Shell Name Explorer.exe in Registry not found in process list


M

michelk

Hello,

Can somebody tell me where to look to solve this.
I'm getting every 60sec an new entry in the WMI framework log.
Have setup binding with an win32_datafile filter and a activescript
consumer. Everything is work good. But it seems that the scrcons.exe process
is trying to impersonate to ??what?? . Everything is running under local
system. I'm running Win2003 with the latest SP Fixes. Ive setup an same
situation an an Win2000 server and where it works without the log entry's...
Seems to bee an security setting... ?

Here is one snapshot of the framework file:

Shell Name Explorer.exe in Registry not found in process list. 07/09/2004
13:03:07.801 thread:4052
[d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.
156]

Unable to locate Shell Process, Impersonation failed. 07/09/2004
13:03:07.817 thread:428
[d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.
168]


THANKS!
michelk<remove me>@infosupport.com
 
Ad

Advertisements

W

WMI_News

Can you go in the registry under the following reg key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

and see what do you have for the Shell value?

You should normally see something like:

Shell REG_SZ Explorer.exe

Thx_Bogdan
Hello,

Can somebody tell me where to look to solve this.
I'm getting every 60sec an new entry in the WMI framework log.
Have setup binding with an win32_datafile filter and a activescript
consumer. Everything is work good. But it seems that the scrcons.exe process
is trying to impersonate to ??what?? . Everything is running under local
system. I'm running Win2003 with the latest SP Fixes. Ive setup an same
situation an an Win2000 server and where it works without the log entry's...
Seems to bee an security setting... ?

Here is one snapshot of the framework file:

Shell Name Explorer.exe in Registry not found in process list. 07/09/2004
13:03:07.801 thread:4052
[d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.
156]

Unable to locate Shell Process, Impersonation failed. 07/09/2004
13:03:07.817 thread:428
[d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.
168]


THANKS!
michelk<remove me>@infosupport.com
 
B

Boggie [MSFT]

Also, if the shell value is OK, what other messages do you have in there? Do
you see this one? "LoadShellName failed"

**is trying to impersonate to ??what??**
Is trying to impersonate the currently logged on user, but it fails before
that.

When did this start happening?
 
M

michelk

Hello, Thanks for responding,

I've also launched an support call to Microsoft. They are also on it now.
I've included one of the support descriptions I've send to MS.

-I've looked at the registry and the explorer key is valid.
-The current user I'm logged on is the local Administrator.
- Server has joined a domain. (cronos)
-Administrator has full NTFS permissions on all the directories.
-I'm sure it has something to do with the cim_datafile filter. When I
activate this the messages are appearing every 60sec.

Shell Name Explorer.exe in Registry not found in process list. 07/19/2004
07:16:29.486 thread:2844
[d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.
156]
Shell Name Explorer.exe in Registry not found in process list. 07/19/2004
07:16:29.502 thread:3528
[d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.
156]
Unable to locate Shell Process, Impersonation failed. 07/19/2004
07:16:29.502 thread:2412
[d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.
168]
Unable to locate Shell Process, Impersonation failed. 07/19/2004
07:16:29.517 thread:3436
[d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.
168]
........
----------------------------------------------------------------------------
--------
Here the support mail:
Henning,

Thanks you for responding. The main problem is basically the impersonation
error I'm getting in the framework log.
All the logging I've included in my provirus mails. (I've included them
again to be sure in this mail)
"Unable to locate Shell Process, Impersonation failed"
This message I'm getting every 60sec. The NT eventlog shows also every 60sec
a Audit Fails. This only oucurs when I activate the Cim_datafile filters.
The second problem is that also the eventviewer consumer is not working on
the windows2003 server. (but this has no prio)

gz, Michel

Logon Failure:

Reason: An error occurred during logon

User Name:

Domain:

Logon Type: 3

Logon Process: Authz

Authentication Package: Kerberos

Workstation Name: VNDMITSRMS01

Status code: 0xC000018B

Substatus code: 0x0

Caller User Name: VNDMITSRMS01$

Caller Domain: CRONOS

Caller Logon ID: -0x0,0x3E7-

Caller Process ID: 1104

Transited Services: -

Source Network Address: -

Source Port: -



****************************************************************************
*********************************************
Mof files:
****************************************************************************
*********************************************
//**************************************************************************
//* File: QueueWatchers.mof
//**************************************************************************

//**************************************************************************
//* This MOF was generated from the "\\.\ROOT\CIMV2"
//* namespace on machine ".".
//* To compile this MOF on another machine you should edit this pragma.
//**************************************************************************
#pragma namespace("\\\\.\\ROOT\\CIMV2")
//**************************************************************************
//* Class: ActiveScriptEventConsumer
//* Derived from: __EventConsumer
//**************************************************************************
[locale(1033)]


//**************************************************************************
//* Instances of: ActiveScriptEventConsumer
//**************************************************************************
instance of ActiveScriptEventConsumer
{
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156,
98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0};
Name = "RMSQMNG_QUEUE_SEND_LOW";
ScriptFilename =
"d:\\isrms\\RMSSCHEDULING\\RMSA\\MSGBULDER\\send_queu_LOW.vbs";
ScriptingEngine = "VBScript";
};
instance of ActiveScriptEventConsumer
{
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156,
98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0};
Name = "RMSQMNG_QUEUE_SEND_MEDIUM";
ScriptFilename =
"d:\\isrms\\RMSSCHEDULING\\RMSA\\MSGBULDER\\send_queu_MEDIUM.vbs";
ScriptingEngine = "VBScript";
};
instance of ActiveScriptEventConsumer
{
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156,
98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0};
Name = "RMSQMNG_QUEUE_SEND_HIGH";
ScriptFilename =
"d:\\isrms\\RMSSCHEDULING\\RMSA\\MSGBULDER\\send_queu_HIGH.vbs";
ScriptingEngine = "VBScript";
};

//**************************************************************************
//* Instances of: __EventFilter
//**************************************************************************


instance of __EventFilter
{
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156,
98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0};
Name = "RMSQMNG_QUEUE_HIGH";
Query = "SELECT * FROM __InstanceOperationEvent WITHIN 60 WHERE
TargetInstance ISA 'CIM_DataFile' and TargetInstance.Drive='D:' and
TargetInstance.Path='\\\\ISRMS\\\\RMSSCHEDULING\\\\RMSA\\\\QUEUE\\\\1\\\\'";
QueryLanguage = "WQL";
};

instance of __EventFilter
{
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156,
98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0};
Name = "RMSQMNG_QUEUE_LOW";
Query = "SELECT * FROM __InstanceOperationEvent WITHIN 3600 WHERE
TargetInstance ISA 'CIM_DataFile' and TargetInstance.Drive='D:' and
TargetInstance.Path='\\\\ISRMS\\\\RMSSCHEDULING\\\\RMSA\\\\QUEUE\\\\3\\\\'";
QueryLanguage = "WQL";
};

instance of __EventFilter
{
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156,
98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0};
Name = "RMSQMNG_QUEUE_MEDIUM";
Query = "SELECT * FROM __InstanceOperationEvent WITHIN 300 WHERE
TargetInstance ISA 'CIM_DataFile' and TargetInstance.Drive='D:' and
TargetInstance.Path='\\\\ISRMS\\\\RMSSCHEDULING\\\\RMSA\\\\QUEUE\\\\2\\\\'";
QueryLanguage = "WQL";
};




