L
levitation30
Summary:
Windows XP. WMI wouldn't start. I fixed it.
I'm no expert on this, so comments invited.
--------------------------------------------------------------------
Background:
I discovered I couldn't start WMI (the classic problem with many
causes),
Found out after installing xp sp2, which needs it for configuring its
firewall.
Had to uninstall sp2 as a result.
Looking in the logs, WMI stopped working sometime in the last year.
I read all the stuff on the web and nothing worked.
I did a winnt32.exe /noattend install of first a slipstreamed xp sp1,
then a straight xp. Followed by all the updates from windowsupdate.
Nothing help.
I deleted wbem folders, changed wbem registry entries, rebuilt
the Repository. I checked permissions on my drive and my registry
entries. (A nice free tool for that is at
http://www.sysinternals.com/ntw2k/source/accessenum.shtml).
I logged on as Administrator. I tried mofcomp, wbemtest, wmic.
I removed mofs from the wbem autorecover registry entries.
I enabled more extenstive logs. I looked at logs. I tried everything.
Then I started reading more about this WMI, and how it uses DCOM.
I suspected the key issue was not "virus corruption" which everyone
immediately alludes to, but that it wasn't starting up it's connection
to DCOM for some reason.
There are launch permissions for DCOM. There are defaults, and there
are application-specific permissions.
I thought I'd check all this and find something wrong.
I got WMI up. But not how I expected. After looking thru all
this, using the gui's rather than random registry entries, I'm
suspecting many WMI problems are connected with the DCOM startup.
So I'll walk thru that, as much as I know. And end with the fix
for my case.
One funny thing: seems like you can't find out what services WMI is
dependent
on..using the Dependencies tab in it's service. You just have to know.
---------------------------------------------------------------------
Detail:
Easiest to get access to all this stuff thru dcomcnfg
1) Start, Run, dcomcnfg
2) In the left pane, double click on Component Services to expand
3) Double click on Computer to expand
4) Right click on My Computer, and select Properties
Now we'll walk thru the tabs and make sure they're ok. (if you change
any, remember to click OK on the relevant window)
5) Click on the Default Protocols tab
6) Should see Connection-oriented TCP/IP (and maybe
Connection-oriented SPX)
7) Select Connection-oriented TCP/IP, and click on the Properties
button
8) There should be no port ranges listed
9) close the window with OK, then click on the MSDTC tab
10) "Use local coordinator" should be checked, Client Network Protocol
Configuration
should be "TCP/IP"
11) Click on Security Configuration. "Network DTC Access", "Network
Administration"
"Network Transactions", and "XA Transactions" should all be checked.
Others not.
12) The DTC Logon Account should be "NT AUTHORITY\NetworkServices".
Click OK to close window
13) Now click on Default Properties tab (this is still the "My
Computer Properties" window)
14) "Enable Distributed COM on this computer" should be checked.
15) Default Authentication Level shoudl be set to "Connect" (this can
vary, but use "Connect")
16) Default Impersonation Level should be set to "Identify" (this can
vary but use "Identify"
17) Now click to the Default COM Security Tab
18) Click on Edit Default under Access Permissions
19) You should see Administrators and System listed, Select each to
see the Access Permission
Should be Allow on both.
20) Click Ok and now Edit Default under Launch Permissions
21) Should see Administrators, INTERACTIVE, SYSTEM listed. (I think I
may have added
Administrators when I didn't need to on one of these. May not be need.
22) Again, select each to see that they all have Allow on Launch
Permission. Click OK to close window
If necessary, use Add, Advanced, Find Now and select the relevant one
to add, if you want/need to add)
23) Now click OK to close the "My Computer Properties" window.
Go back to the dcomcnfg window
24) Double click on My Computer to expand
25) Double click on DCOM Config to expand
26) scroll down and find the "Windows Management and Instrumentation"
entry. Right click
and select Properties on it.
