I expected. After looking thru all
> this, using the gui's rather than random registry entries, I'm
> suspecting many WMI problems are connected with the DCOM startup.
> So I'll walk thru that, as much as I know. And end with the fix
> for my case.
>
> One funny thing: seems like you can't find out what services WMI is
> dependent
> on..using the Dependencies tab in it's service. You just have to know.
>
> ---------------------------------------------------------------------
> Detail:
> Easiest to get access to all this stuff thru dcomcnfg
>
> 1) Start, Run, dcomcnfg
> 2) In the left pane, double click on Component Services to expand
> 3) Double click on Computer to expand
> 4) Right click on My Computer, and select Properties
>
> Now we'll walk thru the tabs and make sure they're ok. (if you change
> any, remember to click OK on the relevant window)
>
> 5) Click on the Default Protocols tab
> 6) Should see Connection-oriented TCP/IP (and maybe
> Connection-oriented SPX)
> 7) Select Connection-oriented TCP/IP, and click on the Properties
> button
> 8) There should be no port ranges listed
> 9) close the window with OK, then click on the MSDTC tab
> 10) "Use local coordinator" should be checked, Client Network Protocol
> Configuration
> should be "TCP/IP"
>
> 11) Click on Security Configuration. "Network DTC Access", "Network
> Administration"
> "Network Transactions", and "XA Transactions" should all be checked.
> Others not.
> 12) The DTC Logon Account should be "NT AUTHORITY\NetworkServices".
> Click OK to close window
> 13) Now click on Default Properties tab (this is still the "My
> Computer Properties" window)
> 14) "Enable Distributed COM on this computer" should be checked.
> 15) Default Authentication Level shoudl be set to "Connect" (this can
> vary, but use "Connect")
> 16) Default Impersonation Level should be set to "Identify" (this can
> vary but use "Identify"
> 17) Now click to the Default COM Security Tab
> 18) Click on Edit Default under Access Permissions
> 19) You should see Administrators and System listed, Select each to
> see the Access Permission
> Should be Allow on both.
> 20) Click Ok and now Edit Default under Launch Permissions
> 21) Should see Administrators, INTERACTIVE, SYSTEM listed. (I think I
> may have added
> Administrators when I didn't need to on one of these. May not be need.
> 22) Again, select each to see that they all have Allow on Launch
> Permission. Click OK to close window
> If necessary, use Add, Advanced, Find Now and select the relevant one
> to add, if you want/need to add)
>
> 23) Now click OK to close the "My Computer Properties" window.
>
>
> Go back to the dcomcnfg window
>
> 24) Double click on My Computer to expand
> 25) Double click on DCOM Config to expand
> 26) scroll down and find the "Windows Management and Instrumentation"
> entry. Right click
> and select Properties on it.
> 27) You'll get a window for it. With the General tab selected,
> You should see Authenication Level: "Connect"
> (Default is probably okay. I have Connect)
> 28) Click on the "Location" tab. should be a check next to "Run
> application
> on this computer"
> 29) Click on the Security Tab. It's easiest if the Launch Permission
> and Access Permission
> are selected to be "Use Default". If you want to leave on "Customize"
> You have to click
> Edit to check for basically what you just put in as default for the
> dcom config. Just select
> default here for Launch and Access Permission.
>
> 30) Under Configuration Permissions, it probably has Customize
> selected (should
> be that way already). Click Edit to see who...it's a longer list and
> it's probably okay.
> click ok to close window
> 31) Click Identity tab. Should see "...default system protocols"
> listed. Click Ok to close.
>
>
> Go back to the dcomcnfg window
> 32) Left click on "Services (Local)" (at the bottom of the left pane)
> 33) Find "Event Log" in the right pane window
> 34) Right click it and select Properties
> 35) This next step is key....
> The Startup type: must NOT say "Disabled". It HAS to say "Automatic"
> change if necessary. T
> 36) If you click on the Dependencies tab, you will see "Windows
> Management Instrumentation"
> as being dependent on this service..but only when you get WMI running!
> At this
> point you won't see it!! So how could you know??
> click ok to close window.
>
> 37) You may want to rebuild your wbem Repository. if so do this
> open cmd.exe and copy/paste the following commands in order.
> %homedrive%
> cd %windir%\system32\wbem\repository
> net stop winmgmt
> del * /s /q
> regsvr32 wbemupgd.dll
>
> 38) Now start the WMI service if not already started.
> In the same Services (Local) pane where you looked at the Event Log
> service,
> find the "Windows Management Instrumentation" service.
> Right click and select properties. check that Startup Type says
> "Automatic". Click OK
>
> 39) If it's not already started, then right click it and select Start.
>
> 40) It should say it's started at this point. (a little window will
> come
> up with a moving green bar)
>
> It turns out for me, that the only issue apparently was that the Event
> Log
> was disabled. But thought I'd include all the above, as a sanity check
> for possible other issues related to WMI/DCOM startup.
>
>
> -lev

Hi Lev,

I went through all that step by step.
Only the radio botton chnage from cutomise to default was
different, but when I was done I got a events for DCOM
7005,7006, several 113's for COM, MS DTC started with
settings event 2444, and then the main event 10016

The machine-default permission settings do not grant
Local Activation permission for the COM Server
application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-
20). This security permission can be modified using the
Component Services administrative tool.

That CLSID is WMI.

I changed the defalut back to customise.
Things seem better but I'm not sure (as far as events
being created for policy chg and longon to and from shres.
I need more time to see the activity.

I did see Event Log show up as a dependency,
and later TA-DA, the Windows FireWall.

Your right, How would you know.

Thanks for that detail check list.
That a hundred days on the MS Docs for sure.