//**************************************************************************

//* Instances of: __FilterToConsumerBinding
//**************************************************************************
instance of __FilterToConsumerBinding
{
Consumer =
"\\\\.\\ROOT\\CIMV2:ActiveScriptEventConsumer.Name=\"RMSQMNG_QUEUE_SEND_HIGH
\"";
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156,
98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0};
Filter = "\\\\.\\ROOT\\CIMV2:__EventFilter.Name=\"RMSQMNG_QUEUE_HIGH\"";
};

instance of __FilterToConsumerBinding
{
Consumer =
"\\\\.\\ROOT\\CIMV2:ActiveScriptEventConsumer.Name=\"RMSQMNG_QUEUE_SEND_MEDI
UM\"";
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156,
98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0};
Filter = "\\\\.\\ROOT\\CIMV2:__EventFilter.Name=\"RMSQMNG_QUEUE_MEDIUM\"";
};

instance of __FilterToConsumerBinding
{
Consumer =
"\\\\.\\ROOT\\CIMV2:ActiveScriptEventConsumer.Name=\"RMSQMNG_QUEUE_SEND_LOW\
"";
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156,
98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0};
Filter = "\\\\.\\ROOT\\CIMV2:__EventFilter.Name=\"RMSQMNG_QUEUE_LOW\"";
};


//* EOF QueueWatchers.mof

****************************************************************************
*********************************************
****************************************************************************
*********************************************
****************************************************************************
*********************************************
//**************************************************************************
//* File: NewMOF.mof
//**************************************************************************

//**************************************************************************
//* This MOF was generated from the "\\.\ROOT\subscription"
//* namespace on machine "VNDMITSRMS01".
//* To compile this MOF on another machine you should edit this pragma.
//**************************************************************************
#pragma namespace("\\\\.\\ROOT\\subscription")


//**************************************************************************
//* Instances of: __EventFilter
//**************************************************************************
instance of __EventFilter
{
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 10, 215, 209, 235, 146,
241, 90, 124, 88, 70, 35, 25, 244, 1, 0, 0};
EventNamespace = "root\\cimv2";
Name = "RMSQMIMP_ERROR";
Query = "SELECT * FROM __InstanceCreationEvent WITHIN 60 WHERE
TargetInstance ISA 'CIM_DataFile' and TargetInstance.Drive='D:' and
TargetInstance.Path='\\\\ISRMS\\\\RMSSCHEDULING\\\\RMSQMIMP\\\\error\\\\'";
QueryLanguage = "Wql";
};

instance of __EventFilter
{
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 10, 215, 209, 235, 146,
241, 90, 124, 88, 70, 35, 25, 244, 1, 0, 0};
EventNamespace = "root\\cimv2";
Name = "RMSQMIMP_in";
Query = "SELECT * FROM __InstanceCreationEvent WITHIN 60 WHERE
TargetInstance ISA 'CIM_DataFile' and TargetInstance.Drive='D:' and
TargetInstance.Path='\\\\ISRMS\\\\RMSSCHEDULING\\\\RMSQMIMP\\\\in\\\\'";
QueryLanguage = "Wql";
};

//**************************************************************************
//* Instances of: __FilterToConsumerBinding
//**************************************************************************
instance of __FilterToConsumerBinding
{
Consumer =
"\\\\VNDMITSRMS01\\ROOT\\subscription:CommandLineEventConsumer.Name=\"RMSQMI
MP_startImport\"";
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 10, 215, 209, 235, 146,
241, 90, 124, 88, 70, 35, 25, 244, 1, 0, 0};
Filter =
"\\\\VNDMITSRMS01\\ROOT\\subscription:__EventFilter.Name=\"RMSQMIMP_in\"";
};

instance of __FilterToConsumerBinding
{
Consumer =
"\\\\VNDMITSRMS01\\ROOT\\subscription:SMTPEventConsumer.Name=\"MAIL_TO_SUPPO
RT\"";
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 10, 215, 209, 235, 146,
241, 90, 124, 88, 70, 35, 25, 244, 1, 0, 0};
Filter =
"\\\\VNDMITSRMS01\\ROOT\\subscription:__EventFilter.Name=\"RMSQMIMP_ERROR\""
;
};

//**************************************************************************
//* Instances of: CommandLineEventConsumer
//**************************************************************************
instance of CommandLineEventConsumer
{
CommandLineTemplate = "c:\\\\windows\\\\system32\\\\cmd.exe /c
\"D:\\\\ISRMS\\\\RMSSCHEDULING\\RMSQMIMP\\\\RMSQMIMP_D_000_010.cmd\"";
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 10, 215, 209, 235, 146,
241, 90, 124, 88, 70, 35, 25, 244, 1, 0, 0};
ExecutablePath = "c:\\\\windows\\\\system32\\\\cmd.exe";
Name = "RMSQMIMP_startImport";
};

//**************************************************************************
//* Instances of: SMTPEventConsumer
//**************************************************************************
instance of SMTPEventConsumer
{
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 10, 215, 209, 235, 146,
241, 90, 124, 88, 70, 35, 25, 244, 1, 0, 0};
FromLine = "(e-mail address removed)";
Message = "FAILED to import an RMS Message. %TargetInstance.caption%. See
rms log for details. ( http://vndmitsrms01/isrms )";
Name = "MAIL_TO_SUPPORT";
SMTPServer = "vndsrvex";
Subject = "WARNING: RMS QUEUE MANAGER IMPORTER (RMSQMIMP)";
ToLine = "(e-mail address removed)";
};

//* EOF NewMOF.mof





****************************************************************************
*********************************************
***** wbemess.log
****************************************************************************
*********************************************
****************************************************************************
*********************************************

