Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, November 15, 2017 5:08 PM
WMI Activity Operational noticed it after upgrading to windows 10 fall creator edition At one point it reconfigured all the applications. This remains
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = DESKTOP-2E70RQ1; User = NT AUTHORITY\SYSTEM; ClientProcessId = 19376; Component = Unknown; Operation = Start IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive; ResultCode = 0x80041032; PossibleCause = Unknown
I have created an evtx copy of the errors
All replies (4)
Thursday, November 16, 2017 7:01 AM
Hi,
I found another thread with same issue about Event 5858. So I pick out the point for reference.
The core problem for this set of issues is that the WMI error event ID 5858 is being generated generically and is not only representing functional error conditions. Unfortunately, for application/backwards compatibility, we can’t just get rid of it, because people have gone to the effort of parsing the event (more below) to look for the instances where there is useful data.
Event 5858 is generated any time there is an error returned to the WMI client API. Many of these “errors” are behaviors that the client application handles (for example, checking for something that is not present), so seeing event 5858 does not tell you enough. The user data section of the event has the information to explain if the problem is important, but it must be parsed. That makes this event hard to use for monitoring, so some notes on that are at the end.
0x80041032 means Call Cancelled. The client application cancelled the request that was made. That is almost always ignorable as a WMI error. The component or application (SCCM, or Group Policy) for example) that was calling into WMI cancelled the request, and will likely generate its own event if it is important to do.
Troubleshooting:
As noted, some of the issues listed above are important to understand. There are some good topics on WMI Troubleshooting in TechNet, so I won’t try to repeat them. There is a generally good article here: technet.microsoft.com/en-us/magazine/2006.09.wmievents.aspx. The most critical things to check for are repository issues, which you can do either using WMIDiag (see this article: WMIDiag 2.1 is here) or from an elevated command prompt run Winmgmt –VerifyRepository, and confirm that the repository is in good shape.
For more information, please refer to Keith Bankston (MSFT)'s reply in Event 5858 from WMI-Activity
Hope this is useful for you.
Bests,
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, November 20, 2017 2:44 AM
Hi,
Any update?
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, November 22, 2017 9:27 AM
Hi,
Was the issue resolved?
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, December 6, 2017 2:09 AM
The pace slowed down after uninstalling Google Sync
Ran WMi Diag
36511 21:04:19 (0) ** WMIDiag v2.2 started on Tuesday, December 5, 2017 at 20:58.
36512 21:04:19 (0) **
36513 21:04:19 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - July 2007.
36514 21:04:19 (0) **
36515 21:04:19 (0) ** This script is not supported under any Microsoft standard support program or service.
36516 21:04:19 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
36517 21:04:19 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
36518 21:04:19 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
36519 21:04:19 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
36520 21:04:19 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
36521 21:04:19 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
36522 21:04:19 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
36523 21:04:19 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
36524 21:04:19 (0) ** of the possibility of such damages.
36525 21:04:19 (0) **
36526 21:04:19 (0) **
36527 21:04:19 (0) **
36528 21:04:19 (0) ** WMI REPORT: BEGIN
36529 21:04:19 (0) **
36530 21:04:19 (0) **
36531 21:04:19 (0) **
36532 21:04:19 (0) ** Windows 8.1 - No Service Pack - 64-bit (16299) - User 'DESKTOP-2E70RQ1\ADMIN' on computer 'DESKTOP-2E70RQ1'.
36533 21:04:19 (0) **
36534 21:04:19 (0) ** Environment: ........................................................................................................ OK.
36535 21:04:19 (0) ** System drive: ....................................................................................................... C: (Disk #0 Partition #1).
36536 21:04:19 (0) ** Drive type: ......................................................................................................... IDE (WDC WD10JPVX-75JC3T0).
36537 21:04:19 (0) ** There are no missing WMI system files: .............................................................................. OK.
36538 21:04:19 (0) ** There are no missing WMI repository files: .......................................................................... OK.
36539 21:04:19 (0) ** WMI repository state: ............................................................................................... N/A.
36540 21:04:19 (0) ** AFTER running WMIDiag:
36541 21:04:19 (0) ** The WMI repository has a size of: ................................................................................... 32 MB.
36542 21:04:19 (0) ** - Disk free space on 'C:': .......................................................................................... 795971 MB.