SJ

>-----Original Message-----
>Summary:
>Windows XP. WMI wouldn't start. I fixed it.
>I'm no expert on this, so comments invited.
>---------------------------------------------------------
-----------
>
>Background:
>I discovered I couldn't start WMI (the classic problem
with many
>causes),
>Found out after installing xp sp2, which needs it for
configuring its
>firewall.
>Had to uninstall sp2 as a result.
>Looking in the logs, WMI stopped working sometime in the
last year.
>
>I read all the stuff on the web and nothing worked.
>I did a winnt32.exe /noattend install of first a
slipstreamed xp sp1,
>then a straight xp. Followed by all the updates from
windowsupdate.
>Nothing help.
>
>I deleted wbem folders, changed wbem registry entries,
rebuilt
>the Repository. I checked permissions on my drive and my
registry
>entries. (A nice free tool for that is at
>http://www.sysinternals.com/ntw2k/s...ccessenum.shtml
).
>
>I logged on as Administrator. I tried mofcomp, wbemtest,
wmic.
>I removed mofs from the wbem autorecover registry
entries.
>I enabled more extenstive logs. I looked at logs. I
tried everything.
>
>Then I started reading more about this WMI, and how it
uses DCOM.
>
>I suspected the key issue was not "virus corruption"
which everyone
>immediately alludes to, but that it wasn't starting up
it's connection
>to DCOM for some reason.
>
>There are launch permissions for DCOM. There are
defaults, and there
>are application-specific permissions.
>
>I thought I'd check all this and find something wrong.
>
>I got WMI up. But not how I expected. After looking thru
all
>this, using the gui's rather than random registry
entries, I'm
>suspecting many WMI problems are connected with the DCOM
startup.
>So I'll walk thru that, as much as I know. And end with
the fix
>for my case.
>
>One funny thing: seems like you can't find out what
services WMI is
>dependent
>on..using the Dependencies tab in it's service. You just
have to know.
>
>---------------------------------------------------------
------------
>Detail:
>Easiest to get access to all this stuff thru dcomcnfg
>
>1) Start, Run, dcomcnfg
>2) In the left pane, double click on Component Services
to expand
>3) Double click on Computer to expand
>4) Right click on My Computer, and select Properties
>
>Now we'll walk thru the tabs and make sure they're ok.
(if you change
>any, remember to click OK on the relevant window)
>
>5) Click on the Default Protocols tab
>6) Should see Connection-oriented TCP/IP (and maybe
>Connection-oriented SPX)
>7) Select Connection-oriented TCP/IP, and click on the
Properties
>button
>8) There should be no port ranges listed
>9) close the window with OK, then click on the MSDTC tab
>10) "Use local coordinator" should be checked, Client
Network Protocol
>Configuration
>should be "TCP/IP"
>
>11) Click on Security Configuration. "Network DTC
Access", "Network
>Administration"
>"Network Transactions", and "XA Transactions" should all
be checked.
>Others not.
>12) The DTC Logon Account should be "NT
AUTHORITY\NetworkServices".
>Click OK to close window
>13) Now click on Default Properties tab (this is still
the "My
>Computer Properties" window)
>14) "Enable Distributed COM on this computer" should be
checked.
>15) Default Authentication Level shoudl be set
to "Connect" (this can
>vary, but use "Connect")
>16) Default Impersonation Level should be set
to "Identify" (this can
>vary but use "Identify"
>17) Now click to the Default COM Security Tab
>18) Click on Edit Default under Access Permissions
>19) You should see Administrators and System listed,
Select each to
>see the Access Permission
>Should be Allow on both.
>20) Click Ok and now Edit Default under Launch
Permissions
>21) Should see Administrators, INTERACTIVE, SYSTEM
listed. (I think I
>may have added
>Administrators when I didn't need to on one of these.
May not be need.
>22) Again, select each to see that they all have Allow
on Launch
>Permission. Click OK to close window
>If necessary, use Add, Advanced, Find Now and select the
relevant one
>to add, if you want/need to add)
>
>23) Now click OK to close the "My Computer Properties"
window.
>
>
>Go back to the dcomcnfg window
>
>24) Double click on My Computer to expand
>25) Double click on DCOM Config to expand
>26) scroll down and find the "Windows Management and
Instrumentation"
>entry. Right click
>and select Properties on it.
>27) You'll get a window for it. With the General tab
selected,
>You should see Authenication Level: "Connect"
>(Default is probably okay. I have Connect)
>28) Click on the "Location" tab. should be a check next
to "Run
>application
>on this computer"
>29) Click on the Security Tab. It's easiest if the
Launch Permission
>and Access Permission
>are selected to be "Use Default". If you want to leave
on "Customize"
>You have to click
>Edit to check for basically what you just put in as
default for the
>dcom config. Just select
>default here for Launch and Access Permission.
>
>30) Under Configuration Permissions, it probably has
Customize
>selected (should
>be that way already). Click Edit to see who...it's a
longer list and
>it's probably okay.
>click ok to close window
>31) Click Identity tab. Should see "...default system
protocols"
>listed. Click Ok to close.
>
>
>Go back to the dcomcnfg window
>32) Left click on "Services (Local)" (at the bottom of
the left pane)
>33) Find "Event Log" in the right pane window
>34) Right click it and select Properties
>35) This next step is key....
> The Startup type: must NOT say "Disabled". It HAS
to say "Automatic"
> change if necessary. T
>36) If you click on the Dependencies tab, you will
see "Windows
>Management Instrumentation"
>as being dependent on this service..but only when you
get WMI running!
>At this
>point you won't see it!! So how could you know??
> click ok to close window.
>
>37) You may want to rebuild your wbem Repository. if so
do this
>open cmd.exe and copy/paste the following commands in
order.
>%homedrive%
>cd %windir%\system32\wbem\repository
>net stop winmgmt
>del * /s /q
>regsvr32 wbemupgd.dll
>
>38) Now start the WMI service if not already started.
>In the same Services (Local) pane where you looked at
the Event Log
>service,
>find the "Windows Management Instrumentation" service.
>Right click and select properties. check that Startup
Type says
>"Automatic". Click OK
>
>39) If it's not already started, then right click it and
select Start.
>
>40) It should say it's started at this point. (a little
window will
>come
>up with a moving green bar)
>
>It turns out for me, that the only issue apparently was
that the Event
>Log
>was disabled. But thought I'd include all the above, as
a sanity check
>for possible other issues related to WMI/DCOM startup.
>
>
>-lev
>.
>