(Mon Jul 12 10:11:47 2004.133218) : ESS unable to load consumer provider
EventViewerConsumer from provider subsystem: 0x80041013
(Mon Jul 12 10:11:47 2004.133218) : Failed the first attempt to retrieve the
sink to deliver an event to event consumer EventViewerConsumer="testf" with
error code 80041013.
WMI will reload and retry.
(Mon Jul 12 10:11:47 2004.133250) : ESS unable to load consumer provider
EventViewerConsumer from provider subsystem: 0x80041013
(Mon Jul 12 10:11:47 2004.133250) : Failed the second attempt to deliver an
event to event consumer EventViewerConsumer="testf" with error code
80041013.
This event is dropped for this consumer.
(Mon Jul 12 10:11:47 2004.133250) : Dropping event destined for event
consumer EventViewerConsumer="testf" in namespace //./root/CIMV2
(Mon Jul 12 10:11:47 2004.133250) : Dropping event destined for event
consumer EventViewerConsumer="testf" in namespace //./root/CIMV2
(Mon Jul 12 10:11:47 2004.133250) : Dropping event destined for event
consumer EventViewerConsumer="testf" in namespace //./root/CIMV2
(Mon Jul 12 10:11:47 2004.133250) : Dropping event destined for event
consumer EventViewerConsumer="testf" in namespace //./root/CIMV2
(Mon Jul 12 10:12:03 2004.149343) : ESS unable to load consumer provider
EventViewerConsumer from provider subsystem: 0x80041013
(Mon Jul 12 10:12:03 2004.149343) : Failed the first attempt to retrieve the
sink to deliver an event to event consumer EventViewerConsumer="testf" with
error code 80041013.
WMI will reload and retry.
(Mon Jul 12 10:12:03 2004.149406) : ESS unable to load consumer provider
EventViewerConsumer from provider subsystem: 0x80041013
(Mon Jul 12 10:12:03 2004.149406) : Failed the second attempt to deliver an
event to event consumer EventViewerConsumer="testf" with error code
80041013.
This event is dropped for this consumer.
(Mon Jul 12 10:12:03 2004.149406) : Dropping event destined for event
consumer EventViewerConsumer="testf" in namespace //./root/CIMV2
(Mon Jul 12 10:13:04 2004.209328) : ESS unable to load consumer provider
EventViewerConsumer from provider subsystem: 0x80041013
(Mon Jul 12 10:13:04 2004.209328) : Failed the first attempt to retrieve the
sink to deliver an event to event consumer EventViewerConsumer="testf" with
error code 80041013.
WMI will reload and retry.
(Mon Jul 12 10:13:04 2004.209359) : ESS unable to load consumer provider
EventViewerConsumer from provider subsystem: 0x80041013
(Mon Jul 12 10:13:04 2004.209375) : Failed the second attempt to deliver an
event to event consumer EventViewerConsumer="testf" with error code
80041013.
This event is dropped for this consumer.
(Mon Jul 12 10:13:04 2004.209375) : Dropping event destined for event
consumer EventViewerConsumer="testf" in namespace //./root/CIMV2
(Mon Jul 12 10:16:47 2004.430687) : Unloading consumer provider
NTEventLogEventConsumer on (null)
(Mon Jul 12 10:16:48 2004.432156) : Unloading event consumer sink
NTEventLogEventConsumer="SCM Event Log Consumer"

****************************************************************************
*********************************************
************ NTEVT.log
****************************************************************************
*********************************************
****************************************************************************
*********************************************

(Mon Jul 12 10:11:35 2004.121203) :
CEventLogFile::QueryRegForFileName:Failed

(Mon Jul 12 10:11:35 2004.121203) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894

(Mon Jul 12 10:11:35 2004.121203) :
CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value

(Mon Jul 12 10:11:35 2004.121203) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912

(Mon Jul 12 10:11:35 2004.121203) :
CEventLogFile::QueryRegForFileName:Failed

(Mon Jul 12 10:11:35 2004.121203) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:228

(Mon Jul 12 10:11:35 2004.121203) : CEventlogRecord::GenerateInstance:Log:
Application

(Mon Jul 12 10:11:35 2004.121203) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:251

(Mon Jul 12 10:11:35 2004.121203) :
CEventlogRecord::GenerateInstance:Record: 791

(Mon Jul 12 10:11:35 2004.121203) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:266

(Mon Jul 12 10:11:35 2004.121203) :
CEventlogRecord::GenerateInstance:Source: MSSQLSERVER

(Mon Jul 12 10:11:35 2004.121203) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:280

(Mon Jul 12 10:11:35 2004.121203) :
CEventlogRecord::GenerateInstance:TimeGenerated: 20040712101007.000000+120

(Mon Jul 12 10:11:35 2004.121203) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:175

(Mon Jul 12 10:11:35 2004.121203) : CEventProviderManager::SendEvent

(Mon Jul 12 10:11:35 2004.121203) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:151

(Mon Jul 12 10:11:35 2004.121203) : CEventProviderManager::GetNamespacePtr

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894

(Mon Jul 12 10:11:35 2004.121218) :
CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912

(Mon Jul 12 10:11:35 2004.121218) :
CEventLogFile::QueryRegForFileName:Failed

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894

(Mon Jul 12 10:11:35 2004.121218) :
CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912

(Mon Jul 12 10:11:35 2004.121218) :
CEventLogFile::QueryRegForFileName:Failed

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:228

(Mon Jul 12 10:11:35 2004.121218) : CEventlogRecord::GenerateInstance:Log:
Application

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:251

(Mon Jul 12 10:11:35 2004.121218) :
CEventlogRecord::GenerateInstance:Record: 792

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:266

(Mon Jul 12 10:11:35 2004.121218) :
CEventlogRecord::GenerateInstance:Source: MSSQLSERVER

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:280

(Mon Jul 12 10:11:35 2004.121218) :
CEventlogRecord::GenerateInstance:TimeGenerated: 20040712101007.000000+120

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:175

(Mon Jul 12 10:11:35 2004.121218) : CEventProviderManager::SendEvent

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:151

(Mon Jul 12 10:11:35 2004.121218) : CEventProviderManager::GetNamespacePtr

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894

(Mon Jul 12 10:11:35 2004.121218) :
CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912

(Mon Jul 12 10:11:35 2004.121218) :
CEventLogFile::QueryRegForFileName:Failed

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894

(Mon Jul 12 10:11:35 2004.121218) :
CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912

(Mon Jul 12 10:11:35 2004.121218) :
CEventLogFile::QueryRegForFileName:Failed

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:228

(Mon Jul 12 10:11:35 2004.121218) : CEventlogRecord::GenerateInstance:Log:
Application

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:251

(Mon Jul 12 10:11:35 2004.121218) :
CEventlogRecord::GenerateInstance:Record: 793

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:266

(Mon Jul 12 10:11:35 2004.121234) :
CEventlogRecord::GenerateInstance:Source: MSSQLSERVER

(Mon Jul 12 10:11:35 2004.121234) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:280

(Mon Jul 12 10:11:35 2004.121234) :
CEventlogRecord::GenerateInstance:TimeGenerated: 20040712101007.000000+120

(Mon Jul 12 10:11:35 2004.121234) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:175

(Mon Jul 12 10:11:35 2004.121234) : CEventProviderManager::SendEvent

(Mon Jul 12 10:11:35 2004.121234) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:151

(Mon Jul 12 10:11:35 2004.121250) : CEventProviderManager::GetNamespacePtr

(Mon Jul 12 10:11:35 2004.121250) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894

(Mon Jul 12 10:11:35 2004.121250) :
CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value

(Mon Jul 12 10:11:35 2004.121250) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912

(Mon Jul 12 10:11:35 2004.121250) :
CEventLogFile::QueryRegForFileName:Failed

(Mon Jul 12 10:11:35 2004.121250) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894

(Mon Jul 12 10:11:35 2004.121250) :
CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value

(Mon Jul 12 10:11:35 2004.121250) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912

(Mon Jul 12 10:11:35 2004.121250) :
CEventLogFile::QueryRegForFileName:Failed

(Mon Jul 12 10:11:35 2004.121250) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:228

(Mon Jul 12 10:11:35 2004.121250) : CEventlogRecord::GenerateInstance:Log:
Application

(Mon Jul 12 10:11:35 2004.121250) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:251

(Mon Jul 12 10:11:35 2004.121250) :
CEventlogRecord::GenerateInstance:Record: 794

(Mon Jul 12 10:11:35 2004.121250) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:266

(Mon Jul 12 10:11:35 2004.121250) :
CEventlogRecord::GenerateInstance:Source: MSSQLSERVER

(Mon Jul 12 10:11:35 2004.121250) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:280

(Mon Jul 12 10:11:35 2004.121250) :
CEventlogRecord::GenerateInstance:TimeGenerated: 20040712101007.000000+120