27) You'll get a window for it. With the General tab selected,
You should see Authenication Level: "Connect"
(Default is probably okay. I have Connect)
28) Click on the "Location" tab. should be a check next to "Run
application
on this computer"
29) Click on the Security Tab. It's easiest if the Launch Permission
and Access Permission
are selected to be "Use Default". If you want to leave on "Customize"
You have to click
Edit to check for basically what you just put in as default for the
dcom config. Just select
default here for Launch and Access Permission.
30) Under Configuration Permissions, it probably has Customize
selected (should
be that way already). Click Edit to see who...it's a longer list and
it's probably okay.
click ok to close window
31) Click Identity tab. Should see "...default system protocols"
listed. Click Ok to close.
Go back to the dcomcnfg window
32) Left click on "Services (Local)" (at the bottom of the left pane)
33) Find "Event Log" in the right pane window
34) Right click it and select Properties
35) This next step is key....
The Startup type: must NOT say "Disabled". It HAS to say "Automatic"
change if necessary. T
36) If you click on the Dependencies tab, you will see "Windows
Management Instrumentation"
as being dependent on this service..but only when you get WMI running!
At this
point you won't see it!! So how could you know??
click ok to close window.
37) You may want to rebuild your wbem Repository. if so do this
open cmd.exe and copy/paste the following commands in order.
%homedrive%
cd %windir%\system32\wbem\repository
net stop winmgmt
del * /s /q
regsvr32 wbemupgd.dll
38) Now start the WMI service if not already started.
In the same Services (Local) pane where you looked at the Event Log
service,
find the "Windows Management Instrumentation" service.
Right click and select properties. check that Startup Type says
"Automatic". Click OK
39) If it's not already started, then right click it and select Start.
40) It should say it's started at this point. (a little window will
come
up with a moving green bar)
It turns out for me, that the only issue apparently was that the Event
Log
was disabled. But thought I'd include all the above, as a sanity check
for possible other issues related to WMI/DCOM startup.
-lev
Windows XP. WMI wouldn't start. I fixed it.
I'm no expert on this, so comments invited.
--------------------------------------------------------------------
Background:
I discovered I couldn't start WMI (the classic problem with many
causes),
Found out after installing xp sp2, which needs it for configuring its
firewall.
Had to uninstall sp2 as a result.
Looking in the logs, WMI stopped working sometime in the last year.
I read all the stuff on the web and nothing worked.
I did a winnt32.exe /noattend install of first a slipstreamed xp sp1,
then a straight xp. Followed by all the updates from windowsupdate.
Nothing help.
I deleted wbem folders, changed wbem registry entries, rebuilt
the Repository. I checked permissions on my drive and my registry
entries. (A nice free tool for that is at
http://www.sysinternals.com/ntw2k/source/accessenum.shtml).
I logged on as Administrator. I tried mofcomp, wbemtest, wmic.
I removed mofs from the wbem autorecover registry entries.
I enabled more extenstive logs. I looked at logs. I tried everything.
Then I started reading more about this WMI, and how it uses DCOM.
I suspected the key issue was not "virus corruption" which everyone
immediately alludes to, but that it wasn't starting up it's connection
to DCOM for some reason.
There are launch permissions for DCOM. There are defaults, and there
are application-specific permissions.
I thought I'd check all this and find something wrong.
I got WMI up. But not how I expected. After looking thru all
this, using the gui's rather than random registry entries, I'm
suspecting many WMI problems are connected with the DCOM startup.
So I'll walk thru that, as much as I know. And end with the fix
for my case.
One funny thing: seems like you can't find out what services WMI is
dependent
on..using the Dependencies tab in it's service. You just have to know.