Hey Lev,

No more events being logged, only at boot up.
Thanks again

SJ
>-----Original Message-----
>Hi Lev,
>
>I went through all that step by step.
>Only the radio botton chnage from cutomise to default
was
>different, but when I was done I got a events for DCOM
>7005,7006, several 113's for COM, MS DTC started with
>settings event 2444, and then the main event 10016
>
>The machine-default permission settings do not grant
>Local Activation permission for the COM Server
>application with CLSID
>{8BC3F05E-D86B-11D0-A075-00C04FB68820}
> to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-
>20). This security permission can be modified using the
>Component Services administrative tool.
>
>That CLSID is WMI.
>
>I changed the defalut back to customise.
>Things seem better but I'm not sure (as far as events
>being created for policy chg and longon to and from
shres.
>I need more time to see the activity.
>
>I did see Event Log show up as a dependency,
>and later TA-DA, the Windows FireWall.
>
>Your right, How would you know.
>
>Thanks for that detail check list.
>That a hundred days on the MS Docs for sure.
>
>SJ
>
>>-----Original Message-----
>>Summary:
>>Windows XP. WMI wouldn't start. I fixed it.
>>I'm no expert on this, so comments invited.
>>--------------------------------------------------------
-
>-----------
>>
>>Background:
>>I discovered I couldn't start WMI (the classic problem
>with many
>>causes),
>>Found out after installing xp sp2, which needs it for
>configuring its
>>firewall.
>>Had to uninstall sp2 as a result.
>>Looking in the logs, WMI stopped working sometime in
the
>last year.
>>
>>I read all the stuff on the web and nothing worked.
>>I did a winnt32.exe /noattend install of first a
>slipstreamed xp sp1,
>>then a straight xp. Followed by all the updates from
>windowsupdate.
>>Nothing help.
>>
>>I deleted wbem folders, changed wbem registry entries,
>rebuilt
>>the Repository. I checked permissions on my drive and
my
>registry
>>entries. (A nice free tool for that is at
>>http://www.sysinternals.com/ntw2k/s...accessenum.shtm
l
>).
>>
>>I logged on as Administrator. I tried mofcomp,
wbemtest,
>wmic.
>>I removed mofs from the wbem autorecover registry
>entries.
>>I enabled more extenstive logs. I looked at logs. I
>tried everything.
>>
>>Then I started reading more about this WMI, and how it
>uses DCOM.
>>
>>I suspected the key issue was not "virus corruption"
>which everyone
>>immediately alludes to, but that it wasn't starting up
>it's connection
>>to DCOM for some reason.
>>
>>There are launch permissions for DCOM. There are
>defaults, and there
>>are application-specific permissions.
>>
>>I thought I'd check all this and find something wrong.
>>
>>I got WMI up. But not how I expected. After looking
thru
>all
>>this, using the gui's rather than random registry
>entries, I'm
>>suspecting many WMI problems are connected with the
DCOM
>startup.
>>So I'll walk thru that, as much as I know. And end with
>the fix
>>for my case.
>>
>>One funny thing: seems like you can't find out what
>services WMI is
>>dependent
>>on..using the Dependencies tab in it's service. You
just
>have to know.
>>
>>--------------------------------------------------------
-
>------------
>>Detail:
>>Easiest to get access to all this stuff thru dcomcnfg
>>
>>1) Start, Run, dcomcnfg
>>2) In the left pane, double click on Component
Services
>to expand
>>3) Double click on Computer to expand
>>4) Right click on My Computer, and select Properties
>>
>>Now we'll walk thru the tabs and make sure they're ok.
>(if you change
>>any, remember to click OK on the relevant window)
>>
>>5) Click on the Default Protocols tab
>>6) Should see Connection-oriented TCP/IP (and maybe
>>Connection-oriented SPX)
>>7) Select Connection-oriented TCP/IP, and click on the
>Properties
>>button
>>8) There should be no port ranges listed
>>9) close the window with OK, then click on the MSDTC tab
>>10) "Use local coordinator" should be checked, Client
>Network Protocol
>>Configuration
>>should be "TCP/IP"
>>
>>11) Click on Security Configuration. "Network DTC
>Access", "Network
>>Administration"
>>"Network Transactions", and "XA Transactions" should
all
>be checked.
>>Others not.
>>12) The DTC Logon Account should be "NT
>AUTHORITY\NetworkServices".
>>Click OK to close window
>>13) Now click on Default Properties tab (this is still
>the "My
>>Computer Properties" window)
>>14) "Enable Distributed COM on this computer" should be
>checked.
>>15) Default Authentication Level shoudl be set
>to "Connect" (this can
>>vary, but use "Connect")
>>16) Default Impersonation Level should be set
>to "Identify" (this can
>>vary but use "Identify"
>>17) Now click to the Default COM Security Tab
>>18) Click on Edit Default under Access Permissions
>>19) You should see Administrators and System listed,
>Select each to
>>see the Access Permission
>>Should be Allow on both.
>>20) Click Ok and now Edit Default under Launch
>Permissions
>>21) Should see Administrators, INTERACTIVE, SYSTEM
>listed. (I think I
>>may have added
>>Administrators when I didn't need to on one of these.
>May not be need.
>>22) Again, select each to see that they all have Allow
>on Launch
>>Permission. Click OK to close window
>>If necessary, use Add, Advanced, Find Now and select
the
>relevant one
>>to add, if you want/need to add)
>>
>>23) Now click OK to close the "My Computer Properties"
>window.
>>
>>
>>Go back to the dcomcnfg window
>>
>>24) Double click on My Computer to expand
>>25) Double click on DCOM Config to expand
>>26) scroll down and find the "Windows Management and
>Instrumentation"
>>entry. Right click
>>and select Properties on it.
>>27) You'll get a window for it. With the General tab
>selected,
>>You should see Authenication Level: "Connect"
>>(Default is probably okay. I have Connect)
>>28) Click on the "Location" tab. should be a check next
>to "Run
>>application
>>on this computer"
>>29) Click on the Security Tab. It's easiest if the
>Launch Permission
>>and Access Permission
>>are selected to be "Use Default". If you want to leave
>on "Customize"
>>You have to click
>>Edit to check for basically what you just put in as
>default for the
>>dcom config. Just select
>>default here for Launch and Access Permission.
>>
>>30) Under Configuration Permissions, it probably has
>Customize
>>selected (should
>>be that way already). Click Edit to see who...it's a
>longer list and
>>it's probably okay.
>>click ok to close window
>>31) Click Identity tab. Should see "...default system
>protocols"
>>listed. Click Ok to close.
>>
>>
>>Go back to the dcomcnfg window
>>32) Left click on "Services (Local)" (at the bottom of
>the left pane)
>>33) Find "Event Log" in the right pane window
>>34) Right click it and select Properties
>>35) This next step is key....
>> The Startup type: must NOT say "Disabled". It HAS
>to say "Automatic"
>> change if necessary. T
>>36) If you click on the Dependencies tab, you will
>see "Windows
>>Management Instrumentation"
>>as being dependent on this service..but only when you
>get WMI running!
>>At this
>>point you won't see it!! So how could you know??
>> click ok to close window.
>>
>>37) You may want to rebuild your wbem Repository. if so
>do this
>>open cmd.exe and copy/paste the following commands in
>order.
>>%homedrive%
>>cd %windir%\system32\wbem\repository
>>net stop winmgmt
>>del * /s /q
>>regsvr32 wbemupgd.dll
>>
>>38) Now start the WMI service if not already started.
>>In the same Services (Local) pane where you looked at
>the Event Log
>>service,
>>find the "Windows Management Instrumentation" service.
>>Right click and select properties. check that Startup
>Type says
>>"Automatic". Click OK
>>
>>39) If it's not already started, then right click it
and
>select Start.
>>
>>40) It should say it's started at this point. (a little
>window will
>>come
>>up with a moving green bar)
>>
>>It turns out for me, that the only issue apparently was
>that the Event
>>Log
>>was disabled. But thought I'd include all the above, as
>a sanity check
>>for possible other issues related to WMI/DCOM startup.
>>
>>
>>-lev
>>.
>>
>.
>

Important: I should have mentioned, notes below were for XP SP1 or
below.
Also I use XP pro, so I'm not sure what is visible in XP Home,
although
you might be able to see everything mentioned.