(Mon Jul 12 10:11:35 2004.121250) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:175

(Mon Jul 12 10:11:35 2004.121250) : CEventProviderManager::SendEvent

(Mon Jul 12 10:11:35 2004.121250) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:151

(Mon Jul 12 10:11:35 2004.121250) : CEventProviderManager::GetNamespacePtr

(Mon Jul 12 10:11:35 2004.121250) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:228


****************************************************************************
*********************************************
********** WMIPROV.log
****************************************************************************
*********************************************
****************************************************************************
*********************************************

(Mon Jul 12 10:11:34 2004.120593) : Instance Provider constructed
(Mon Jul 12 10:11:34 2004.120609) : Successfully Registered for Mof Events
(Mon Jul 12 10:11:34 2004.120609) : WDM call returned error: 4200
(Mon Jul 12 10:11:35 2004.121687) : ***************************************
(Mon Jul 12 10:11:35 2004.121687) : Binary mof succeeded for:
(Mon Jul 12 10:11:35 2004.121687) :
c:\windows\system32\DNSAPI.dll[MofResource](Mon Jul 12 10:11:35 2004.121687)
:
(Mon Jul 12 10:11:35 2004.121687) : ***************************************
(Mon Jul 12 10:11:35 2004.121828) : Deleting Old Classes for Driver
(Mon Jul 12 10:11:35 2004.121828) :
c:\windows\system32\DNSAPI.dll[MofResource](Mon Jul 12 10:11:35 2004.121828)
:
(Mon Jul 12 10:11:35 2004.121828) : ***************************************
(Mon Jul 12 10:11:35 2004.121953) : Deleting Old Drivers
(Mon Jul 12 10:11:35 2004.121953) : ***************************************
(Mon Jul 12 10:11:35 2004.121953) : Deleting Old Classes for Driver
(Mon Jul 12 10:11:35 2004.121953) :
C:\WINDOWS\system32\comsvcs.dll[COSMofResource](Mon Jul 12 10:11:35
2004.121953) :
(Mon Jul 12 10:11:35 2004.121953) : ***************************************
(Mon Jul 12 10:11:46 2004.132046) : We have been requested to delete this
instance:
(Mon Jul 12 10:11:46 2004.132046) :
WMIBinaryMofResource.HighDateTime=29625108,LowDateTime=3479532032,Name="C:\\
WINDOWS\\system32\\comsvcs.dll[COSMofResource]"(Mon Jul 12 10:11:46
2004.132046) :
(Mon Jul 12 10:11:46 2004.132140) : End of processing Binary MOFS
(Mon Jul 12 10:11:46 2004.132140) : ***************************************
(Mon Jul 12 10:11:46 2004.132359) : Event Provider constructed
(Mon Jul 12 10:12:03 2004.149125) : Instance Provider constructed
(Mon Jul 12 10:14:08 2004.272859) : WDM call returned error: 4200
(Mon Jul 12 10:14:08 2004.272859) : ***************************************
(Mon Jul 12 10:14:08 2004.272859) : BinaryMofsHaveChanged returned FALSE:
(Mon Jul 12 10:17:38 2004.481640) : Instance Provider destructed
(Mon Jul 12 10:17:38 2004.481640) : Instance Provider destructed


****************************************************************************
*********************************************
***** framework.log
****************************************************************************
*********************************************
****************************************************************************
*********************************************

CWbemProviderGlue::Init 07/12/2004 10:39:27.569 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.195]
Failed to open thread token: (1008) 07/12/2004 10:39:27.569 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\createmutexasprocess.cpp.210]
FrameworkLogin: root\cimv2:Win32_PageFileUsage 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_Registry 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_Process 07/12/2004 10:39:27.569 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:CIM_ProcessExecutable 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_DiskPartition 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:CIM_LogicalFile 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_LogonSession 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_LoggedOnUser 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_SessionProcess 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_MappedLogicalDisk 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_1394Controller 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_AutoChkSetting 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_Battery 07/12/2004 10:39:27.569 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_BIOS 07/12/2004 10:39:27.569 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_BootConfiguration 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_BaseService 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_Bus 07/12/2004 10:39:27.569 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:CIM_DataFile 07/12/2004 10:39:27.569 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_CIMLogicalDeviceCIMDataFile 07/12/2004
10:39:27.569 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_CodecFile 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_ComputerSystem 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_DependentService 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_Desktop 07/12/2004 10:39:27.569 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_DesktopMonitor 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_AssociatedBattery 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_DeviceBus 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_DeviceMemoryAddress 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_PNPDevice 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_Directory 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:CIM_DirectoryContainsFile 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_DiskDrive 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_DisplayConfiguration 07/12/2004
10:39:27.569 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_DisplayControllerConfiguration 07/12/2004
10:39:27.569 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_DriverForDevice 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_UserDesktop 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_Environment 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_FloppyDrive 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_FloppyController 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_Group 07/12/2004 10:39:27.584 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_GroupUser 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_IDEController 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_IRQResource 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_InfraredDevice 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_Keyboard 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_LoadOrderGroupServiceDependencies
07/12/2004 10:39:27.584 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_LoadOrderGroupServiceMembers 07/12/2004
10:39:27.584 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_LoadOrderGroup 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_LogicalDiskToPartition 07/12/2004
10:39:27.584 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_LogicalDisk 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_LogicalMemoryConfiguration 07/12/2004
10:39:27.584 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_LogicalProgramGroup 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_LogicalProgramGroupItem 07/12/2004
10:39:27.584 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_LogicalShareAccess 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_LogicalShareAuditing 07/12/2004
10:39:27.584 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_NetworkLoginProfile 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_MotherBoardDevice 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_NetworkAdapter 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_NetworkAdapterConfiguration 07/12/2004
10:39:27.584 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_NetworkClient 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_NetworkConnection 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_OperatingSystem 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_PageFile 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_PageFileSetting 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_ParallelPort 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_PCMCIAController 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_PointingDevice 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_PortResource 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_UninterruptiblePowerSupply 07/12/2004
10:39:27.584 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_Printer 07/12/2004 10:39:27.584 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_PrinterDriver 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_TCPIPPrinterPort 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_PrinterConfiguration 07/12/2004
10:39:27.584 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_PrinterController 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_PrinterDriverDLL 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_PrinterShare 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
.......

Leaving CTimerQueue::dwNextTimerEvent 07/12/2004 10:39:27.881 thread:3352
[d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\timerqueue.cpp.40
9]
ExecQueryAsync: select * from Win32_ShortcutFile where (Path =
"\\ISRMS\\RMSSCHEDULING\\RMSA\\QUEUE\\1\\" AND Drive = "D:") - Succeeded
07/12/2004 10:39:27.881 thread:3356
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.888]
CWbemProviderGlue::Release, count is (approx) 2 07/12/2004 10:39:27.881
thread:3356 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.514]


Met vriendelijke groeten,
Michel Kamp



Boggie said:
Also, if the shell value is OK, what other messages do you have in there? Do
you see this one? "LoadShellName failed"

**is trying to impersonate to ??what??**
Is trying to impersonate the currently logged on user, but it fails before
that.

When did this start happening?
--
This posting is provided "AS IS" with no warranties, and confers no rights
Thx_Bogdan


WMI_News said:
Can you go in the registry under the following reg key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

and see what do you have for the Shell value?