36543 21:04:19 (0) ** - INDEX.BTR, 6127616 bytes, 12/4/2017 1:18:51 PM
36544 21:04:19 (0) ** - MAPPING1.MAP, 89080 bytes, 12/4/2017 1:18:51 PM
36545 21:04:19 (0) ** - MAPPING2.MAP, 89080 bytes, 12/4/2017 1:16:51 PM
36546 21:04:19 (0) ** - OBJECTS.DATA, 27213824 bytes, 12/4/2017 1:18:51 PM
36547 21:04:19 (0) **
36548 21:04:19 (0) ** INFO: Windows Firewall status: ...................................................................................... ENABLED.
36549 21:04:19 (0) ** Windows Firewall Profile: ........................................................................................... PRIVATE.
36550 21:04:19 (0) ** Inbound connections that do not match a rule BLOCKED: ............................................................... ENABLED.
36551 21:04:19 (0) ** => This will prevent any WMI remote connectivity to this computer except
36552 21:04:19 (0) ** if the following three inbound rules are ENABLED and non-BLOCKING:
36553 21:04:19 (0) ** - 'Windows Management Instrumentation (DCOM-In)'
36554 21:04:19 (0) ** - 'Windows Management Instrumentation (WMI-In)'
36555 21:04:19 (0) ** - 'Windows Management Instrumentation (ASync-In)'
36556 21:04:19 (0) ** Verify the reported status for each of these three inbound rules below.
36557 21:04:19 (0) **
36558 21:04:19 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI)' group rule: ............................................. DISABLED.
36559 21:04:19 (0) ** => This will prevent any WMI remote connectivity to/from this machine.
36560 21:04:19 (0) ** - You can adjust the configuration by executing the following command:
36561 21:04:19 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE GROUP="Windows Management Instrumentation (WMI)" NEW ENABLE=YES'
36562 21:04:19 (0) ** Note: With this command all inbound and outbound WMI rules are activated at once!
36563 21:04:19 (0) ** You can also enable each individual rule instead of activating the group rule.
36564 21:04:19 (0) **
36565 21:04:19 (0) ** Windows Firewall 'Windows Management Instrumentation (ASync-In)' rule: .............................................. DISABLED.
36566 21:04:19 (0) ** => This will prevent any WMI asynchronous inbound connectivity to this machine.
36567 21:04:19 (0) ** - You can adjust the configuration of this rule by executing the following command:
36568 21:04:19 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (ASync-In)" NEW ENABLE=YES'
36569 21:04:19 (0) **
36570 21:04:19 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-Out)' rule: ............................................... DISABLED.
36571 21:04:19 (0) ** => This will prevent any WMI asynchronous outbound connectivity from this machine.
36572 21:04:19 (0) ** - You can adjust the configuration of this rule by executing the following command:
36573 21:04:19 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (WMI-Out)" NEW ENABLE=YES'
36574 21:04:19 (0) **
36575 21:04:19 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-In)' rule: ................................................ DISABLED.
36576 21:04:19 (0) ** => This will prevent any WMI inbound connectivity to this machine.
36577 21:04:19 (0) ** Note: The rule 'Windows Management Instrumentation (WMI-In)' rule must be ENABLED to allow incoming WMI connectivity.
36578 21:04:19 (0) ** - You can adjust the configuration of this rule by executing the following command:
36579 21:04:19 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (WMI-In)" NEW ENABLE=YES'
36580 21:04:19 (0) **
36581 21:04:19 (0) ** Windows Firewall 'Windows Management Instrumentation (DCOM-In)' rule: ............................................... DISABLED.
36582 21:04:19 (0) ** => This will prevent any DCOM WMI inbound connectivity to this machine.
36583 21:04:19 (0) ** Note: The rule 'Windows Management Instrumentation (DCOM-In)' rule must be ENABLED to allow incoming DCOM WMI connectivity.
36584 21:04:19 (0) ** - You can adjust the configuration of this rule by executing the following command:
36585 21:04:19 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (DCOM-In)" NEW ENABLE=YES'
36586 21:04:19 (0) **
36587 21:04:19 (0) **
36588 21:04:19 (0) ** DCOM Status: ........................................................................................................ OK.