About the Event Log dependency:

I saw the same odd thing. Event Log initially showed (when I started
it) that WMI was dependent on it, but now it doesn't. So maybe there
are times when WMI needs Event Log and times when it doesn't...

so like I noted, you just have to know Event Log should always be
running.

p.s. I didn't mention that WMI is also dependent on RPC (Remote
Procedure Call) but a lot of things are...there would
be a bunch of other problems if RPC wasn't wrunning.


On the launch permissions, where you (SlowJet) have Customize....

It'd be interesting if you could note what additional things/users
are enabled for you, that apparently are needed.
See step 29. Oh wait , you mentioned Windows Firewall...

I guess I should have mentioned that the
Launch/Access permissions below covered SP1 or below...just noticed
SP2 has some new stuff in this area.

Maybe you were trying to get WMI up after installing SP2 or before?

SP2 apparently adds new buttons on the Com Security window. Starting
at step 17, the Default Com Security tab is now called Com Security,
and it has new "Edit Limits" tabs for Access Permissions and Launch
and Activation Permissions.

The entries for Edit Limits and Edit Default are different than I've
noted below, under both Access Permissions and Launch and Activation
Permissions.

I won't list them, because if you get SP2 installed, you're probably
already
correct. But it's probably worthwhile to review them so you get
used to what's there. (they seem to break out Local and Remote control
more cleanly).


Here's another useful hint: After I got WMI up and SP2 installed, I
still
didn't get the Advanced tab working right hen I would look at a
network
connection's properties. This is the typical complaint about WMI,
although
it was running now. I could run the Windows Firewall Settings thingm
though.

Resetting stuff to default there, cleared out the "corruption" on the
network connection settings, and allowed me to see the Advanced tab
info.
so now everything's fine for me.

to do this on SP2:
1) Start, My Network Places, View network connections
2) Change Windows Firewall Settings
3) Click Advanced tab
4) Click Restore Defaults

You may want to go back and run "Set up a home or small office
network"
after this, to make sure all you network/firewall settings are like
you want.


It'd be nice if MSFT had a "reset DCOM security to default" button.

It's even more confusing now that SP2 has some extra stuff in this
area.

There's enough required switches and entries and whatever that I can't
imagine how a user would know what's needed.

I'm not sure how much of it gets re-initialized on a refresh install.
I was surprised the Event Log setting didn't get reset
by the refresh install.


My take on all this: The WMI service is now a critical single point of
failure, like the windows registry. But they've not put in all the
support
for maintaining WMI in a good state, like they had to with the
registry
(which they learned over time....).

It depends on DCOM which they had to harden for security reasons...
but no one knows how all these DCOM settings should be set by default.
(and whatever other WMI dependencies might exist).

It's ridiculous, because the advice to re-install doesn't always work,
because
the re-install doesn't always reset the critical settings that were
wrong
in the first place.

Basically, the WMI infrastructure should be improved. There is bad
software architecture here, and I suspect it's flown under the radar
at MSFT. With more and more things dependent on it, maybe things will
get improved.