You should normally see something like:

Shell REG_SZ Explorer.exe

Thx_Bogdan
Hello,

Can somebody tell me where to look to solve this.
I'm getting every 60sec an new entry in the WMI framework log.
Have setup binding with an win32_datafile filter and a activescript
consumer. Everything is work good. But it seems that the scrcons.exe process
is trying to impersonate to ??what?? . Everything is running under local
system. I'm running Win2003 with the latest SP Fixes. Ive setup an same
situation an an Win2000 server and where it works without the log entry's...
Seems to bee an security setting... ?

Here is one snapshot of the framework file:

Shell Name Explorer.exe in Registry not found in process list. 07/09/2004
13:03:07.801 thread:4052
[d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.
156]

Unable to locate Shell Process, Impersonation failed. 07/09/2004
13:03:07.817 thread:428
[d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.
168]


THANKS!
michelk<remove me>@infosupport.com
 
Ad

Advertisements

M

michelk

Hello,

After a time.. Microsoft say's "You can Ignore this , it's by design" . It
has something to do with the Kerberos/ NTLM authorization. On win2003
machines Kerberos used instead of NTLM. But WMI is first trying NTLM , this
fails and the log records are created, then WMI try's Kerberos.

My question , is this also happening on other systems .. can soneone please
test and respond this...



michelk said:
Hello, Thanks for responding,

I've also launched an support call to Microsoft. They are also on it now.
I've included one of the support descriptions I've send to MS.

-I've looked at the registry and the explorer key is valid.
-The current user I'm logged on is the local Administrator.
- Server has joined a domain. (cronos)
-Administrator has full NTFS permissions on all the directories.
-I'm sure it has something to do with the cim_datafile filter. When I
activate this the messages are appearing every 60sec.

Shell Name Explorer.exe in Registry not found in process list. 07/19/2004
07:16:29.486 thread:2844
[d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.
156]
Shell Name Explorer.exe in Registry not found in process list. 07/19/2004
07:16:29.502 thread:3528
[d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.
156]
Unable to locate Shell Process, Impersonation failed. 07/19/2004
07:16:29.502 thread:2412
[d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.
168]
Unable to locate Shell Process, Impersonation failed. 07/19/2004
07:16:29.517 thread:3436
[d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.
168]
.......
--------------------------------------------------------------------------
--
--------
Here the support mail:
Henning,

Thanks you for responding. The main problem is basically the impersonation
error I'm getting in the framework log.
All the logging I've included in my provirus mails. (I've included them
again to be sure in this mail)
"Unable to locate Shell Process, Impersonation failed"
This message I'm getting every 60sec. The NT eventlog shows also every 60sec
a Audit Fails. This only oucurs when I activate the Cim_datafile filters.
The second problem is that also the eventviewer consumer is not working on
the windows2003 server. (but this has no prio)

gz, Michel

Logon Failure:

Reason: An error occurred during logon

User Name:

Domain:

Logon Type: 3

Logon Process: Authz

Authentication Package: Kerberos

Workstation Name: VNDMITSRMS01

Status code: 0xC000018B

Substatus code: 0x0

Caller User Name: VNDMITSRMS01$

Caller Domain: CRONOS

Caller Logon ID: -0x0,0x3E7-

Caller Process ID: 1104

Transited Services: -

Source Network Address: -

Source Port: -



****************************************************************************
*********************************************
Mof files:
****************************************************************************
*********************************************
//**************************************************************************
//* File: QueueWatchers.mof
//**************************************************************************//**************************************************************************
//* This MOF was generated from the "\\.\ROOT\CIMV2"
//* namespace on machine ".".
//* To compile this MOF on another machine you should edit this pragma.
//**************************************************************************
#pragma namespace("\\\\.\\ROOT\\CIMV2")
//**************************************************************************
//* Class: ActiveScriptEventConsumer
//* Derived from: __EventConsumer
//**************************************************************************
[locale(1033)]
//**************************************************************************
//* Instances of: ActiveScriptEventConsumer
//**************************************************************************
instance of ActiveScriptEventConsumer
{
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156,
98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0};
Name = "RMSQMNG_QUEUE_SEND_LOW";
ScriptFilename =
"d:\\isrms\\RMSSCHEDULING\\RMSA\\MSGBULDER\\send_queu_LOW.vbs";
ScriptingEngine = "VBScript";
};
instance of ActiveScriptEventConsumer
{
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156,
98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0};
Name = "RMSQMNG_QUEUE_SEND_MEDIUM";
ScriptFilename =
"d:\\isrms\\RMSSCHEDULING\\RMSA\\MSGBULDER\\send_queu_MEDIUM.vbs";
ScriptingEngine = "VBScript";
};
instance of ActiveScriptEventConsumer
{
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156,
98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0};
Name = "RMSQMNG_QUEUE_SEND_HIGH";
ScriptFilename =
"d:\\isrms\\RMSSCHEDULING\\RMSA\\MSGBULDER\\send_queu_HIGH.vbs";
ScriptingEngine = "VBScript";
};

//**************************************************************************
//* Instances of: __EventFilter
//**************************************************************************


instance of __EventFilter
{
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156,
98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0};
Name = "RMSQMNG_QUEUE_HIGH";
Query = "SELECT * FROM __InstanceOperationEvent WITHIN 60 WHERE
TargetInstance ISA 'CIM_DataFile' and TargetInstance.Drive='D:' and
TargetInstance.Path='\\\\ISRMS\\\\RMSSCHEDULING\\\\RMSA\\\\QUEUE\\\\1\\\\'";
QueryLanguage = "WQL";
};

instance of __EventFilter
{
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156,
98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0};
Name = "RMSQMNG_QUEUE_LOW";
Query = "SELECT * FROM __InstanceOperationEvent WITHIN 3600 WHERE
TargetInstance ISA 'CIM_DataFile' and TargetInstance.Drive='D:' and
TargetInstance.Path='\\\\ISRMS\\\\RMSSCHEDULING\\\\RMSA\\\\QUEUE\\\\3\\\\'";
QueryLanguage = "WQL";
};

instance of __EventFilter
{
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156,
98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0};
Name = "RMSQMNG_QUEUE_MEDIUM";
Query = "SELECT * FROM __InstanceOperationEvent WITHIN 300 WHERE
TargetInstance ISA 'CIM_DataFile' and TargetInstance.Drive='D:' and
TargetInstance.Path='\\\\ISRMS\\\\RMSSCHEDULING\\\\RMSA\\\\QUEUE\\\\2\\\\'";
QueryLanguage = "WQL";
};