---------------------------------------------------------------------
Detail:
Easiest to get access to all this stuff thru dcomcnfg
1) Start, Run, dcomcnfg
2) In the left pane, double click on Component Services to expand
3) Double click on Computer to expand
4) Right click on My Computer, and select Properties
Now we'll walk thru the tabs and make sure they're ok. (if you change
any, remember to click OK on the relevant window)
5) Click on the Default Protocols tab
6) Should see Connection-oriented TCP/IP (and maybe
Connection-oriented SPX)
7) Select Connection-oriented TCP/IP, and click on the Properties
button
8) There should be no port ranges listed
9) close the window with OK, then click on the MSDTC tab
10) "Use local coordinator" should be checked, Client Network Protocol
Configuration
should be "TCP/IP"
11) Click on Security Configuration. "Network DTC Access", "Network
Administration"
"Network Transactions", and "XA Transactions" should all be checked.
Others not.
12) The DTC Logon Account should be "NT AUTHORITY\NetworkServices".
Click OK to close window
13) Now click on Default Properties tab (this is still the "My
Computer Properties" window)
14) "Enable Distributed COM on this computer" should be checked.
15) Default Authentication Level shoudl be set to "Connect" (this can
vary, but use "Connect")
16) Default Impersonation Level should be set to "Identify" (this can
vary but use "Identify"
17) Now click to the Default COM Security Tab
18) Click on Edit Default under Access Permissions
19) You should see Administrators and System listed, Select each to
see the Access Permission
Should be Allow on both.
20) Click Ok and now Edit Default under Launch Permissions
21) Should see Administrators, INTERACTIVE, SYSTEM listed. (I think I
may have added
Administrators when I didn't need to on one of these. May not be need.
22) Again, select each to see that they all have Allow on Launch
Permission. Click OK to close window
If necessary, use Add, Advanced, Find Now and select the relevant one
to add, if you want/need to add)
23) Now click OK to close the "My Computer Properties" window.
Go back to the dcomcnfg window
24) Double click on My Computer to expand
25) Double click on DCOM Config to expand
26) scroll down and find the "Windows Management and Instrumentation"
entry. Right click
and select Properties on it.
27) You'll get a window for it. With the General tab selected,
You should see Authenication Level: "Connect"
(Default is probably okay. I have Connect)
28) Click on the "Location" tab. should be a check next to "Run
application
on this computer"
29) Click on the Security Tab. It's easiest if the Launch Permission
and Access Permission
are selected to be "Use Default". If you want to leave on "Customize"
You have to click
Edit to check for basically what you just put in as default for the
dcom config. Just select
default here for Launch and Access Permission.
30) Under Configuration Permissions, it probably has Customize
selected (should
be that way already). Click Edit to see who...it's a longer list and
it's probably okay.
click ok to close window
31) Click Identity tab. Should see "...default system protocols"
listed. Click Ok to close.
Go back to the dcomcnfg window
32) Left click on "Services (Local)" (at the bottom of the left pane)
33) Find "Event Log" in the right pane window
34) Right click it and select Properties
35) This next step is key....
The Startup type: must NOT say "Disabled". It HAS to say "Automatic"
change if necessary. T
36) If you click on the Dependencies tab, you will see "Windows
Management Instrumentation"
as being dependent on this service..but only when you get WMI running!
At this
point you won't see it!! So how could you know??
click ok to close window.
37) You may want to rebuild your wbem Repository. if so do this
open cmd.exe and copy/paste the following commands in order.
%homedrive%
cd %windir%\system32\wbem\repository
net stop winmgmt
del * /s /q
regsvr32 wbemupgd.dll
38) Now start the WMI service if not already started.
In the same Services (Local) pane where you looked at the Event Log
service,
find the "Windows Management Instrumentation" service.
Right click and select properties. check that Startup Type says
"Automatic". Click OK
39) If it's not already started, then right click it and select Start.
40) It should say it's started at this point. (a little window will
come
up with a moving green bar)
It turns out for me, that the only issue apparently was that the Event
Log
was disabled. But thought I'd include all the above, as a sanity check
for possible other issues related to WMI/DCOM startup.
-lev