RE: WMIDiag Errors

Just an update...

I managed to solve the WMI Namespace Security warnings. But the DCOM
Security warnings remain. Reason is, I cannot find the "Microsoft WBEM
UnSecured Apartment" in the DCOM Config folder (dcomcnfg.exe). Does somebody
know why it's missing? Or can anyone tell me how to have it reinstalled?

Also, the DCOM Component registration warnings (below) are still there. I
tried to unregister and re-register the DLLs in question (fastprox.dll and
wbemprox.dll) as instructed but running the wmidiag.vbs utility still gives
the same warnings.

==============
18582 14:28:27 (2) !! WARNING: WMI DCOM components registration is missing
for the following EXE/DLLs: .................................... 6 WARNING(S)!
18583 14:28:27 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL
(\CLSID\{7A0227F6-7108-11D1-AD90-00C04FD8FDFF}\InProcServer32)
18584 14:28:27 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL
(\CLSID\{D71EE747-F455-4804-9DF6-2ED81025F2C1}\InProcServer32)
18585 14:28:27 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL
(\CLSID\{ED51D12E-511F-4999-8DCD-C2BAC91BE86E}\InProcServer32)
18586 14:28:27 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL
(\CLSID\{4C6055D8-84B9-4111-A7D3-6623894EEDB3}\InProcServer32)
18587 14:28:27 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL
(\CLSID\{A1044801-8F7E-11D1-9E7C-00C04FC324A8}\InProcServer32)
18588 14:28:27 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL
(\CLSID\{F7CE2E13-8C90-11D1-9E7B-00C04FC324A8}\InProcServer32)
18589 14:28:27 (0) ** => WMI System components are not properly registered
as COM objects, which could make WMI to
18590 14:28:27 (0) ** fail depending on the operation requested.
18591 14:28:27 (0) ** => For a .DLL, you can correct the DCOM configuration
by executing the 'REGSVR32.EXE <Filename.DLL>' command.
==============

I saw a similar problem in this post,
http://www.windowsbbs.com/showthread.php?t=71007&page=9, but the thread
trailed-off so I'm still left with an unsolved problem.

Anyone?

--
Warm regards,
Carlito


"cqpanis3" wrote:

Hi,

I'm trying to resolve a "Generic Host Process for Win32 services" error
(caused by running a software that uses WMI [Spiceworks]). I tried checking
the status of my WMI by running wmidiag.vbs and it generated some errors
which I am also trying to resolve.

The first warnings were about Dlls not being registered. After registering
them through regsvr32 and seeing the registration successful prompt, I
thought this part of the problem was solved. But running the wmidiag.vbs
gave me the same results/warnings/errors.

The rest of the errors (with regards to security), I have not touched on yet
since I do not know how.

Can someone assist me on the wmi error/warning resolution? My thanks in
advance!

Here's my complete wmidiag log:

