Re: WMI wouldn't start. My fix.
From: SlowJet (anonymous_at_discussions.microsoft.com)
Date: 08/18/04
- Next message: Daniel Pravat [MSFT]: "Re: Instance"
- Previous message: SlowJet: "Map Network Share without Letter"
- In reply to: levitation30_at_yahoo.com: "Re: WMI wouldn't start. My fix."
- Next in thread: DBarselow: "WMI wouldn't start. My fix."
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 17 Aug 2004 21:22:17 -0700
Hi Lev, :)
Yup, I'm starting to think there are some problems in
SP@.
I'm just not a network guru and the error events are not
even in the help system yet.
But we'll see waht V5 delivers next month. :)
SJ
>-----Original Message-----
>Important: I should have mentioned, notes below were for
XP SP1 or
>below.
>Also I use XP pro, so I'm not sure what is visible in XP
Home,
>although
>you might be able to see everything mentioned.
>
>About the Event Log dependency:
>
>I saw the same odd thing. Event Log initially showed
(when I started
>it) that WMI was dependent on it, but now it doesn't. So
maybe there
>are times when WMI needs Event Log and times when it
doesn't...
>
>so like I noted, you just have to know Event Log should
always be
>running.
>
>p.s. I didn't mention that WMI is also dependent on RPC
(Remote
>Procedure Call) but a lot of things are...there would
>be a bunch of other problems if RPC wasn't wrunning.
>
>
>On the launch permissions, where you (SlowJet) have
Customize....
>
>It'd be interesting if you could note what additional
things/users
>are enabled for you, that apparently are needed.
>See step 29. Oh wait , you mentioned Windows Firewall...
>
>I guess I should have mentioned that the
>Launch/Access permissions below covered SP1 or
below...just noticed
>SP2 has some new stuff in this area.
>
>Maybe you were trying to get WMI up after installing SP2
or before?
>
>SP2 apparently adds new buttons on the Com Security
window. Starting
>at step 17, the Default Com Security tab is now called
Com Security,
>and it has new "Edit Limits" tabs for Access Permissions
and Launch
>and Activation Permissions.
>
>The entries for Edit Limits and Edit Default are
different than I've
>noted below, under both Access Permissions and Launch
and Activation
>Permissions.
>
>I won't list them, because if you get SP2 installed,
you're probably
>already
>correct. But it's probably worthwhile to review them so
you get
>used to what's there. (they seem to break out Local and
Remote control
>more cleanly).
>
>
>Here's another useful hint: After I got WMI up and SP2
installed, I
>still
>didn't get the Advanced tab working right hen I would
look at a
>network
>connection's properties. This is the typical complaint
about WMI,
>although
>it was running now. I could run the Windows Firewall
Settings thingm
>though.
>
>Resetting stuff to default there, cleared out
the "corruption" on the
>network connection settings, and allowed me to see the
Advanced tab
>info.
>so now everything's fine for me.
>
>to do this on SP2:
>1) Start, My Network Places, View network connections
>2) Change Windows Firewall Settings
>3) Click Advanced tab
>4) Click Restore Defaults
>
>You may want to go back and run "Set up a home or small
office
>network"
>after this, to make sure all you network/firewall
settings are like
>you want.
>
>
>It'd be nice if MSFT had a "reset DCOM security to
default" button.
>
>It's even more confusing now that SP2 has some extra
stuff in this
>area.
>
>There's enough required switches and entries and
whatever that I can't
>imagine how a user would know what's needed.
>
>I'm not sure how much of it gets re-initialized on a
refresh install.
>I was surprised the Event Log setting didn't get reset
>by the refresh install.
>
>
>My take on all this: The WMI service is now a critical
single point of
>failure, like the windows registry. But they've not put
in all the
>support
>for maintaining WMI in a good state, like they had to
with the
>registry
>(which they learned over time....).
>
>It depends on DCOM which they had to harden for security
reasons...
>but no one knows how all these DCOM settings should be
set by default.
>(and whatever other WMI dependencies might exist).
>
>It's ridiculous, because the advice to re-install
doesn't always work,
>because
>the re-install doesn't always reset the critical
settings that were
>wrong
>in the first place.
>
>Basically, the WMI infrastructure should be improved.
There is bad
>software architecture here, and I suspect it's flown
under the radar
>at MSFT. With more and more things dependent on it,
maybe things will
>get improved.
>
>
>"SlowJet" <anonymous@discussions.microsoft.com> wrote in
message news:<73e201c483c1$41d98e00$a601280a@phx.gbl>...
>> Hey Lev, :)
>>
>> No more events being logged, only at boot up.
