WMI wouldn't start. My fix.
From: SlowJet (anonymous_at_discussions.microsoft.com)
Date: 08/16/04
- Next message: Andreas F. Wehowsky: "Problem with MSNdis_StatusMediaDisconnect"
- Previous message: Courage: "Re: cpu usage?"
- In reply to: levitation30_at_yahoo.com: "WMI wouldn't start. My fix."
- Next in thread: SlowJet: "WMI wouldn't start. My fix."
- Reply: SlowJet: "WMI wouldn't start. My fix."
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 16 Aug 2004 00:27:26 -0700
Hi Lev, :)
I went through all that step by step.
Only the radio botton chnage from cutomise to default was
different, but when I was done I got a events for DCOM
7005,7006, several 113's for COM, MS DTC started with
settings event 2444, and then the main event 10016
The machine-default permission settings do not grant
Local Activation permission for the COM Server
application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-
20). This security permission can be modified using the
Component Services administrative tool.
That CLSID is WMI.
I changed the defalut back to customise.
Things seem better but I'm not sure (as far as events
being created for policy chg and longon to and from shres.
I need more time to see the activity.
I did see Event Log show up as a dependency,
and later TA-DA, the Windows FireWall.
Your right, How would you know.
Thanks for that detail check list.
That a hundred days on the MS Docs for sure. :)
SJ
>-----Original Message-----
>Summary:
>Windows XP. WMI wouldn't start. I fixed it.
>I'm no expert on this, so comments invited.
>---------------------------------------------------------
-----------
>
>Background:
>I discovered I couldn't start WMI (the classic problem
with many
>causes),
>Found out after installing xp sp2, which needs it for
configuring its
>firewall.
>Had to uninstall sp2 as a result.
>Looking in the logs, WMI stopped working sometime in the
last year.
>
>I read all the stuff on the web and nothing worked.
>I did a winnt32.exe /noattend install of first a
slipstreamed xp sp1,
>then a straight xp. Followed by all the updates from
windowsupdate.
>Nothing help.
>
>I deleted wbem folders, changed wbem registry entries,
rebuilt
>the Repository. I checked permissions on my drive and my
registry
>entries. (A nice free tool for that is at
>http://www.sysinternals.com/ntw2k/source/accessenum.shtml
).
>
>I logged on as Administrator. I tried mofcomp, wbemtest,
wmic.
>I removed mofs from the wbem autorecover registry
entries.
>I enabled more extenstive logs. I looked at logs. I
tried everything.
>
>Then I started reading more about this WMI, and how it
uses DCOM.
>
>I suspected the key issue was not "virus corruption"
which everyone
>immediately alludes to, but that it wasn't starting up
it's connection
>to DCOM for some reason.
>
>There are launch permissions for DCOM. There are
defaults, and there
>are application-specific permissions.
>
>I thought I'd check all this and find something wrong.
>
>I got WMI up. But not how I expected. After looking thru
all
>this, using the gui's rather than random registry
entries, I'm
>suspecting many WMI problems are connected with the DCOM
startup.
>So I'll walk thru that, as much as I know. And end with
the fix
>for my case.
>
>One funny thing: seems like you can't find out what
services WMI is
>dependent
>on..using the Dependencies tab in it's service. You just
have to know.
>
>---------------------------------------------------------
------------
>Detail:
>Easiest to get access to all this stuff thru dcomcnfg
>
>1) Start, Run, dcomcnfg
>2) In the left pane, double click on Component Services
to expand
>3) Double click on Computer to expand
>4) Right click on My Computer, and select Properties
>
>Now we'll walk thru the tabs and make sure they're ok.
(if you change
>any, remember to click OK on the relevant window)
>
>5) Click on the Default Protocols tab
>6) Should see Connection-oriented TCP/IP (and maybe
>Connection-oriented SPX)
>7) Select Connection-oriented TCP/IP, and click on the
Properties
>button
>8) There should be no port ranges listed
>9) close the window with OK, then click on the MSDTC tab
>10) "Use local coordinator" should be checked, Client
Network Protocol
>Configuration
>should be "TCP/IP"
>
>11) Click on Security Configuration. "Network DTC
Access", "Network
>Administration"
>"Network Transactions", and "XA Transactions" should all
be checked.