===================================

20878 16:05:18 (0) **
----------------------------------------------------------------------------------------------------------------------------------
20879 16:05:18 (0) ** -----------------------------------------------------
WMI REPORT: BEGIN ----------------------------------------------------------
20880 16:05:18 (0) **
----------------------------------------------------------------------------------------------------------------------------------
20881 16:05:18 (0) **
20882 16:05:18 (0) **
----------------------------------------------------------------------------------------------------------------------------------
20883 16:05:18 (0) ** Windows XP - No service pack - 32-bit (2600) - User
'INFOTECH-MY\CARLITO.PANIS' on computer 'KLADMLT001'.
20884 16:05:18 (0) **
----------------------------------------------------------------------------------------------------------------------------------
20885 16:05:18 (0) ** Environment:
........................................................................................................ OK..
20886 16:05:18 (0) ** System drive:
....................................................................................................... C: (Disk #0 Partition #0).
20887 16:05:18 (0) ** Drive type:
......................................................................................................... IDE (SAMSUNG HM160JI).
20888 16:05:18 (0) ** There are no missing WMI system files:
.............................................................................. OK.
20889 16:05:18 (0) ** There are no missing WMI repository files:
.......................................................................... OK.
20890 16:05:18 (0) ** WMI repository state:
............................................................................................... N/A.
20891 16:05:18 (0) ** BEFORE running WMIDiag:
20892 16:05:18 (0) ** The WMI repository has a size of:
................................................................................... 22 MB.
20893 16:05:18 (0) ** - Disk free space on 'C:':
.......................................................................................... 11073 MB.
20894 16:05:18 (0) ** - INDEX.BTR, 1540096 bytes,
5/29/2008 4:02:17 PM
20895 16:05:18 (0) ** - INDEX.MAP, 792 bytes,
5/29/2008 4:02:17 PM
20896 16:05:18 (0) ** - OBJECTS.DATA, 21037056 bytes,
5/29/2008 4:02:17 PM
20897 16:05:18 (0) ** - OBJECTS.MAP, 10296 bytes,
5/29/2008 4:02:17 PM
20898 16:05:18 (0) ** AFTER running WMIDiag:
20899 16:05:18 (0) ** The WMI repository has a size of:
................................................................................... 22 MB.
20900 16:05:18 (0) ** - Disk free space on 'C:':
.......................................................................................... 11071 MB.
20901 16:05:18 (0) ** - INDEX.BTR, 1540096 bytes,
5/29/2008 4:05:17 PM
20902 16:05:18 (0) ** - INDEX.MAP, 792 bytes,
5/29/2008 4:05:17 PM
20903 16:05:18 (0) ** - OBJECTS.DATA, 21037056 bytes,
5/29/2008 4:05:17 PM
20904 16:05:18 (0) ** - OBJECTS.MAP, 10296 bytes,
5/29/2008 4:05:17 PM
20905 16:05:18 (0) **
----------------------------------------------------------------------------------------------------------------------------------
20906 16:05:18 (0) ** Windows Firewall:
................................................................................................... NOT INSTALLED.
20907 16:05:18 (0) **
----------------------------------------------------------------------------------------------------------------------------------
20908 16:05:18 (0) ** DCOM Status:
........................................................................................................ OK.
20909 16:05:18 (0) ** WMI registry setup:
................................................................................................. OK.
20910 16:05:18 (0) ** WMI Service has no dependents:
...................................................................................... OK.
20911 16:05:18 (0) ** RPCSS service:
...................................................................................................... OK (Already started).
20912 16:05:18 (0) ** WINMGMT service:
.................................................................................................... OK (Already started).
20913 16:05:18 (0) **
----------------------------------------------------------------------------------------------------------------------------------
20914 16:05:18 (0) ** WMI service DCOM setup:
............................................................................................. OK.
20915 16:05:18 (2) !! WARNING: WMI DCOM components registration is missing
for the following EXE/DLLs: .................................... 6 WARNING(S)!
20916 16:05:18 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL
(\CLSID\{7A0227F6-7108-11D1-AD90-00C04FD8FDFF}\InProcServer32)