>> Thanks again
>>
>> SJ
>> >-----Original Message-----
>> >Hi Lev, :)
>> >
>> >I went through all that step by step.
>> >Only the radio botton chnage from cutomise to default
>> was
>> >different, but when I was done I got a events for
DCOM
>> >7005,7006, several 113's for COM, MS DTC started with
>> >settings event 2444, and then the main event 10016
>> >
>> >The machine-default permission settings do not grant
>> >Local Activation permission for the COM Server
>> >application with CLSID
>> >{8BC3F05E-D86B-11D0-A075-00C04FB68820}
>> > to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-
>> >20). This security permission can be modified using
the
>> >Component Services administrative tool.
>> >
>> >That CLSID is WMI.
>> >
>> >I changed the defalut back to customise.
>> >Things seem better but I'm not sure (as far as events
>> >being created for policy chg and longon to and from
>> shres.
>> >I need more time to see the activity.
>> >
>> >I did see Event Log show up as a dependency,
>> >and later TA-DA, the Windows FireWall.
>> >
>> >Your right, How would you know.
>> >
>> >Thanks for that detail check list.
>> >That a hundred days on the MS Docs for sure. :)
>> >
>> >SJ
>> >
>> >>-----Original Message-----
>> >>Summary:
>> >>Windows XP. WMI wouldn't start. I fixed it.
>> >>I'm no expert on this, so comments invited.
>> >>-----------------------------------------------------
--- >> - >> ----------- >> >> >> >>Background: >> >>I discovered I couldn't start WMI (the classic problem >> with many >> >>causes), >> >>Found out after installing xp sp2, which needs it for >> configuring its >> >>firewall. >> >>Had to uninstall sp2 as a result. >> >>Looking in the logs, WMI stopped working sometime in >> the >> last year. >> >> >> >>I read all the stuff on the web and nothing worked. >> >>I did a winnt32.exe /noattend install of first a >> slipstreamed xp sp1, >> >>then a straight xp. Followed by all the updates from >> windowsupdate. >> >>Nothing help. >> >> >> >>I deleted wbem folders, changed wbem registry entries, >> rebuilt >> >>the Repository. I checked permissions on my drive and >> my >> registry >> >>entries. (A nice free tool for that is at >> >>http://www.sysinternals.com/ntw2k/source/accessenum.shtm >> l >> ). >> >> >> >>I logged on as Administrator. I tried mofcomp, >> wbemtest, >> wmic. >> >>I removed mofs from the wbem autorecover registry >> entries. >> >>I enabled more extenstive logs. I looked at logs. I >> tried everything. >> >> >> >>Then I started reading more about this WMI, and how it >> uses DCOM. >> >> >> >>I suspected the key issue was not "virus corruption" >> which everyone >> >>immediately alludes to, but that it wasn't starting up >> it's connection >> >>to DCOM for some reason. >> >> >> >>There are launch permissions for DCOM. There are >> defaults, and there >> >>are application-specific permissions. >> >> >> >>I thought I'd check all this and find something wrong. >> >> >> >>I got WMI up. But not how I expected. After looking >> thru >> all >> >>this, using the gui's rather than random registry >> entries, I'm >> >>suspecting many WMI problems are connected with the >> DCOM >> startup. >> >>So I'll walk thru that, as much as I know. And end with >> the fix >> >>for my case. >> >> >> >>One funny thing: seems like you can't find out what >> services WMI is >> >>dependent >> >>on..using the Dependencies tab in it's service. You >> just >> have to know. >> >> >> >>----------------------------------------------------- --- >> - >> ------------ >> >>Detail: >> >>Easiest to get access to all this stuff thru dcomcnfg >> >> >> >>1) Start, Run, dcomcnfg >> >>2) In the left pane, double click on Component >> Services >> to expand >> >>3) Double click on Computer to expand >> >>4) Right click on My Computer, and select Properties >> >> >> >>Now we'll walk thru the tabs and make sure they're ok. >> (if you change >> >>any, remember to click OK on the relevant window) >> >> >> >>5) Click on the Default Protocols tab >> >>6) Should see Connection-oriented TCP/IP (and maybe >> >>Connection-oriented SPX) >> >>7) Select Connection-oriented TCP/IP, and click on the >> Properties >> >>button >> >>8) There should be no port ranges listed >> >>9) close the window with OK, then click on the MSDTC tab >> >>10) "Use local coordinator" should be checked, Client >> Network Protocol >> >>Configuration >> >>should be "TCP/IP" >> >> >> >>11) Click on Security Configuration. "Network DTC >> Access", "Network >> >>Administration" >> >>"Network Transactions", and "XA Transactions" should >> all >> be checked. >> >>Others