//**************************************************************************

//* Instances of: __FilterToConsumerBinding
//**************************************************************************
instance of __FilterToConsumerBinding
{
Consumer =
"\\\\.\\ROOT\\CIMV2:ActiveScriptEventConsumer.Name=\"RMSQMNG_QUEUE_SEND_HIGH
\"";
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156,
98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0};
Filter = "\\\\.\\ROOT\\CIMV2:__EventFilter.Name=\"RMSQMNG_QUEUE_HIGH\"";
};

instance of __FilterToConsumerBinding
{
Consumer =
"\\\\.\\ROOT\\CIMV2:ActiveScriptEventConsumer.Name=\"RMSQMNG_QUEUE_SEND_MEDI
UM\"";
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156,
98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0};
Filter = "\\\\.\\ROOT\\CIMV2:__EventFilter.Name=\"RMSQMNG_QUEUE_MEDIUM\"";
};

instance of __FilterToConsumerBinding
{
Consumer =
"\\\\.\\ROOT\\CIMV2:ActiveScriptEventConsumer.Name=\"RMSQMNG_QUEUE_SEND_LOW\
"";
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 115, 15, 108, 4, 156,
98, 128, 20, 110, 29, 131, 74, 252, 6, 0, 0};
Filter = "\\\\.\\ROOT\\CIMV2:__EventFilter.Name=\"RMSQMNG_QUEUE_LOW\"";
};


//* EOF QueueWatchers.mof

****************************************************************************
*********************************************
****************************************************************************
*********************************************
****************************************************************************
*********************************************
//**************************************************************************
//* File: NewMOF.mof
//**************************************************************************//**************************************************************************
//* This MOF was generated from the "\\.\ROOT\subscription"
//* namespace on machine "VNDMITSRMS01".
//* To compile this MOF on another machine you should edit this pragma.
//**************************************************************************
#pragma namespace("\\\\.\\ROOT\\subscription")


//**************************************************************************
//* Instances of: __EventFilter
//**************************************************************************
instance of __EventFilter
{
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 10, 215, 209, 235, 146,
241, 90, 124, 88, 70, 35, 25, 244, 1, 0, 0};
EventNamespace = "root\\cimv2";
Name = "RMSQMIMP_ERROR";
Query = "SELECT * FROM __InstanceCreationEvent WITHIN 60 WHERE
TargetInstance ISA 'CIM_DataFile' and TargetInstance.Drive='D:' and
TargetInstance.Path='\\\\ISRMS\\\\RMSSCHEDULING\\\\RMSQMIMP\\\\error\\\\'";
QueryLanguage = "Wql";
};

instance of __EventFilter
{
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 10, 215, 209, 235, 146,
241, 90, 124, 88, 70, 35, 25, 244, 1, 0, 0};
EventNamespace = "root\\cimv2";
Name = "RMSQMIMP_in";
Query = "SELECT * FROM __InstanceCreationEvent WITHIN 60 WHERE
TargetInstance ISA 'CIM_DataFile' and TargetInstance.Drive='D:' and
TargetInstance.Path='\\\\ISRMS\\\\RMSSCHEDULING\\\\RMSQMIMP\\\\in\\\\'";
QueryLanguage = "Wql";
};

//**************************************************************************
//* Instances of: __FilterToConsumerBinding
//**************************************************************************
instance of __FilterToConsumerBinding
{
Consumer =
"\\\\VNDMITSRMS01\\ROOT\\subscription:CommandLineEventConsumer.Name=\"RMSQMI
MP_startImport\"";
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 10, 215, 209, 235, 146,
241, 90, 124, 88, 70, 35, 25, 244, 1, 0, 0};
Filter =
"\\\\VNDMITSRMS01\\ROOT\\subscription:__EventFilter.Name=\"RMSQMIMP_in\"";
};

instance of __FilterToConsumerBinding
{
Consumer =
"\\\\VNDMITSRMS01\\ROOT\\subscription:SMTPEventConsumer.Name=\"MAIL_TO_SUPPO
RT\"";
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 10, 215, 209, 235, 146,
241, 90, 124, 88, 70, 35, 25, 244, 1, 0, 0};
Filter =
"\\\\VNDMITSRMS01\\ROOT\\subscription:__EventFilter.Name=\"RMSQMIMP_ERROR\""
//**************************************************************************
//* Instances of: CommandLineEventConsumer
//**************************************************************************
instance of CommandLineEventConsumer
{
CommandLineTemplate = "c:\\\\windows\\\\system32\\\\cmd.exe /c
\"D:\\\\ISRMS\\\\RMSSCHEDULING\\RMSQMIMP\\\\RMSQMIMP_D_000_010.cmd\"";
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 10, 215, 209, 235, 146,
241, 90, 124, 88, 70, 35, 25, 244, 1, 0, 0};
ExecutablePath = "c:\\\\windows\\\\system32\\\\cmd.exe";
Name = "RMSQMIMP_startImport";
};

//**************************************************************************
//* Instances of: SMTPEventConsumer
//**************************************************************************
instance of SMTPEventConsumer
{
CreatorSID = {1, 5, 0, 0, 0, 0, 0, 5, 21, 0, 0, 0, 10, 215, 209, 235, 146,
241, 90, 124, 88, 70, 35, 25, 244, 1, 0, 0};
FromLine = "(e-mail address removed)";
Message = "FAILED to import an RMS Message. %TargetInstance.caption%. See
rms log for details. ( http://vndmitsrms01/isrms )";
Name = "MAIL_TO_SUPPORT";
SMTPServer = "vndsrvex";
Subject = "WARNING: RMS QUEUE MANAGER IMPORTER (RMSQMIMP)";
ToLine = "(e-mail address removed)";
};

//* EOF NewMOF.mof





****************************************************************************
*********************************************
***** wbemess.log
****************************************************************************
*********************************************
****************************************************************************
*********************************************

(Mon Jul 12 10:11:47 2004.133218) : ESS unable to load consumer provider
EventViewerConsumer from provider subsystem: 0x80041013
(Mon Jul 12 10:11:47 2004.133218) : Failed the first attempt to retrieve the
sink to deliver an event to event consumer EventViewerConsumer="testf" with
error code 80041013.
WMI will reload and retry.
(Mon Jul 12 10:11:47 2004.133250) : ESS unable to load consumer provider
EventViewerConsumer from provider subsystem: 0x80041013
(Mon Jul 12 10:11:47 2004.133250) : Failed the second attempt to deliver an
event to event consumer EventViewerConsumer="testf" with error code
80041013.
This event is dropped for this consumer.
(Mon Jul 12 10:11:47 2004.133250) : Dropping event destined for event
consumer EventViewerConsumer="testf" in namespace //./root/CIMV2
(Mon Jul 12 10:11:47 2004.133250) : Dropping event destined for event
consumer EventViewerConsumer="testf" in namespace //./root/CIMV2
(Mon Jul 12 10:11:47 2004.133250) : Dropping event destined for event
consumer EventViewerConsumer="testf" in namespace //./root/CIMV2
(Mon Jul 12 10:11:47 2004.133250) : Dropping event destined for event
consumer EventViewerConsumer="testf" in namespace //./root/CIMV2
(Mon Jul 12 10:12:03 2004.149343) : ESS unable to load consumer provider
EventViewerConsumer from provider subsystem: 0x80041013
(Mon Jul 12 10:12:03 2004.149343) : Failed the first attempt to retrieve the
sink to deliver an event to event consumer EventViewerConsumer="testf" with
error code 80041013.
WMI will reload and retry.
(Mon Jul 12 10:12:03 2004.149406) : ESS unable to load consumer provider
EventViewerConsumer from provider subsystem: 0x80041013
(Mon Jul 12 10:12:03 2004.149406) : Failed the second attempt to deliver an
event to event consumer EventViewerConsumer="testf" with error code
80041013.
This event is dropped for this consumer.
(Mon Jul 12 10:12:03 2004.149406) : Dropping event destined for event
consumer EventViewerConsumer="testf" in namespace //./root/CIMV2
(Mon Jul 12 10:13:04 2004.209328) : ESS unable to load consumer provider
EventViewerConsumer from provider subsystem: 0x80041013
(Mon Jul 12 10:13:04 2004.209328) : Failed the first attempt to retrieve the
sink to deliver an event to event consumer EventViewerConsumer="testf" with
error code 80041013.
WMI will reload and retry.
(Mon Jul 12 10:13:04 2004.209359) : ESS unable to load consumer provider
EventViewerConsumer from provider subsystem: 0x80041013
(Mon Jul 12 10:13:04 2004.209375) : Failed the second attempt to deliver an
event to event consumer EventViewerConsumer="testf" with error code
80041013.
This event is dropped for this consumer.
(Mon Jul 12 10:13:04 2004.209375) : Dropping event destined for event
consumer EventViewerConsumer="testf" in namespace //./root/CIMV2
(Mon Jul 12 10:16:47 2004.430687) : Unloading consumer provider
NTEventLogEventConsumer on (null)
(Mon Jul 12 10:16:48 2004.432156) : Unloading event consumer sink
NTEventLogEventConsumer="SCM Event Log Consumer"