"SlowJet" <anonymous@discussions.microsoft.com> wrote in message news:<73e201c483c1$41d98e00$a601280a@phx.gbl>...
> Hey Lev,
>
> No more events being logged, only at boot up.
> Thanks again
>
> SJ
> >-----Original Message-----
> >Hi Lev,
> >
> >I went through all that step by step.
> >Only the radio botton chnage from cutomise to default
> was
> >different, but when I was done I got a events for DCOM
> >7005,7006, several 113's for COM, MS DTC started with
> >settings event 2444, and then the main event 10016
> >
> >The machine-default permission settings do not grant
> >Local Activation permission for the COM Server
> >application with CLSID
> >{8BC3F05E-D86B-11D0-A075-00C04FB68820}
> > to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-
> >20). This security permission can be modified using the
> >Component Services administrative tool.
> >
> >That CLSID is WMI.
> >
> >I changed the defalut back to customise.
> >Things seem better but I'm not sure (as far as events
> >being created for policy chg and longon to and from
> shres.
> >I need more time to see the activity.
> >
> >I did see Event Log show up as a dependency,
> >and later TA-DA, the Windows FireWall.
> >
> >Your right, How would you know.
> >
> >Thanks for that detail check list.
> >That a hundred days on the MS Docs for sure.
> >
> >SJ
> >
> >>-----Original Message-----
> >>Summary:
> >>Windows XP. WMI wouldn't start. I fixed it.
> >>I'm no expert on this, so comments invited.
> >>--------------------------------------------------------
> -
> -----------
> >>
> >>Background:
> >>I discovered I couldn't start WMI (the classic problem
> with many
> >>causes),
> >>Found out after installing xp sp2, which needs it for
> configuring its
> >>firewall.
> >>Had to uninstall sp2 as a result.
> >>Looking in the logs, WMI stopped working sometime in
> the
> last year.
> >>
> >>I read all the stuff on the web and nothing worked.
> >>I did a winnt32.exe /noattend install of first a
> slipstreamed xp sp1,
> >>then a straight xp. Followed by all the updates from
> windowsupdate.
> >>Nothing help.
> >>
> >>I deleted wbem folders, changed wbem registry entries,
> rebuilt
> >>the Repository. I checked permissions on my drive and
> my
> registry
> >>entries. (A nice free tool for that is at
> >>http://www.sysinternals.com/ntw2k/s...accessenum.shtm
> l
> ).
> >>
> >>I logged on as Administrator. I tried mofcomp,
> wbemtest,
> wmic.
> >>I removed mofs from the wbem autorecover registry
> entries.
> >>I enabled more extenstive logs. I looked at logs. I
> tried everything.
> >>
> >>Then I started reading more about this WMI, and how it
> uses DCOM.
> >>
> >>I suspected the key issue was not "virus corruption"
> which everyone
> >>immediately alludes to, but that it wasn't starting up
> it's connection
> >>to DCOM for some reason.
> >>
> >>There are launch permissions for DCOM. There are
> defaults, and there
> >>are application-specific permissions.
> >>
> >>I thought I'd check all this and find something wrong.
> >>
> >>I got WMI up. But not how I expected. After looking
> thru
> all
> >>this, using the gui's rather than random registry
> entries, I'm
> >>suspecting many WMI problems are connected with the
> DCOM
> startup.
> >>So I'll walk thru that, as much as I know. And end with
> the fix
> >>for my case.
> >>
> >>One funny thing: seems like you can't find out what
> services WMI is
> >>dependent
> >>on..using the Dependencies tab in it's service. You
> just
> have to know.
> >>
> >>--------------------------------------------------------
> -
> ------------
> >>Detail:
> >>Easiest to get access to all this stuff thru dcomcnfg
> >>
> >>1) Start, Run, dcomcnfg
> >>2) In the left pane, double click on Component
> Services
> to expand
> >>3) Double click on Computer to expand
> >>4) Right click on My Computer, and select Properties
> >>
> >>Now we'll walk thru the tabs and make sure they're ok.
> (if you change
> >>any, remember to click OK on the relevant window)
> >>
> >>5) Click on the Default Protocols tab
> >>6) Should see Connection-oriented TCP/IP (and maybe
> >>Connection-oriented SPX)
> >>7) Select Connection-oriented TCP/IP, and click on the
> Properties
> >>button
> >>8) There should be no port ranges listed
> >>9) close the window with OK, then click on the MSDTC tab
> >>10) "Use local coordinator" should be checked, Client
> Network Protocol
> >>Configuration
> >>should be "TCP/IP"
> >>
> >>11) Click on Security Configuration. "Network DTC
> Access", "Network
> >>Administration"
> >>"Network Transactions", and "XA Transactions" should
> all
> be checked.
> >>Others not.
> >>12) The DTC Logon Account should be "NT
> AUTHORITY\NetworkServices".
> >>Click OK to close window
> >>13) Now click on Default Properties tab (this is still
> the "My
> >>Computer Properties" window)
> >>14) "Enable Distributed COM on this computer" should be
> checked.
> >>15) Default Authentication Level shoudl be set
> to "Connect" (this can
> >>vary, but use "Connect")
> >>16) Default Impersonation Level should be set
> to "Identify" (this can
> >>vary but use "Identify"
> >>17) Now click to the Default COM Security Tab
> >>18) Click on Edit Default under Access Permissions
> >>19) You should see Administrators and System listed,
> Select each to
> >>see the Access Permission
> >>Should be Allow on both.
> >>20) Click Ok and now Edit Default under Launch
> Permissions
> >>21) Should see Administrators, INTERACTIVE, SYSTEM
> listed. (I think I
> >>may have added
> >>Administrators when I didn't need to on one of these.
> May not be need.
> >>22) Again, select each to see that they all have Allow
> on Launch
> >>Permission. Click OK to close window
> >>If necessary, use Add, Advanced, Find Now and select
> the
> relevant one
> >>to add, if you want/need to add)
> >>
> >>23) Now click OK to close the "My Computer Properties"
> window.
> >>
> >>
> >>Go back to the dcomcnfg window
> >>
> >>24) Double click on My Computer to expand
> >>25) Double click on DCOM Config to expand
> >>26) scroll down and find the "Windows Management and
> Instrumentation"
> >>entry. Right click
> >>and select Properties on it.
> >>27) You'll get a window for it. With the General tab
> selected,
> >>You should see Authenication Level: "Connect"
> >>(Default is probably okay. I have Connect)
> >>28) Click on the "Location" tab. should be a check next
> to "Run
> >>application
> >>on this computer"
> >>29) Click on the Security Tab. It's easiest if the
> Launch Permission
> >>and Access Permission
> >>are selected to be "Use Default". If you want to leave
> on "Customize"
> >>You have to click
> >>Edit to check for basically what you just put in as
> default for the
> >>dcom config. Just select
> >>default here for Launch and Access Permission.
> >>
> >>30) Under Configuration Permissions, it probably has
> Customize
> >>selected (should
> >>be that way already). Click Edit to see who...it's a
> longer list and
> >>it's probably okay.
> >>click ok to close window
> >>31) Click Identity tab. Should see "...default system
> protocols"
> >>listed. Click Ok to close.
> >>
> >>
> >>Go back to the dcomcnfg window
> >>32) Left click on "Services (Local)" (at the bottom of
> the left pane)
> >>33) Find "Event Log" in the right pane window
> >>34) Right click it and select Properties
> >>35) This next step is key....
> >> The Startup type: must NOT say "Disabled". It HAS
> to say "Automatic"
> >> change if necessary. T
> >>36) If you click on the Dependencies tab, you will
> see "Windows
> >>Management Instrumentation"
> >>as being dependent on this service..but only when you
> get WMI running!
> >>At this
> >>point you won't see it!! So how could you know??
> >> click ok to close window.
> >>
> >>37) You may want to rebuild your wbem Repository. if so
> do this
> >>open cmd.exe and copy/paste the following commands in
> order.
> >>%homedrive%
> >>cd %windir%\system32\wbem\repository
> >>net stop winmgmt
> >>del * /s /q
> >>regsvr32 wbemupgd.dll
> >>
> >>38) Now start the WMI service if not already started.
> >>In the same Services (Local) pane where you looked at
> the Event Log
> >>service,
> >>find the "Windows Management Instrumentation" service.
> >>Right click and select properties. check that Startup
> Type says
> >>"Automatic". Click OK
> >>
> >>39) If it's not already started, then right click it
> and
> select Start.
> >>
> >>40) It should say it's started at this point. (a little
> window will
> >>come
> >>up with a moving green bar)
> >>
> >>It turns out for me, that the only issue apparently was
> that the Event
> >>Log
> >>was disabled. But thought I'd include all the above, as
> a sanity check
> >>for possible other issues related to WMI/DCOM startup.
> >>
> >>
> >>-lev
> >>.
> >>
> >.
> >

Hi Lev,

Yup, I'm starting to think there are some problems in
SP@.
I'm just not a network guru and the error events are not
even in the help system yet.

But we'll see waht V5 delivers next month.