20917 16:05:18 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL
(\CLSID\{D71EE747-F455-4804-9DF6-2ED81025F2C1}\InProcServer32)
20918 16:05:18 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL
(\CLSID\{ED51D12E-511F-4999-8DCD-C2BAC91BE86E}\InProcServer32)
20919 16:05:18 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL
(\CLSID\{4C6055D8-84B9-4111-A7D3-6623894EEDB3}\InProcServer32)
20920 16:05:18 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL
(\CLSID\{A1044801-8F7E-11D1-9E7C-00C04FC324A8}\InProcServer32)
20921 16:05:18 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL
(\CLSID\{F7CE2E13-8C90-11D1-9E7B-00C04FC324A8}\InProcServer32)
20922 16:05:18 (0) ** => WMI System components are not properly registered
as COM objects, which could make WMI to
20923 16:05:18 (0) ** fail depending on the operation requested.
20924 16:05:18 (0) ** => For a .DLL, you can correct the DCOM configuration
by executing the 'REGSVR32.EXE <Filename.DLL>' command.
20925 16:05:18 (0) **
20926 16:05:18 (0) ** WMI ProgID registrations:
........................................................................................... OK.
20927 16:05:18 (2) !! WARNING: WMI provider DCOM registrations missing for
the following provider(s): ..................................... 1 WARNING(S)!
20928 16:05:18 (0) ** - ROOT/MSAPPS12, OffProv12
({DBF82DC7-E750-4CCF-B09C-D8AECEF7158E}) (i.e. WMI Class
'Win32_ExcelComAddins')
20929 16:05:18 (0) ** Provider DLL: 'WMI information not available (This
could be the case for an external application or a third party WMI provider)'
20930 16:05:18 (0) ** => This is an issue because there are still some WMI
classes referencing this list of providers
20931 16:05:18 (0) ** while the DCOM registration is wrong or missing.
This can be due to:
20932 16:05:18 (0) ** - a de-installation of the software.
20933 16:05:18 (0) ** - a deletion of some registry key data.
20934 16:05:18 (0) ** - a registry corruption.
20935 16:05:18 (0) ** => You can correct the DCOM configuration by:
20936 16:05:18 (0) ** - Executing the 'REGSVR32.EXE <Provider.DLL>'
command.
20937 16:05:18 (0) ** Note: You can build a list of classes in relation
with their WMI provider and MOF file with WMIDiag.
20938 16:05:18 (0) ** (This list can be built on a similar and
working WMI Windows installation)
20939 16:05:18 (0) ** The following command line must be used:
20940 16:05:18 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider'
20941 16:05:18 (2) !! WARNING: Re-registering with REGSVR32.EXE all DLL from
'C:\WINDOWS\SYSTEM32\WBEM\'
20942 16:05:18 (0) ** may not solve the problem as the DLL
supporting the WMI class(es)
20943 16:05:18 (0) ** can be located in a different folder.
20944 16:05:18 (0) ** You must refer to the class name to determine
the software delivering the related DLL.
20945 16:05:18 (0) ** => If the software has been de-installed
intentionally, then this information must be
20946 16:05:18 (0) ** removed from the WMI repository. You can use the
'WMIC.EXE' command to remove
20947 16:05:18 (0) ** the provider registration data.
20948 16:05:18 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT\MSAPPS12 path
__Win32Provider Where Name='OffProv12' DELETE'
20949 16:05:18 (0) ** => If the namespace was ENTIRELY dedicated to the
intentionally de-installed software,
20950 16:05:18 (0) ** the namespace and ALL its content can be ENTIRELY
deleted.
20951 16:05:18 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT path __NAMESPACE
Where Name='MSAPPS12' DELETE'
20952 16:05:18 (0) ** - Re-installing the software.
20953 16:05:18 (0) **
20954 16:05:18 (0) ** WMI provider CIM registrations:
..................................................................................... OK.
20955 16:05:18 (0) ** WMI provider CLSIDs:
................................................................................................ OK.
20956 16:05:18 (0) ** WMI providers EXE/DLL availability:
................................................................................. OK.
20957 16:05:18 (0) **
----------------------------------------------------------------------------------------------------------------------------------
20958 16:05:18 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment'
(Launch & Activation Permissions): ........................... MODIFIED.
20959 16:05:18 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has
been REMOVED!
20960 16:05:18 (0) ** - REMOVED ACE:
20961 16:05:18 (0) ** ACEType: &h0
20962 16:05:18 (0) ** ACCESS_ALLOWED_ACE_TYPE
20963 16:05:18 (0) ** ACEFlags: &h0
20964 16:05:18 (0) ** ACEMask: &h1
20965 16:05:18 (0) ** DCOM_RIGHT_EXECUTE
20966 16:05:18 (0) **
20967 16:05:18 (0) ** => The REMOVED ACE was part of the DEFAULT setup for
the trustee.
20968 16:05:18 (0) ** Removing default security will cause some
operations to fail!
20969 16:05:18 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the ACE.