>Others not.
>12) The DTC Logon Account should be "NT
AUTHORITY\NetworkServices".
>Click OK to close window
>13) Now click on Default Properties tab (this is still
the "My
>Computer Properties" window)
>14) "Enable Distributed COM on this computer" should be
checked.
>15) Default Authentication Level shoudl be set
to "Connect" (this can
>vary, but use "Connect")
>16) Default Impersonation Level should be set
to "Identify" (this can
>vary but use "Identify"
>17) Now click to the Default COM Security Tab
>18) Click on Edit Default under Access Permissions
>19) You should see Administrators and System listed,
Select each to
>see the Access Permission
>Should be Allow on both.
>20) Click Ok and now Edit Default under Launch
Permissions
>21) Should see Administrators, INTERACTIVE, SYSTEM
listed. (I think I
>may have added
>Administrators when I didn't need to on one of these.
May not be need.
>22) Again, select each to see that they all have Allow
on Launch
>Permission. Click OK to close window
>If necessary, use Add, Advanced, Find Now and select the
relevant one
>to add, if you want/need to add)
>
>23) Now click OK to close the "My Computer Properties"
window.
>
>
>Go back to the dcomcnfg window
>
>24) Double click on My Computer to expand
>25) Double click on DCOM Config to expand
>26) scroll down and find the "Windows Management and
Instrumentation"
>entry. Right click
>and select Properties on it.
>27) You'll get a window for it. With the General tab
selected,
>You should see Authenication Level: "Connect"
>(Default is probably okay. I have Connect)
>28) Click on the "Location" tab. should be a check next
to "Run
>application
>on this computer"
>29) Click on the Security Tab. It's easiest if the
Launch Permission
>and Access Permission
>are selected to be "Use Default". If you want to leave
on "Customize"
>You have to click
>Edit to check for basically what you just put in as
default for the
>dcom config. Just select
>default here for Launch and Access Permission.
>
>30) Under Configuration Permissions, it probably has
Customize
>selected (should
>be that way already). Click Edit to see who...it's a
longer list and
>it's probably okay.
>click ok to close window
>31) Click Identity tab. Should see "...default system
protocols"
>listed. Click Ok to close.
>
>
>Go back to the dcomcnfg window
>32) Left click on "Services (Local)" (at the bottom of
the left pane)
>33) Find "Event Log" in the right pane window
>34) Right click it and select Properties
>35) This next step is key....
> The Startup type: must NOT say "Disabled". It HAS
to say "Automatic"
> change if necessary. T
>36) If you click on the Dependencies tab, you will
see "Windows
>Management Instrumentation"
>as being dependent on this service..but only when you
get WMI running!
>At this
>point you won't see it!! So how could you know?? :)
> click ok to close window.
>
>37) You may want to rebuild your wbem Repository. if so
do this
>open cmd.exe and copy/paste the following commands in
order.
>%homedrive%
>cd %windir%\system32\wbem\repository
>net stop winmgmt
>del * /s /q
>regsvr32 wbemupgd.dll
>
>38) Now start the WMI service if not already started.
>In the same Services (Local) pane where you looked at
the Event Log
>service,
>find the "Windows Management Instrumentation" service.
>Right click and select properties. check that Startup
Type says
>"Automatic". Click OK
>
>39) If it's not already started, then right click it and
select Start.
>
>40) It should say it's started at this point. (a little
window will
>come
>up with a moving green bar)
>
>It turns out for me, that the only issue apparently was
that the Event
>Log
>was disabled. But thought I'd include all the above, as
a sanity check
>for possible other issues related to WMI/DCOM startup.
>
>
>-lev
>.
>
- Next message: Andreas F. Wehowsky: "Problem with MSNdis_StatusMediaDisconnect"
- Previous message: Courage: "Re: cpu usage?"
- In reply to: levitation30_at_yahoo.com: "WMI wouldn't start. My fix."
- Next in thread: SlowJet: "WMI wouldn't start. My fix."
- Reply: SlowJet: "WMI wouldn't start. My fix."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
