WMI wouldn't start. My fix.

From: SlowJet (anonymous_at_discussions.microsoft.com)
Date: 08/16/04 

Date: Mon, 16 Aug 2004 11:45:52 -0700

Hey Lev, :)

 No more events being logged, only at boot up.
Thanks again

SJ
>-----Original Message-----
>Hi Lev, :)
>
>I went through all that step by step.
>Only the radio botton chnage from cutomise to default
was
>different, but when I was done I got a events for DCOM
>7005,7006, several 113's for COM, MS DTC started with
>settings event 2444, and then the main event 10016
>
>The machine-default permission settings do not grant
>Local Activation permission for the COM Server
>application with CLSID
>{8BC3F05E-D86B-11D0-A075-00C04FB68820}
> to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-
>20). This security permission can be modified using the
>Component Services administrative tool.
>
>That CLSID is WMI.
>
>I changed the defalut back to customise.
>Things seem better but I'm not sure (as far as events
>being created for policy chg and longon to and from
shres.
>I need more time to see the activity.
>
>I did see Event Log show up as a dependency,
>and later TA-DA, the Windows FireWall.
>
>Your right, How would you know.
>
>Thanks for that detail check list.
>That a hundred days on the MS Docs for sure. :)
>
>SJ
>
>>-----Original Message-----
>>Summary:
>>Windows XP. WMI wouldn't start. I fixed it.
>>I'm no expert on this, so comments invited.
>>--------------------------------------------------------
-
>-----------
>>
>>Background:
>>I discovered I couldn't start WMI (the classic problem
>with many
>>causes),
>>Found out after installing xp sp2, which needs it for
>configuring its
>>firewall.
>>Had to uninstall sp2 as a result.
>>Looking in the logs, WMI stopped working sometime in
the
>last year.
>>
>>I read all the stuff on the web and nothing worked.
>>I did a winnt32.exe /noattend install of first a
>slipstreamed xp sp1,
>>then a straight xp. Followed by all the updates from
>windowsupdate.
>>Nothing help.
>>
>>I deleted wbem folders, changed wbem registry entries,
>rebuilt
>>the Repository. I checked permissions on my drive and
my
>registry
>>entries. (A nice free tool for that is at
>>http://www.sysinternals.com/ntw2k/source/accessenum.shtm
l
>).
>>
>>I logged on as Administrator. I tried mofcomp,
wbemtest,
>wmic.
>>I removed mofs from the wbem autorecover registry
>entries.
>>I enabled more extenstive logs. I looked at logs. I
>tried everything.
>>
>>Then I started reading more about this WMI, and how it
>uses DCOM.
>>
>>I suspected the key issue was not "virus corruption"
>which everyone
>>immediately alludes to, but that it wasn't starting up
>it's connection
>>to DCOM for some reason.
>>
>>There are launch permissions for DCOM. There are
>defaults, and there
>>are application-specific permissions.
>>
>>I thought I'd check all this and find something wrong.
>>
>>I got WMI up. But not how I expected. After looking
thru
>all
>>this, using the gui's rather than random registry
>entries, I'm
>>suspecting many WMI problems are connected with the
DCOM
>startup.
>>So I'll walk thru that, as much as I know. And end with
>the fix
>>for my case.
>>
>>One funny thing: seems like you can't find out what
>services WMI is
>>dependent
>>on..using the Dependencies tab in it's service. You
just
>have to know.
>>
>>--------------------------------------------------------
-
>------------
>>Detail:
>>Easiest to get access to all this stuff thru dcomcnfg
>>
>>1) Start, Run, dcomcnfg
>>2) In the left pane, double click on Component
Services
>to expand
>>3) Double click on Computer to expand
>>4) Right click on My Computer, and select Properties
>>
>>Now we'll walk thru the tabs and make sure they're ok.
>(if you change
>>any, remember to click OK on the relevant window)
>>
>>5) Click on the Default Protocols tab
>>6) Should see Connection-oriented TCP/IP (and maybe
>>Connection-oriented SPX)
>>7) Select Connection-oriented TCP/IP, and click on the
>Properties
>>button
>>8) There should be no port ranges listed
>>9) close the window with OK, then click on the MSDTC tab
>>10) "Use local coordinator" should be checked, Client
>Network Protocol