20970 16:05:18 (0) ** For DCOM objects, this can be done with
'DCOMCNFG.EXE'.
20971 16:05:18 (0) **
20972 16:05:18 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment'
(Launch & Activation Permissions): ........................... MODIFIED.
20973 16:05:18 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has
been REMOVED!
20974 16:05:18 (0) ** - REMOVED ACE:
20975 16:05:18 (0) ** ACEType: &h0
20976 16:05:18 (0) ** ACCESS_ALLOWED_ACE_TYPE
20977 16:05:18 (0) ** ACEFlags: &h0
20978 16:05:18 (0) ** ACEMask: &h1
20979 16:05:18 (0) ** DCOM_RIGHT_EXECUTE
20980 16:05:18 (0) **
20981 16:05:18 (0) ** => The REMOVED ACE was part of the DEFAULT setup for
the trustee.
20982 16:05:18 (0) ** Removing default security will cause some
operations to fail!
20983 16:05:18 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the ACE.
20984 16:05:18 (0) ** For DCOM objects, this can be done with
'DCOMCNFG.EXE'.
20985 16:05:18 (0) **
20986 16:05:18 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment'
(Launch & Activation Permissions): ........................... MODIFIED.
20987 16:05:18 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been
REMOVED!
20988 16:05:18 (0) ** - REMOVED ACE:
20989 16:05:18 (0) ** ACEType: &h0
20990 16:05:18 (0) ** ACCESS_ALLOWED_ACE_TYPE
20991 16:05:18 (0) ** ACEFlags: &h0
20992 16:05:18 (0) ** ACEMask: &h1
20993 16:05:18 (0) ** DCOM_RIGHT_EXECUTE
20994 16:05:18 (0) **
20995 16:05:18 (0) ** => The REMOVED ACE was part of the DEFAULT setup for
the trustee.
20996 16:05:18 (0) ** Removing default security will cause some
operations to fail!
20997 16:05:18 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the ACE.
20998 16:05:18 (0) ** For DCOM objects, this can be done with
'DCOMCNFG.EXE'.
20999 16:05:18 (0) **
21000 16:05:18 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL':
.....................................................................
MODIFIED.
21001 16:05:18 (1) !! ERROR: Actual trustee 'NT AUTHORITY\NETWORK SERVICE'
DOES NOT match corresponding expected trustee rights (Actual->Default)
21002 16:05:18 (0) ** - ACTUAL ACE:
21003 16:05:18 (0) ** ACEType: &h0
21004 16:05:18 (0) ** ACCESS_ALLOWED_ACE_TYPE
21005 16:05:18 (0) ** ACEFlags: &h2
21006 16:05:18 (0) ** CONTAINER_INHERIT_ACE
21007 16:05:18 (0) ** ACEMask: &h1
21008 16:05:18 (0) ** WBEM_ENABLE
21009 16:05:18 (0) ** - EXPECTED ACE:
21010 16:05:18 (0) ** ACEType: &h0
21011 16:05:18 (0) ** ACCESS_ALLOWED_ACE_TYPE
21012 16:05:18 (0) ** ACEFlags: &h12
21013 16:05:18 (0) ** CONTAINER_INHERIT_ACE
21014 16:05:18 (0) ** INHERITED_ACE
21015 16:05:18 (0) ** ACEMask: &h13
21016 16:05:18 (0) ** WBEM_ENABLE
21017 16:05:18 (0) ** WBEM_METHOD_EXECUTE
21018 16:05:18 (0) ** WBEM_WRITE_PROVIDER
21019 16:05:18 (0) **
21020 16:05:18 (0) ** => The actual ACE has the right(s) '&h12
WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
21021 16:05:18 (0) ** This will cause some operations to fail!
21022 16:05:18 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the removed right.
21023 16:05:18 (0) ** For WMI namespaces, this can be done with
'WMIMGMT.MSC'.
21024 16:05:18 (0) ** Note: WMIDiag has no specific knowledge of this WMI
namespace.
21025 16:05:18 (0) ** The security diagnostic is based on the WMI
namespace expected defaults.
21026 16:05:18 (0) ** A specific WMI application can always require a
security setup different
21027 16:05:18 (0) ** than the WMI security defaults.
21028 16:05:18 (0) **
21029 16:05:18 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL':
.....................................................................
MODIFIED.
21030 16:05:18 (1) !! ERROR: Actual trustee 'NT AUTHORITY\LOCAL SERVICE'
DOES NOT match corresponding expected trustee rights (Actual->Default)
21031 16:05:18 (0) ** - ACTUAL ACE:
21032 16:05:18 (0) ** ACEType: &h0
21033 16:05:18 (0) ** ACCESS_ALLOWED_ACE_TYPE
21034 16:05:18 (0) ** ACEFlags: &h2
21035 16:05:18 (0) ** CONTAINER_INHERIT_ACE
21036 16:05:18 (0) ** ACEMask: &h1
21037 16:05:18 (0) ** WBEM_ENABLE
21038 16:05:18 (0) ** - EXPECTED ACE:
21039 16:05:18 (0) ** ACEType: &h0
21040 16:05:18 (0) ** ACCESS_ALLOWED_ACE_TYPE
21041 16:05:18 (0) ** ACEFlags: &h12
21042 16:05:18 (0) ** CONTAINER_INHERIT_ACE
21043 16:05:18 (0) ** INHERITED_ACE
21044 16:05:18 (0) ** ACEMask: &h13
21045 16:05:18 (0) ** WBEM_ENABLE
21046 16:05:18 (0) ** WBEM_METHOD_EXECUTE
21047 16:05:18 (0) ** WBEM_WRITE_PROVIDER
21048 16:05:18 (0) **
21049 16:05:18 (0) ** => The actual ACE has the right(s) '&h12
WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
21050 16:05:18 (0) ** This will cause some operations to fail!
21051 16:05:18 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the removed right.
21052 16:05:18 (0) ** For WMI namespaces, this can be done with
'WMIMGMT.MSC'.
21053 16:05:18 (0) ** Note: WMIDiag has no specific knowledge of this WMI
namespace.
21054 16:05:18 (0) ** The security diagnostic is based on the WMI
namespace expected defaults.
.