SJ
>-----Original Message-----
>Important: I should have mentioned, notes below were for
XP SP1 or
>below.
>Also I use XP pro, so I'm not sure what is visible in XP
Home,
>although
>you might be able to see everything mentioned.
>
>About the Event Log dependency:
>
>I saw the same odd thing. Event Log initially showed
(when I started
>it) that WMI was dependent on it, but now it doesn't. So
maybe there
>are times when WMI needs Event Log and times when it
doesn't...
>
>so like I noted, you just have to know Event Log should
always be
>running.
>
>p.s. I didn't mention that WMI is also dependent on RPC
(Remote
>Procedure Call) but a lot of things are...there would
>be a bunch of other problems if RPC wasn't wrunning.
>
>
>On the launch permissions, where you (SlowJet) have
Customize....
>
>It'd be interesting if you could note what additional
things/users
>are enabled for you, that apparently are needed.
>See step 29. Oh wait , you mentioned Windows Firewall...
>
>I guess I should have mentioned that the
>Launch/Access permissions below covered SP1 or
below...just noticed
>SP2 has some new stuff in this area.
>
>Maybe you were trying to get WMI up after installing SP2
or before?
>
>SP2 apparently adds new buttons on the Com Security
window. Starting
>at step 17, the Default Com Security tab is now called
Com Security,
>and it has new "Edit Limits" tabs for Access Permissions
and Launch
>and Activation Permissions.
>
>The entries for Edit Limits and Edit Default are
different than I've
>noted below, under both Access Permissions and Launch
and Activation
>Permissions.
>
>I won't list them, because if you get SP2 installed,
you're probably
>already
>correct. But it's probably worthwhile to review them so
you get
>used to what's there. (they seem to break out Local and
Remote control
>more cleanly).
>
>
>Here's another useful hint: After I got WMI up and SP2
installed, I
>still
>didn't get the Advanced tab working right hen I would
look at a
>network
>connection's properties. This is the typical complaint
about WMI,
>although
>it was running now. I could run the Windows Firewall
Settings thingm
>though.
>
>Resetting stuff to default there, cleared out
the "corruption" on the
>network connection settings, and allowed me to see the
Advanced tab
>info.
>so now everything's fine for me.
>
>to do this on SP2:
>1) Start, My Network Places, View network connections
>2) Change Windows Firewall Settings
>3) Click Advanced tab
>4) Click Restore Defaults
>
>You may want to go back and run "Set up a home or small
office
>network"
>after this, to make sure all you network/firewall
settings are like
>you want.
>
>
>It'd be nice if MSFT had a "reset DCOM security to
default" button.
>
>It's even more confusing now that SP2 has some extra
stuff in this
>area.
>
>There's enough required switches and entries and
whatever that I can't
>imagine how a user would know what's needed.
>
>I'm not sure how much of it gets re-initialized on a
refresh install.
>I was surprised the Event Log setting didn't get reset
>by the refresh install.
>
>
>My take on all this: The WMI service is now a critical
single point of
>failure, like the windows registry. But they've not put
in all the
>support
>for maintaining WMI in a good state, like they had to
with the
>registry
>(which they learned over time....).
>
>It depends on DCOM which they had to harden for security
reasons...
>but no one knows how all these DCOM settings should be
set by default.
>(and whatever other WMI dependencies might exist).
>
>It's ridiculous, because the advice to re-install
doesn't always work,
>because
>the re-install doesn't always reset the critical
settings that were
>wrong
>in the first place.
>
>Basically, the WMI infrastructure should be improved.
There is bad
>software architecture here, and I suspect it's flown
under the radar
>at MSFT. With more and more things dependent on it,
maybe things will
>get improved.
>
>
>"SlowJet" <anonymous@discussions.microsoft.com> wrote in
message news:<73e201c483c1$41d98e00$a601280a@phx.gbl>...
>> Hey Lev,
>>
>> No more events being logged, only at boot up.
>> Thanks again
>>
>> SJ
>> >-----Original Message-----
>> >Hi Lev,
>> >
>> >I went through all that step by step.
>> >Only the radio botton chnage from cutomise to default
>> was
>> >different, but when I was done I got a events for
DCOM
>> >7005,7006, several 113's for COM, MS DTC started with
>> >settings event 2444, and then the main event 10016
>> >
>> >The machine-default permission settings do not grant
>> >Local Activation permission for the COM Server
>> >application with CLSID
>> >{8BC3F05E-D86B-11D0-A075-00C04FB68820}
>> > to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-
>> >20). This security permission can be modified using
the
>> >Component Services administrative tool.
>> >
>> >That CLSID is WMI.
>> >
>> >I changed the defalut back to customise.
>> >Things seem better but I'm not sure (as far as events
>> >being created for policy chg and longon to and from
>> shres.
>> >I need more time to see the activity.
>> >
>> >I did see Event Log show up as a dependency,
>> >and later TA-DA, the Windows FireWall.
>> >
>> >Your right, How would you know.
>> >
>> >Thanks for that detail check list.
>> >That a hundred days on the MS Docs for sure.
>> >
>> >SJ
>> >
>> >>-----Original Message-----
>> >>Summary:
>> >>Windows XP. WMI wouldn't start. I fixed it.
>> >>I'm no expert on this, so comments invited.
>> >>-----------------------------------------------------
---
>> -
>> -----------
>> >>
>> >>Background:
>> >>I discovered I couldn't start WMI (the classic
problem
>> with many
>> >>causes),
>> >>Found out after installing xp sp2, which needs it
for
>> configuring its
>> >>firewall.
>> >>Had to uninstall sp2 as a result.
>> >>Looking in the logs, WMI stopped working sometime in
>> the
>> last year.
>> >>
>> >>I read all the stuff on the web and nothing worked.
>> >>I did a winnt32.exe /noattend install of first a
>> slipstreamed xp sp1,
>> >>then a straight xp. Followed by all the updates from
>> windowsupdate.
>> >>Nothing help.
>> >>
>> >>I deleted wbem folders, changed wbem registry
entries,
>> rebuilt
>> >>the Repository. I checked permissions on my drive
and
>> my
>> registry
>> >>entries. (A nice free tool for that is at
>>
>>http://www.sysinternals.com/ntw2k/s...accessenum.shtm
>> l
>> ).
>> >>
>> >>I logged on as Administrator. I tried mofcomp,
>> wbemtest,
>> wmic.
>> >>I removed mofs from the wbem autorecover registry
>> entries.