>>Configuration
>>should be "TCP/IP"
>>
>>11) Click on Security Configuration. "Network DTC
>Access", "Network
>>Administration"
>>"Network Transactions", and "XA Transactions" should
all
>be checked.
>>Others not.
>>12) The DTC Logon Account should be "NT
>AUTHORITY\NetworkServices".
>>Click OK to close window
>>13) Now click on Default Properties tab (this is still
>the "My
>>Computer Properties" window)
>>14) "Enable Distributed COM on this computer" should be
>checked.
>>15) Default Authentication Level shoudl be set
>to "Connect" (this can
>>vary, but use "Connect")
>>16) Default Impersonation Level should be set
>to "Identify" (this can
>>vary but use "Identify"
>>17) Now click to the Default COM Security Tab
>>18) Click on Edit Default under Access Permissions
>>19) You should see Administrators and System listed,
>Select each to
>>see the Access Permission
>>Should be Allow on both.
>>20) Click Ok and now Edit Default under Launch
>Permissions
>>21) Should see Administrators, INTERACTIVE, SYSTEM
>listed. (I think I
>>may have added
>>Administrators when I didn't need to on one of these.
>May not be need.
>>22) Again, select each to see that they all have Allow
>on Launch
>>Permission. Click OK to close window
>>If necessary, use Add, Advanced, Find Now and select
the
>relevant one
>>to add, if you want/need to add)
>>
>>23) Now click OK to close the "My Computer Properties"
>window.
>>
>>
>>Go back to the dcomcnfg window
>>
>>24) Double click on My Computer to expand
>>25) Double click on DCOM Config to expand
>>26) scroll down and find the "Windows Management and
>Instrumentation"
>>entry. Right click
>>and select Properties on it.
>>27) You'll get a window for it. With the General tab
>selected,
>>You should see Authenication Level: "Connect"
>>(Default is probably okay. I have Connect)
>>28) Click on the "Location" tab. should be a check next
>to "Run
>>application
>>on this computer"
>>29) Click on the Security Tab. It's easiest if the
>Launch Permission
>>and Access Permission
>>are selected to be "Use Default". If you want to leave
>on "Customize"
>>You have to click
>>Edit to check for basically what you just put in as
>default for the
>>dcom config. Just select
>>default here for Launch and Access Permission.
>>
>>30) Under Configuration Permissions, it probably has
>Customize
>>selected (should
>>be that way already). Click Edit to see who...it's a
>longer list and
>>it's probably okay.
>>click ok to close window
>>31) Click Identity tab. Should see "...default system
>protocols"
>>listed. Click Ok to close.
>>
>>
>>Go back to the dcomcnfg window
>>32) Left click on "Services (Local)" (at the bottom of
>the left pane)
>>33) Find "Event Log" in the right pane window
>>34) Right click it and select Properties
>>35) This next step is key....
>> The Startup type: must NOT say "Disabled". It HAS
>to say "Automatic"
>> change if necessary. T
>>36) If you click on the Dependencies tab, you will
>see "Windows
>>Management Instrumentation"
>>as being dependent on this service..but only when you
>get WMI running!
>>At this
>>point you won't see it!! So how could you know?? :)
>> click ok to close window.
>>
>>37) You may want to rebuild your wbem Repository. if so
>do this
>>open cmd.exe and copy/paste the following commands in
>order.
>>%homedrive%
>>cd %windir%\system32\wbem\repository
>>net stop winmgmt
>>del * /s /q
>>regsvr32 wbemupgd.dll
>>
>>38) Now start the WMI service if not already started.
>>In the same Services (Local) pane where you looked at
>the Event Log
>>service,
>>find the "Windows Management Instrumentation" service.
>>Right click and select properties. check that Startup
>Type says
>>"Automatic". Click OK
>>
>>39) If it's not already started, then right click it
and
>select Start.
>>
>>40) It should say it's started at this point. (a little
>window will
>>come
>>up with a moving green bar)
>>
>>It turns out for me, that the only issue apparently was
>that the Event
>>Log
>>was disabled. But thought I'd include all the above, as
>a sanity check
>>for possible other issues related to WMI/DCOM startup.
>>
>>
>>-lev
>>.
>>
>.
>

Loading