36589 21:04:19 (2) !! WARNING: WMI registry setup: ........................................................................................ SERVICE SETUP ISSUES!
36590 21:04:19 (0) ** => If the WMI service is RUNNING and if registry settings are not correct,
36591 21:04:19 (0) ** you should check which registry key is subject to modifications (below in this report).
36592 21:04:19 (0) ** You can eventually repair the registry:
36593 21:04:19 (0) ** - manually with REGEDIT.EXE.
36594 21:04:19 (0) ** - by importing the missing registry keys from a working system (same Windows version, same SP level).
36595 21:04:19 (0) ** - You can also repair the WMI Service registry setup by re-creating the WMI service
36596 21:04:19 (0) ** setup with the following command:
36597 21:04:19 (0) ** i.e. 'SC.EXE CREATE WINMGMT BINPATH= C:\WINDOWS\SYSTEM32\WBEM\WINMGMT.EXE START= AUTO'
36598 21:04:19 (0) ** Note: The SC.EXE command is available in the Windows Resource Kit.
36599 21:04:19 (0) ** If the command fails because the WMI service name already exists,
36600 21:04:19 (0) ** you can delete the existing definition with the following command:
36601 21:04:19 (0) ** i.e. 'SC.EXE DELETE WINMGMT'
36602 21:04:19 (0) ** If the SC.EXE command does not work, you can delete with REGEDIT.EXE the registry hive at:
36603 21:04:19 (0) ** 'HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt'
36604 21:04:19 (0) ** and re-execute the 'SC.EXE CREATE' command above.
36605 21:04:19 (0) ** Note: It could be required to reboot the system to refresh the Service Control Manager configuration.
36606 21:04:19 (0) ** - Once the WMI service is re-created:
36607 21:04:19 (0) ** - Make sure there is no other registry keys missing or wrongly configured.
36608 21:04:19 (0) ** You can manually add the missing keys with REGEDIT.
36609 21:04:19 (0) ** - After re-creating the registry, and fixing ALL missing entries, you must configure
36610 21:04:19 (0) ** the WMI service to run as a STANDALONE service host or as a SHARED service host (SvcHost)
36611 21:04:19 (0) ** You can achieve this by running the following commands:
36612 21:04:19 (0) ** - to configure the service to run as a SHARED service host (recommended):
36613 21:04:19 (0) ** i.e. 'WINMGMT.EXE /SharedHost'
36614 21:04:19 (0) ** - if you have issue to get the WMI service running as a SHARED service host, it
36615 21:04:19 (0) ** can be configured to run as a STANDALONEservice host:
36616 21:04:19 (0) ** i.e. 'WINMGMT.EXE /StandaloneHost'
36617 21:04:19 (0) ** => Reboot the system.
36618 21:04:19 (0) **
36619 21:04:19 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)!
36620 21:04:19 (0) ** - Security Center (WSCSVC, StartMode='Automatic')
36621 21:04:19 (0) ** - Internet Connection Sharing (ICS) (*) (SHAREDACCESS, StartMode='Manual')
36622 21:04:19 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
36623 21:04:19 (0) ** Note: If the service is marked with (*), it means that the service/application uses WMI but
36624 21:04:19 (0) ** there is no hard dependency on WMI. However, if the WMI service is stopped,
36625 21:04:19 (0) ** this can prevent the service/application to work as expected.
36626 21:04:19 (0) **
36627 21:04:19 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
36628 21:04:19 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
36629 21:04:19 (0) **
36630 21:04:19 (0) ** WMI service DCOM setup: ............................................................................................. OK.
36631 21:04:19 (2) !! WARNING: WMI DCOM components registration is missing for the following EXE/DLLs: .................................... 3 WARNING(S)!
36632 21:04:19 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\NETPEERDISTCIM.DLL (\CLSID\3292A418-BAC2-4BBF-BB07-66A1CB3B8B7D}\InProcServer32)
36633 21:04:19 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\POLICMAN.DLL (\CLSID\69D76D1B-B12E-4913-8F48-671B90195A2B}\InProcServer32)
36634 21:04:19 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\POLICMAN.DLL (\CLSID\AAEAE72F-0328-4763-8ECB-23422EDE2DB5}\InProcServer32)
36635 21:04:19 (0) ** => WMI System components are not properly registered as COM objects, which could make WMI to
36636 21:04:19 (0) ** fail depending on the operation requested.