>> >>I enabled more extenstive logs. I looked at logs. I
>> tried everything.
>> >>
>> >>Then I started reading more about this WMI, and how
it
>> uses DCOM.
>> >>
>> >>I suspected the key issue was not "virus corruption"
>> which everyone
>> >>immediately alludes to, but that it wasn't starting
up
>> it's connection
>> >>to DCOM for some reason.
>> >>
>> >>There are launch permissions for DCOM. There are
>> defaults, and there
>> >>are application-specific permissions.
>> >>
>> >>I thought I'd check all this and find something
wrong.
>> >>
>> >>I got WMI up. But not how I expected. After looking
>> thru
>> all
>> >>this, using the gui's rather than random registry
>> entries, I'm
>> >>suspecting many WMI problems are connected with the
>> DCOM
>> startup.
>> >>So I'll walk thru that, as much as I know. And end
with
>> the fix
>> >>for my case.
>> >>
>> >>One funny thing: seems like you can't find out what
>> services WMI is
>> >>dependent
>> >>on..using the Dependencies tab in it's service. You
>> just
>> have to know.
>> >>
>> >>-----------------------------------------------------
---
>> -
>> ------------
>> >>Detail:
>> >>Easiest to get access to all this stuff thru dcomcnfg
>> >>
>> >>1) Start, Run, dcomcnfg
>> >>2) In the left pane, double click on Component
>> Services
>> to expand
>> >>3) Double click on Computer to expand
>> >>4) Right click on My Computer, and select Properties
>> >>
>> >>Now we'll walk thru the tabs and make sure they're
ok.
>> (if you change
>> >>any, remember to click OK on the relevant window)
>> >>
>> >>5) Click on the Default Protocols tab
>> >>6) Should see Connection-oriented TCP/IP (and maybe
>> >>Connection-oriented SPX)
>> >>7) Select Connection-oriented TCP/IP, and click on
the
>> Properties
>> >>button
>> >>8) There should be no port ranges listed
>> >>9) close the window with OK, then click on the MSDTC
tab
>> >>10) "Use local coordinator" should be checked,
Client
>> Network Protocol
>> >>Configuration
>> >>should be "TCP/IP"
>> >>
>> >>11) Click on Security Configuration. "Network DTC
>> Access", "Network
>> >>Administration"
>> >>"Network Transactions", and "XA Transactions" should
>> all
>> be checked.
>> >>Others not.
>> >>12) The DTC Logon Account should be "NT
>> AUTHORITY\NetworkServices".
>> >>Click OK to close window
>> >>13) Now click on Default Properties tab (this is
still
>> the "My
>> >>Computer Properties" window)
>> >>14) "Enable Distributed COM on this computer" should
be
>> checked.
>> >>15) Default Authentication Level shoudl be set
>> to "Connect" (this can
>> >>vary, but use "Connect")
>> >>16) Default Impersonation Level should be set
>> to "Identify" (this can
>> >>vary but use "Identify"
>> >>17) Now click to the Default COM Security Tab
>> >>18) Click on Edit Default under Access Permissions
>> >>19) You should see Administrators and System listed,
>> Select each to
>> >>see the Access Permission
>> >>Should be Allow on both.
>> >>20) Click Ok and now Edit Default under Launch
>> Permissions
>> >>21) Should see Administrators, INTERACTIVE, SYSTEM
>> listed. (I think I
>> >>may have added
>> >>Administrators when I didn't need to on one of
these.
>> May not be need.
>> >>22) Again, select each to see that they all have
Allow
>> on Launch
>> >>Permission. Click OK to close window
>> >>If necessary, use Add, Advanced, Find Now and select
>> the
>> relevant one
>> >>to add, if you want/need to add)
>> >>
>> >>23) Now click OK to close the "My Computer
Properties"
>> window.
>> >>
>> >>
>> >>Go back to the dcomcnfg window
>> >>
>> >>24) Double click on My Computer to expand
>> >>25) Double click on DCOM Config to expand
>> >>26) scroll down and find the "Windows Management and
>> Instrumentation"
>> >>entry. Right click
>> >>and select Properties on it.
>> >>27) You'll get a window for it. With the General tab
>> selected,
>> >>You should see Authenication Level: "Connect"
>> >>(Default is probably okay. I have Connect)
>> >>28) Click on the "Location" tab. should be a check
next
>> to "Run
>> >>application
>> >>on this computer"
>> >>29) Click on the Security Tab. It's easiest if the
>> Launch Permission
>> >>and Access Permission
>> >>are selected to be "Use Default". If you want to
leave
>> on "Customize"
>> >>You have to click
>> >>Edit to check for basically what you just put in as
>> default for the
>> >>dcom config. Just select
>> >>default here for Launch and Access Permission.
>> >>
>> >>30) Under Configuration Permissions, it probably has
>> Customize
>> >>selected (should
>> >>be that way already). Click Edit to see who...it's a
>> longer list and
>> >>it's probably okay.
>> >>click ok to close window
>> >>31) Click Identity tab. Should see "...default
system
>> protocols"
>> >>listed. Click Ok to close.
>> >>
>> >>
>> >>Go back to the dcomcnfg window
>> >>32) Left click on "Services (Local)" (at the bottom
of
>> the left pane)
>> >>33) Find "Event Log" in the right pane window
>> >>34) Right click it and select Properties
>> >>35) This next step is key....
>> >> The Startup type: must NOT say "Disabled". It HAS
>> to say "Automatic"
>> >> change if necessary. T
>> >>36) If you click on the Dependencies tab, you will
>> see "Windows
>> >>Management Instrumentation"
>> >>as being dependent on this service..but only when
you
>> get WMI running!
>> >>At this
>> >>point you won't see it!! So how could you know??
>> >> click ok to close window.
>> >>
>> >>37) You may want to rebuild your wbem Repository. if
so
>> do this
>> >>open cmd.exe and copy/paste the following commands
in
>> order.
>> >>%homedrive%
>> >>cd %windir%\system32\wbem\repository
>> >>net stop winmgmt
>> >>del * /s /q
>> >>regsvr32 wbemupgd.dll
>> >>
>> >>38) Now start the WMI service if not already
started.
>> >>In the same Services (Local) pane where you looked
at
>> the Event Log
>> >>service,
>> >>find the "Windows Management Instrumentation"
service.
>> >>Right click and select properties. check that
Startup
>> Type says
>> >>"Automatic". Click OK
>> >>
>> >>39) If it's not already started, then right click it
>> and
>> select Start.
>> >>
>> >>40) It should say it's started at this point. (a
little
>> window will
>> >>come
>> >>up with a moving green bar)
>> >>
>> >>It turns out for me, that the only issue apparently
was
>> that the Event
>> >>Log
>> >>was disabled. But thought I'd include all the above,
as
>> a sanity check
>> >>for possible other issues related to WMI/DCOM
startup.
>> >>
>> >>
>> >>-lev
>> >>.
>> >>
>> >.
>> >
>.
>