****************************************************************************
*********************************************
************ NTEVT.log
****************************************************************************
*********************************************
****************************************************************************
*********************************************

(Mon Jul 12 10:11:35 2004.121203) :
CEventLogFile::QueryRegForFileName:Failed

(Mon Jul 12 10:11:35 2004.121203) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894

(Mon Jul 12 10:11:35 2004.121203) :
CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value

(Mon Jul 12 10:11:35 2004.121203) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912

(Mon Jul 12 10:11:35 2004.121203) :
CEventLogFile::QueryRegForFileName:Failed

(Mon Jul 12 10:11:35 2004.121203) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:228

(Mon Jul 12 10:11:35 2004.121203) : CEventlogRecord::GenerateInstance:Log:
Application

(Mon Jul 12 10:11:35 2004.121203) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:251

(Mon Jul 12 10:11:35 2004.121203) :
CEventlogRecord::GenerateInstance:Record: 791

(Mon Jul 12 10:11:35 2004.121203) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:266

(Mon Jul 12 10:11:35 2004.121203) :
CEventlogRecord::GenerateInstance:Source: MSSQLSERVER

(Mon Jul 12 10:11:35 2004.121203) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:280

(Mon Jul 12 10:11:35 2004.121203) :
CEventlogRecord::GenerateInstance:TimeGenerated: 20040712101007.000000+120

(Mon Jul 12 10:11:35 2004.121203) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:175

(Mon Jul 12 10:11:35 2004.121203) : CEventProviderManager::SendEvent

(Mon Jul 12 10:11:35 2004.121203) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:151

(Mon Jul 12 10:11:35 2004.121203) : CEventProviderManager::GetNamespacePtr

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894

(Mon Jul 12 10:11:35 2004.121218) :
CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912

(Mon Jul 12 10:11:35 2004.121218) :
CEventLogFile::QueryRegForFileName:Failed

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894

(Mon Jul 12 10:11:35 2004.121218) :
CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912

(Mon Jul 12 10:11:35 2004.121218) :
CEventLogFile::QueryRegForFileName:Failed

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:228

(Mon Jul 12 10:11:35 2004.121218) : CEventlogRecord::GenerateInstance:Log:
Application

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:251

(Mon Jul 12 10:11:35 2004.121218) :
CEventlogRecord::GenerateInstance:Record: 792

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:266

(Mon Jul 12 10:11:35 2004.121218) :
CEventlogRecord::GenerateInstance:Source: MSSQLSERVER

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:280

(Mon Jul 12 10:11:35 2004.121218) :
CEventlogRecord::GenerateInstance:TimeGenerated: 20040712101007.000000+120

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:175

(Mon Jul 12 10:11:35 2004.121218) : CEventProviderManager::SendEvent

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:151

(Mon Jul 12 10:11:35 2004.121218) : CEventProviderManager::GetNamespacePtr

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894

(Mon Jul 12 10:11:35 2004.121218) :
CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912

(Mon Jul 12 10:11:35 2004.121218) :
CEventLogFile::QueryRegForFileName:Failed

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894

(Mon Jul 12 10:11:35 2004.121218) :
CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912

(Mon Jul 12 10:11:35 2004.121218) :
CEventLogFile::QueryRegForFileName:Failed

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:228

(Mon Jul 12 10:11:35 2004.121218) : CEventlogRecord::GenerateInstance:Log:
Application

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:251

(Mon Jul 12 10:11:35 2004.121218) :
CEventlogRecord::GenerateInstance:Record: 793

(Mon Jul 12 10:11:35 2004.121218) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:266

(Mon Jul 12 10:11:35 2004.121234) :
CEventlogRecord::GenerateInstance:Source: MSSQLSERVER

(Mon Jul 12 10:11:35 2004.121234) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:280

(Mon Jul 12 10:11:35 2004.121234) :
CEventlogRecord::GenerateInstance:TimeGenerated: 20040712101007.000000+120

(Mon Jul 12 10:11:35 2004.121234) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:175

(Mon Jul 12 10:11:35 2004.121234) : CEventProviderManager::SendEvent

(Mon Jul 12 10:11:35 2004.121234) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:151

(Mon Jul 12 10:11:35 2004.121250) : CEventProviderManager::GetNamespacePtr

(Mon Jul 12 10:11:35 2004.121250) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894

(Mon Jul 12 10:11:35 2004.121250) :
CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value

(Mon Jul 12 10:11:35 2004.121250) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912

(Mon Jul 12 10:11:35 2004.121250) :
CEventLogFile::QueryRegForFileName:Failed

(Mon Jul 12 10:11:35 2004.121250) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:894

(Mon Jul 12 10:11:35 2004.121250) :
CEventLogFile::QueryRegForFileName:Failed to get ParameterMessageFile value

(Mon Jul 12 10:11:35 2004.121250) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogf.cpp:912

(Mon Jul 12 10:11:35 2004.121250) :
CEventLogFile::QueryRegForFileName:Failed

(Mon Jul 12 10:11:35 2004.121250) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:228

(Mon Jul 12 10:11:35 2004.121250) : CEventlogRecord::GenerateInstance:Log:
Application

(Mon Jul 12 10:11:35 2004.121250) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:251

(Mon Jul 12 10:11:35 2004.121250) :
CEventlogRecord::GenerateInstance:Record: 794

(Mon Jul 12 10:11:35 2004.121250) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:266

(Mon Jul 12 10:11:35 2004.121250) :
CEventlogRecord::GenerateInstance:Source: MSSQLSERVER

(Mon Jul 12 10:11:35 2004.121250) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:280

(Mon Jul 12 10:11:35 2004.121250) :
CEventlogRecord::GenerateInstance:TimeGenerated: 20040712101007.000000+120

(Mon Jul 12 10:11:35 2004.121250) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:175

(Mon Jul 12 10:11:35 2004.121250) : CEventProviderManager::SendEvent

(Mon Jul 12 10:11:35 2004.121250) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtthrd.cpp:151