36637 21:04:19 (0) ** => For a .DLL, you can correct the DCOM configuration by executing the 'REGSVR32.EXE <Filename.DLL>' command.
36638 21:04:19 (0) **
36639 21:04:19 (0) ** WMI ProgID registrations: ........................................................................................... OK.
36640 21:04:19 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
36641 21:04:19 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
36642 21:04:19 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
36643 21:04:19 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
36644 21:04:19 (0) **
36645 21:04:19 (0) ** INFO: User Account Control (UAC): ................................................................................... ENABLED.
36646 21:04:19 (0) ** => WMI tasks requiring Administrative privileges on this computer MUST run in an elevated context.
36647 21:04:19 (0) ** i.e. You can start your scripts or WMIC commands from an elevated command
36648 21:04:19 (0) ** prompt by right clicking on the 'Command Prompt' icon in the Start Menu and
36649 21:04:19 (0) ** selecting 'Run as Administrator'.
36650 21:04:19 (0) ** i.e. You can also execute the WMI scripts or WMIC commands as a task
36651 21:04:19 (0) ** in the Task Scheduler within the right security context.
36652 21:04:19 (0) **
36653 21:04:19 (0) ** INFO: Local Account Filtering: ...................................................................................... ENABLED.
36654 21:04:19 (0) ** => WMI tasks remotely accessing WMI information on this computer and requiring Administrative
36655 21:04:19 (0) ** privileges MUST use a DOMAIN account part of the Local Administrators group of this computer
36656 21:04:19 (0) ** to ensure that administrative privileges are granted. If a Local User account is used for remote
36657 21:04:19 (0) ** accesses, it will be reduced to a plain user (filtered token), even if it is part of the Local Administrators group.
36658 21:04:19 (0) **
36659 21:04:19 (0) ** Overall DCOM security status: ....................................................................................... OK.
36660 21:04:19 (0) ** Overall WMI security status: ........................................................................................ OK.
36661 21:04:19 (0) ** - Started at 'Root'
36662 21:04:19 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 1.
36663 21:04:19 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer".
36664 21:04:19 (0) ** 'select * from MSFT_SCMEventLogEvent'
36665 21:04:19 (0) **
36666 21:04:19 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
36667 21:04:19 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: .................................................................... 3 NAMESPACE(S)!
36668 21:04:19 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTTPM.
36669 21:04:19 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTVOLUMEENCRYPTION.
36670 21:04:19 (0) ** - ROOT/SERVICEMODEL.
36671 21:04:19 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to
36672 21:04:19 (0) ** use an encrypted connection by specifying the PACKET PRIVACY authentication level.
36673 21:04:19 (0) ** (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags)
36674 21:04:19 (0) ** i.e. 'WMIC.EXE /NODE:"DESKTOP-2E70RQ1" /AUTHLEVEL:Pktprivacy /NAMESPACE:\ROOT\SERVICEMODEL Class __SystemSecurity'
36675 21:04:19 (0) **
36676 21:04:19 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK.
36677 21:04:19 (1) !! ERROR: WMI CONNECTION errors occured for the following namespaces: .................................................. 2 ERROR(S)!
36678 21:04:19 (0) ** - Root/nap, 0x8004100E - (WBEM_E_INVALID_NAMESPACE) Namespace specified cannot be found.
36679 21:04:19 (0) ** - Root/aspnet, 0x8004100E - (WBEM_E_INVALID_NAMESPACE) Namespace specified cannot be found.
36680 21:04:19 (0) **
36681 21:04:19 (1) !! ERROR: WMI GET operation errors reported: ........................................................................... 25 ERROR(S)!