>-----Original Message-----
>Summary:
>Windows XP. WMI wouldn't start. I fixed it.
>I'm no expert on this, so comments invited.
>---------------------------------------------------------
-----------
>
>Background:
>I discovered I couldn't start WMI (the classic problem
with many
>causes),
>Found out after installing xp sp2, which needs it for
configuring its
>firewall.
>Had to uninstall sp2 as a result.
>Looking in the logs, WMI stopped working sometime in the
last year.
>
>I read all the stuff on the web and nothing worked.
>I did a winnt32.exe /noattend install of first a
slipstreamed xp sp1,
>then a straight xp. Followed by all the updates from
windowsupdate.
>Nothing help.
>
>I deleted wbem folders, changed wbem registry entries,
rebuilt
>the Repository. I checked permissions on my drive and my
registry
>entries. (A nice free tool for that is at
>http://www.sysinternals.com/ntw2k/s...ccessenum.shtml
).
>
>I logged on as Administrator. I tried mofcomp, wbemtest,
wmic.
>I removed mofs from the wbem autorecover registry
entries.
>I enabled more extenstive logs. I looked at logs. I
tried everything.
>
>Then I started reading more about this WMI, and how it
uses DCOM.
>
>I suspected the key issue was not "virus corruption"
which everyone
>immediately alludes to, but that it wasn't starting up
it's connection
>to DCOM for some reason.
>
>There are launch permissions for DCOM. There are
defaults, and there
>are application-specific permissions.
>
>I thought I'd check all this and find something wrong.
>
>I got WMI up. But not how I expected. After looking thru
all
>this, using the gui's rather than random registry
entries, I'm
>suspecting many WMI problems are connected with the DCOM
startup.
>So I'll walk thru that, as much as I know. And end with
the fix
>for my case.
>
>One funny thing: seems like you can't find out what
services WMI is
>dependent
>on..using the Dependencies tab in it's service. You just
have to know.
>
>---------------------------------------------------------
------------
>Detail:
>Easiest to get access to all this stuff thru dcomcnfg
>
>1) Start, Run, dcomcnfg
>2) In the left pane, double click on Component Services
to expand
>3) Double click on Computer to expand
>4) Right click on My Computer, and select Properties
>
>Now we'll walk thru the tabs and make sure they're ok.
(if you change
>any, remember to click OK on the relevant window)
>
>5) Click on the Default Protocols tab
>6) Should see Connection-oriented TCP/IP (and maybe
>Connection-oriented SPX)
>7) Select Connection-oriented TCP/IP, and click on the
Properties
>button
>8) There should be no port ranges listed
>9) close the window with OK, then click on the MSDTC tab
>10) "Use local coordinator" should be checked, Client
Network Protocol
>Configuration
>should be "TCP/IP"
>
>11) Click on Security Configuration. "Network DTC
Access", "Network
>Administration"
>"Network Transactions", and "XA Transactions" should all
be checked.
>Others not.
>12) The DTC Logon Account should be "NT
AUTHORITY\NetworkServices".
>Click OK to close window
>13) Now click on Default Properties tab (this is still
the "My
>Computer Properties" window)
>14) "Enable Distributed COM on this computer" should be
checked.
>15) Default Authentication Level shoudl be set
to "Connect" (this can
>vary, but use "Connect")
>16) Default Impersonation Level should be set
to "Identify" (this can
>vary but use "Identify"
>17) Now click to the Default COM Security Tab
>18) Click on Edit Default under Access Permissions
>19) You should see Administrators and System listed,
Select each to
>see the Access Permission
>Should be Allow on both.
>20) Click Ok and now Edit Default under Launch
Permissions
>21) Should see Administrators, INTERACTIVE, SYSTEM
listed. (I think I
>may have added
>Administrators when I didn't need to on one of these.
May not be need.
>22) Again, select each to see that they all have Allow
on Launch
>Permission. Click OK to close window
>If necessary, use Add, Advanced, Find Now and select the
relevant one
>to add, if you want/need to add)
>
>23) Now click OK to close the "My Computer Properties"
window.
>
>
>Go back to the dcomcnfg window
>
>24) Double click on My Computer to expand
>25) Double click on DCOM Config to expand
>26) scroll down and find the "Windows Management and
Instrumentation"
>entry. Right click
>and select Properties on it.
>27) You'll get a window for it. With the General tab
selected,
>You should see Authenication Level: "Connect"
>(Default is probably okay. I have Connect)
>28) Click on the "Location" tab. should be a check next
to "Run
>application
>on this computer"
>29) Click on the Security Tab. It's easiest if the
Launch Permission
>and Access Permission
>are selected to be "Use Default". If you want to leave
on "Customize"
>You have to click
>Edit to check for basically what you just put in as
default for the
>dcom config. Just select
>default here for Launch and Access Permission.
>
>30) Under Configuration Permissions, it probably has
Customize
>selected (should
>be that way already). Click Edit to see who...it's a
longer list and
>it's probably okay.
>click ok to close window
>31) Click Identity tab. Should see "...default system
protocols"
>listed. Click Ok to close.
>
>
>Go back to the dcomcnfg window
>32) Left click on "Services (Local)" (at the bottom of
the left pane)
>33) Find "Event Log" in the right pane window
>34) Right click it and select Properties
>35) This next step is key....
> The Startup type: must NOT say "Disabled". It HAS
to say "Automatic"
> change if necessary. T
>36) If you click on the Dependencies tab, you will
see "Windows
>Management Instrumentation"
>as being dependent on this service..but only when you
get WMI running!
>At this
>point you won't see it!! So how could you know??
> click ok to close window.
>
>37) You may want to rebuild your wbem Repository. if so
do this
>open cmd.exe and copy/paste the following commands in
order.
>%homedrive%
>cd %windir%\system32\wbem\repository
>net stop winmgmt
>del * /s /q
>regsvr32 wbemupgd.dll
>
>38) Now start the WMI service if not already started.
>In the same Services (Local) pane where you looked at
the Event Log
>service,
>find the "Windows Management Instrumentation" service.
>Right click and select properties. check that Startup
Type says
>"Automatic". Click OK
>
>39) If it's not already started, then right click it and
select Start.
>
>40) It should say it's started at this point. (a little
window will
>come
>up with a moving green bar)
>
>It turns out for me, that the only issue apparently was
that the Event
>Log
>was disabled. But thought I'd include all the above, as
a sanity check
>for possible other issues related to WMI/DCOM startup.
>
>
>-lev
>.
>

Hi levitation,

this ticket happend to me as well and I tried all the
fixes but to no avail. Then i thought that I would just
install a fresh copy you know when you install the system
files and keep the program files. I even created a new
partion for a clean install and thought that I would have
better chances to save my data this but as i think about
it as write this that was not the fix either. Any ideas
on how to fix a blown install. I noticed that the system
restore had no prior settings they were all wiped clean
that would have made to easy. I have four years of data I
would like to save. I havent mentioned that the system
whent automatic lockout mode (it doesn't except my
password)

Do you have a spare disk? If you have 4 years of data, I would
first put a spare disk in and copy (using norton ghost or similar programs)
the entire disk to a spare. That way you don't have to stress
so much about trashing something.

I'm not sure what you did with a fresh partition. Does it still
think xp is installed in the old partition?

When you say automatic lockout mode, it sounds like xp boots up
to the user/password screen but you can't get it?

do you know the admin password? is it rejecting that?