(Mon Jul 12 10:11:35 2004.121250) : CEventProviderManager::GetNamespacePtr

(Mon Jul 12 10:11:35 2004.121250) :
d:\srv03rtm\admin\wmi\wbem\providers\nteventprovider\dll\ntevtlogr.cpp:228


****************************************************************************
*********************************************
********** WMIPROV.log
****************************************************************************
*********************************************
****************************************************************************
*********************************************

(Mon Jul 12 10:11:34 2004.120593) : Instance Provider constructed
(Mon Jul 12 10:11:34 2004.120609) : Successfully Registered for Mof Events
(Mon Jul 12 10:11:34 2004.120609) : WDM call returned error: 4200
(Mon Jul 12 10:11:35 2004.121687) : ***************************************
(Mon Jul 12 10:11:35 2004.121687) : Binary mof succeeded for:
(Mon Jul 12 10:11:35 2004.121687) :
c:\windows\system32\DNSAPI.dll[MofResource](Mon Jul 12 10:11:35 2004.121687)
:
(Mon Jul 12 10:11:35 2004.121687) : ***************************************
(Mon Jul 12 10:11:35 2004.121828) : Deleting Old Classes for Driver
(Mon Jul 12 10:11:35 2004.121828) :
c:\windows\system32\DNSAPI.dll[MofResource](Mon Jul 12 10:11:35 2004.121828)
:
(Mon Jul 12 10:11:35 2004.121828) : ***************************************
(Mon Jul 12 10:11:35 2004.121953) : Deleting Old Drivers
(Mon Jul 12 10:11:35 2004.121953) : ***************************************
(Mon Jul 12 10:11:35 2004.121953) : Deleting Old Classes for Driver
(Mon Jul 12 10:11:35 2004.121953) :
C:\WINDOWS\system32\comsvcs.dll[COSMofResource](Mon Jul 12 10:11:35
2004.121953) :
(Mon Jul 12 10:11:35 2004.121953) : ***************************************
(Mon Jul 12 10:11:46 2004.132046) : We have been requested to delete this
instance:
(Mon Jul 12 10:11:46 2004.132046) :
WMIBinaryMofResource.HighDateTime=29625108,LowDateTime=3479532032,Name="C:\\
WINDOWS\\system32\\comsvcs.dll[COSMofResource]"(Mon Jul 12 10:11:46
2004.132046) :
(Mon Jul 12 10:11:46 2004.132140) : End of processing Binary MOFS
(Mon Jul 12 10:11:46 2004.132140) : ***************************************
(Mon Jul 12 10:11:46 2004.132359) : Event Provider constructed
(Mon Jul 12 10:12:03 2004.149125) : Instance Provider constructed
(Mon Jul 12 10:14:08 2004.272859) : WDM call returned error: 4200
(Mon Jul 12 10:14:08 2004.272859) : ***************************************
(Mon Jul 12 10:14:08 2004.272859) : BinaryMofsHaveChanged returned FALSE:
(Mon Jul 12 10:17:38 2004.481640) : Instance Provider destructed
(Mon Jul 12 10:17:38 2004.481640) : Instance Provider destructed


****************************************************************************
*********************************************
***** framework.log
****************************************************************************
*********************************************
****************************************************************************
*********************************************

CWbemProviderGlue::Init 07/12/2004 10:39:27.569 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.195]
Failed to open thread token: (1008) 07/12/2004 10:39:27.569 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\createmutexasprocess.cpp.210]
FrameworkLogin: root\cimv2:Win32_PageFileUsage 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_Registry 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_Process 07/12/2004 10:39:27.569 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:CIM_ProcessExecutable 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_DiskPartition 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:CIM_LogicalFile 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_LogonSession 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_LoggedOnUser 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_SessionProcess 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_MappedLogicalDisk 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_1394Controller 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_AutoChkSetting 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_Battery 07/12/2004 10:39:27.569 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_BIOS 07/12/2004 10:39:27.569 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_BootConfiguration 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_BaseService 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_Bus 07/12/2004 10:39:27.569 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:CIM_DataFile 07/12/2004 10:39:27.569 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_CIMLogicalDeviceCIMDataFile 07/12/2004
10:39:27.569 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_CodecFile 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_ComputerSystem 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_DependentService 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_Desktop 07/12/2004 10:39:27.569 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_DesktopMonitor 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_AssociatedBattery 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_DeviceBus 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_DeviceMemoryAddress 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_PNPDevice 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_Directory 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:CIM_DirectoryContainsFile 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_DiskDrive 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_DisplayConfiguration 07/12/2004
10:39:27.569 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_DisplayControllerConfiguration 07/12/2004
10:39:27.569 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_DriverForDevice 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_UserDesktop 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_Environment 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_FloppyDrive 07/12/2004 10:39:27.569
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_FloppyController 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_Group 07/12/2004 10:39:27.584 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_GroupUser 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_IDEController 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_IRQResource 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_InfraredDevice 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_Keyboard 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_LoadOrderGroupServiceDependencies
07/12/2004 10:39:27.584 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_LoadOrderGroupServiceMembers 07/12/2004
10:39:27.584 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_LoadOrderGroup 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_LogicalDiskToPartition 07/12/2004
10:39:27.584 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_LogicalDisk 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_LogicalMemoryConfiguration 07/12/2004
10:39:27.584 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_LogicalProgramGroup 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_LogicalProgramGroupItem 07/12/2004
10:39:27.584 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_LogicalShareAccess 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_LogicalShareAuditing 07/12/2004
10:39:27.584 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_NetworkLoginProfile 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_MotherBoardDevice 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_NetworkAdapter 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_NetworkAdapterConfiguration 07/12/2004
10:39:27.584 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_NetworkClient 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_NetworkConnection 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_OperatingSystem 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_PageFile 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_PageFileSetting 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_ParallelPort 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_PCMCIAController 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_PointingDevice 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_PortResource 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_UninterruptiblePowerSupply 07/12/2004
10:39:27.584 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_Printer 07/12/2004 10:39:27.584 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_PrinterDriver 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_TCPIPPrinterPort 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_PrinterConfiguration 07/12/2004
10:39:27.584 thread:3336
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_PrinterController 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_PrinterDriverDLL 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
FrameworkLogin: root\cimv2:Win32_PrinterShare 07/12/2004 10:39:27.584
thread:3336 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2209]
......

Leaving CTimerQueue::dwNextTimerEvent 07/12/2004 10:39:27.881 thread:3352
[d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\timerqueue.cpp.40
9]
ExecQueryAsync: select * from Win32_ShortcutFile where (Path =
"\\ISRMS\\RMSSCHEDULING\\RMSA\\QUEUE\\1\\" AND Drive = "D:") - Succeeded
07/12/2004 10:39:27.881 thread:3356
[d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.888]
CWbemProviderGlue::Release, count is (approx) 2 07/12/2004 10:39:27.881
thread:3356 [d:\srv03rtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.514]


Met vriendelijke groeten,
Michel Kamp



Boggie said:
Also, if the shell value is OK, what other messages do you have in
there?
Do
you see this one? "LoadShellName failed"

**is trying to impersonate to ??what??**
Is trying to impersonate the currently logged on user, but it fails before
that.

When did this start happening?
[d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.
156]

Unable to locate Shell Process, Impersonation failed. 07/09/2004
13:03:07.817 thread:428
[d:\srv03rtm\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.
168]


THANKS!
michelk<remove me>@infosupport.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top