36682 21:04:19 (0) ** - Root/CIMV2, Win32_FloppyDrive, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
36683 21:04:19 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
36684 21:04:19 (0) ** - Root/CIMV2, Win32_FloppyController, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
36685 21:04:19 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
36686 21:04:19 (0) ** - Root/CIMV2, Win32_TerminalService, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
36687 21:04:19 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
36688 21:04:19 (0) ** - Root/CIMV2, Win32_PerfFormattedData_PerfProc_FullImage_Costly, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
36689 21:04:19 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
36690 21:04:19 (0) ** - Root/CIMV2, Win32_PerfRawData_PerfProc_FullImage_Costly, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
36691 21:04:19 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
36692 21:04:19 (0) ** - Root/CIMV2, Win32_PerfFormattedData_PerfProc_Image_Costly, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
36693 21:04:19 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
36694 21:04:19 (0) ** - Root/CIMV2, Win32_PerfRawData_PerfProc_Image_Costly, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
36695 21:04:19 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
36696 21:04:19 (0) ** - Root/CIMV2, Win32_PerfFormattedData_PerfProc_ProcessAddressSpace_Costly, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
36697 21:04:19 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
36698 21:04:19 (0) ** - Root/CIMV2, Win32_PerfRawData_PerfProc_ProcessAddressSpace_Costly, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
36699 21:04:19 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
36700 21:04:19 (0) ** - Root/CIMV2, Win32_PerfFormattedData_PerfProc_ThreadDetails_Costly, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
36701 21:04:19 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
36702 21:04:19 (0) ** - Root/CIMV2, Win32_PerfRawData_PerfProc_ThreadDetails_Costly, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
36703 21:04:19 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
36704 21:04:19 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCacheSettingData, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
36705 21:04:19 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
36706 21:04:19 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCacheHostedCacheServerSettingData, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
36707 21:04:19 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
36708 21:04:19 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCacheNetworkSettingData, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
36709 21:04:19 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
36710 21:04:19 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCacheContentServerSettingData, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
36711 21:04:19 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
36712 21:04:19 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCacheClientSettingData, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
36713 21:04:19 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
36714 21:04:19 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCacheStatus, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
36715 21:04:19 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
36716 21:04:19 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCacheCache, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
36717 21:04:19 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
36718 21:04:19 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCacheSecondaryCache, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
36719 21:04:19 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
36720 21:04:19 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCacheDataCacheExtension, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
36721 21:04:19 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
36722 21:04:19 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCachePrimaryCache, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
36723 21:04:19 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
36724 21:04:19 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCacheDataCache, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
36725 21:04:19 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
36726 21:04:19 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCacheHashCache, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
36727 21:04:19 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
36728 21:04:19 (0) ** - Root/STANDARDCIMV2, MSFT_NetBranchCacheOrchestrator, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
36729 21:04:19 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
36730 21:04:19 (0) ** - Root/WMI, Thread, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
36731 21:04:19 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
36732 21:04:19 (0) **
36733 21:04:19 (0) ** WMI MOF representations: ............................................................................................ OK.
36734 21:04:19 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
36735 21:04:19 (0) ** WMI ENUMERATION operations: ......................................................................................... OK.
36736 21:04:19 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
36737 21:04:19 (0) ** WMI GET VALUE operations: ........................................................................................... OK.
36738 21:04:19 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
36739 21:04:19 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
36740 21:04:19 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
36741 21:04:19 (0) ** WMI static instances retrieved: ..................................................................................... 1867.
36742 21:04:19 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
36743 21:04:19 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 1.
36744 21:04:19 (0) **
36745 21:04:19 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
36746 21:04:19 (0) ** DCOM: ............................................................................................................. 0.
36747 21:04:19 (0) ** WINMGMT: .......................................................................................................... 0.
36748 21:04:19 (0) ** WMIADAPTER: ....................................................................................................... 0.
36749 21:04:19 (0) **
36750 21:04:19 (0) ** # of additional Event Log events AFTER WMIDiag execution:
36751 21:04:19 (0) ** DCOM: ............................................................................................................. 0.
36752 21:04:19 (0) ** WINMGMT: .......................................................................................................... 0.
36753 21:04:19 (0) ** WMIADAPTER: ....................................................................................................... 0.
36754 21:04:19 (0) **
36755 21:04:19 (0) ** 2 error(s) 0x8004100E - (WBEM_E_INVALID_NAMESPACE) Namespace specified cannot be found
36756 21:04:19 (0) **
36757 21:04:19 (0) ** 25 error(s) 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found
36758 21:04:19 (0) ** => This error is typically a WMI error. This WMI error is due to:
36759 21:04:19 (0) ** - a missing WMI class definition or object.