not. >> >>12) The DTC Logon Account should be "NT >> AUTHORITY\NetworkServices". >> >>Click OK to close window >> >>13) Now click on Default Properties tab (this is still >> the "My >> >>Computer Properties" window) >> >>14) "Enable Distributed COM on this computer" should be >> checked. >> >>15) Default Authentication Level shoudl be set >> to "Connect" (this can >> >>vary, but use "Connect") >> >>16) Default Impersonation Level should be set >> to "Identify" (this can >> >>vary but use "Identify" >> >>17) Now click to the Default COM Security Tab >> >>18) Click on Edit Default under Access Permissions >> >>19) You should see Administrators and System listed, >> Select each to >> >>see the Access Permission >> >>Should be Allow on both. >> >>20) Click Ok and now Edit Default under Launch >> Permissions >> >>21) Should see Administrators, INTERACTIVE, SYSTEM >> listed. (I think I >> >>may have added >> >>Administrators when I didn't need to on one of these. >> May not be need. >> >>22) Again, select each to see that they all have Allow >> on Launch >> >>Permission. Click OK to close window >> >>If necessary, use Add, Advanced, Find Now and select >> the >> relevant one >> >>to add, if you want/need to add) >> >> >> >>23) Now click OK to close the "My Computer Properties" >> window. >> >> >> >> >> >>Go back to the dcomcnfg window >> >> >> >>24) Double click on My Computer to expand >> >>25) Double click on DCOM Config to expand >> >>26) scroll down and find the "Windows Management and >> Instrumentation" >> >>entry. Right click >> >>and select Properties on it. >> >>27) You'll get a window for it. With the General tab >> selected, >> >>You should see Authenication Level: "Connect" >> >>(Default is probably okay. I have Connect) >> >>28) Click on the "Location" tab. should be a check next >> to "Run >> >>application >> >>on this computer" >> >>29) Click on the Security Tab. It's easiest if the >> Launch Permission >> >>and Access Permission >> >>are selected to be "Use Default". If you want to leave >> on "Customize" >> >>You have to click >> >>Edit to check for basically what you just put in as >> default for the >> >>dcom config. Just select >> >>default here for Launch and Access Permission. >> >> >> >>30) Under Configuration Permissions, it probably has >> Customize >> >>selected (should >> >>be that way already). Click Edit to see who...it's a >> longer list and >> >>it's probably okay. >> >>click ok to close window >> >>31) Click Identity tab. Should see "...default system >> protocols" >> >>listed. Click Ok to close. >> >> >> >> >> >>Go back to the dcomcnfg window >> >>32) Left click on "Services (Local)" (at the bottom of >> the left pane) >> >>33) Find "Event Log" in the right pane window >> >>34) Right click it and select Properties >> >>35) This next step is key.... >> >> The Startup type: must NOT say "Disabled". It HAS >> to say "Automatic" >> >> change if necessary. T >> >>36) If you click on the Dependencies tab, you will >> see "Windows >> >>Management Instrumentation" >> >>as being dependent on this service..but only when you >> get WMI running! >> >>At this >> >>point you won't see it!! So how could you know?? :) >> >> click ok to close window. >> >> >> >>37) You may want to rebuild your wbem Repository. if so >> do this >> >>open cmd.exe and copy/paste the following commands in >> order. >> >>%homedrive% >> >>cd %windir%\system32\wbem\repository >> >>net stop winmgmt >> >>del * /s /q >> >>regsvr32 wbemupgd.dll >> >> >> >>38) Now start the WMI service if not already started. >> >>In the same Services (Local) pane where you looked at >> the Event Log >> >>service, >> >>find the "Windows Management Instrumentation" service. >> >>Right click and select properties. check that Startup >> Type says >> >>"Automatic". Click OK >> >> >> >>39) If it's not already started, then right click it >> and >> select Start. >> >> >> >>40) It should say it's started at this point. (a little >> window will >> >>come >> >>up with a moving green bar) >> >> >> >>It turns out for me, that the only issue apparently was >> that the Event >> >>Log >> >>was disabled. But thought I'd include all the above, as >> a sanity check >> >>for possible other issues related to WMI/DCOM startup. >> >> >> >> >> >>-lev >> >>. >> >> >> >. >> > >. >
- Next message: Daniel Pravat [MSFT]: "Re: Instance"
- Previous message: SlowJet: "Map Network Share without Letter"
- In reply to: levitation30_at_yahoo.com: "Re: WMI wouldn't start. My fix."
- Next in thread: DBarselow: "WMI wouldn't start. My fix."
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