36760 21:04:19 (0) ** (See any GET, ENUMERATION, EXECQUERY and GET VALUE operation failures).
36761 21:04:19 (0) ** You can correct the missing class definitions by:
36762 21:04:19 (0) ** - Manually recompiling the MOF file(s) with the 'MOFCOMP <FileName.MOF>' command.
36763 21:04:19 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag.
36764 21:04:19 (0) ** (This list can be built on a similar and working WMI Windows installation)
36765 21:04:19 (0) ** The following command line must be used:
36766 21:04:19 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider'
36767 21:04:19 (0) ** Note: When a WMI performance class is missing, you can manually resynchronize performance counters
36768 21:04:19 (0) ** with WMI by starting the ADAP process.
36769 21:04:19 (0) ** - a WMI repository corruption.
36770 21:04:19 (0) ** In such a case, you must rerun WMIDiag with 'WriteInRepository' parameter
36771 21:04:19 (0) ** to validate the WMI repository operations.
36772 21:04:19 (0) ** Note: ENSURE you are an administrator with FULL access to WMI EVERY namespaces of the computer before
36773 21:04:19 (0) ** executing the WriteInRepository command. To write temporary data from the Root namespace, use:
36774 21:04:19 (0) ** i.e. 'WMIDiag WriteInRepository=Root'
36775 21:04:19 (0) ** - If the WriteInRepository command fails, while being an Administrator with ALL accesses to ALL namespaces
36776 21:04:19 (0) ** the WMI repository must be reconstructed.
36777 21:04:19 (0) ** Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository,
36778 21:04:19 (0) ** otherwise some applications may fail after the reconstruction.
36779 21:04:19 (0) ** This can be achieved with the following command:
36780 21:04:19 (0) ** i.e. 'WMIDiag ShowMOFErrors'
36781 21:04:19 (0) ** Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing
36782 21:04:19 (0) ** ALL fixes previously mentioned.
36783 21:04:19 (2) !! WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory)
36784 21:04:19 (0) **
36785 21:04:19 (0) **
36786 21:04:19 (0) ** Unexpected, wrong or missing registry key values: ................................................................... 2 KEY(S)!
36787 21:04:19 (1) !! ERROR: Unexpected registry key value:
36788 21:04:19 (0) ** - Current: HKLM\SYSTEM\CurrentControlSet\Services\winmgmt\Start (REG_DWORD) -> &h4
36789 21:04:19 (0) ** - Expected: HKLM\SYSTEM\CurrentControlSet\Services\winmgmt\Start (REG_DWORD) -> &h4
36790 21:04:19 (0) ** From the command line, the registry configuration can be corrected with the following command:
36791 21:04:19 (0) ** i.e. 'REG.EXE Add "HKLM\SYSTEM\CurrentControlSet\Services\winmgmt" /v "Start" /t "REG_DWORD" /d "2" /f'
36792 21:04:19 (2) !! WARNING: Unexpected registry key value:
36793 21:04:19 (0) ** - Current: HKLM\SYSTEM\CurrentControlSet\Services\winmgmt\ImagePath (REG_EXPAND_SZ) -> %systemroot%\system32\svchost.exe -k netsvcs -p
36794 21:04:19 (0) ** - Expected: HKLM\SYSTEM\CurrentControlSet\Services\winmgmt\ImagePath (REG_EXPAND_SZ) -> %systemroot%\system32\svchost.exe -k netsvcs
36795 21:04:19 (0) ** From the command line, the registry configuration can be corrected with the following command:
36796 21:04:19 (0) **
36797 21:04:19 (0) **
36798 21:04:19 (0) **
36799 21:04:19 (0) **
36800 21:04:19 (0) **
36801 21:04:19 (0) **
36802 21:04:19 (0) **
36803 21:04:19 (0) ** WMI REPORT: END
36804 21:04:19 (0) **
36805 21:04:19 (0) **
36806 21:04:19 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\WMIDIAG-V2.2_WIN8.1_.CLI.RTM.64_DESKTOP-2E70RQ1_2017.12.05_20.57.21.LOG' for details.
36807 21:04:19 (0) **
36808 21:04:19 (0) ** WMIDiag v2.2 ended on Tuesday, December 5, 2017 at 21:04 (W:127 E:45 S:1).