Basic WMI Troubleshooting

  • Article

[Today’s post comes to us courtesy Ketan Upgade.]

WMI Overview: Windows Management Instrumentation (WMI) is Microsoft’s implementation of the Web-Based Enterprise Management (WBEM) standard. It provides a common interface and object model to access management information for the Operating System, devices and applications. WMI offers access to this information via scripts, C++ programming interfaces and .NET classes.

WMI Repository: These are the databases which the WMI uses. The default location for these databases is:

%windir%\system32\wbem

COM/DCOM: These are used for communication between Local and Remote computers, to access resources within and outside.

WMI Namespace: -The WMI repository uses a namespace containing several sub-namespaces that are arranged hierarchically to organize objects.  A management application must connect to a namespace before the application can access objects within the namespace.

Example: The namespace for Exchange Server 2003, installed on SBS 2003 is .\\root\\MicrosoftExchangev2.

Namespace uses Hierarchy. WMI creates some namespaces root\default, root\cimv2 and root\subscription at system startup and pre-installs a default set of class definitions.

WMI Provider: - A WMI Provider is a COM object that monitors managed objects for WMI.  A managed object is a component (logical or physical) - such as a hard drive, network card, Operating System or service consisting of a DLL and a MOF file that defines the classes for the Provider.

WMI Troubleshooting: There are 4 basic checks that need to be performed in order to start troubleshooting issues with WMI:

1. Check if we have a good WMI engine.

To check this do the following:

a. Start > Run > wmimgmt.msc.

b. Right Click on "WMI Control (Local)".

c. Select Properties.

If the WMI service is configured properly, the control snap-in will connect to WMI and display the properties dialog. Under the "General" tab you should see information about the operating system and the version of WMI.

clip_image002

2. WMI is dependent on COM/DCOM for its operation so DCOM and COM functionality should be checked :

a. Start > Run > Open: DCOMCNFG.

b. Expand Component Services node.

c. Expand Computers node.

d. Expand My Computer node. Make sure we don’t have RED ARROW on the “My Computer” object.

e. Expand DCOM Config node.

f. Right click Windows Management [and] Instrumentation.

g. Select Properties.

h. Also make sure Distributed Transaction Coordinator service is started for DCOM/COM to work properly.

clip_image004

3. Impersonation Rights:

This can be checked through Group Policy.

a. Start > Run > gpedit.msc.

b. Expand Computer Configuration à Windows Settings à Security Settings à Local Policies à User Rights Assig nment.

c. Verify that the SERVICE group is specifically granted the Impersonate a client after authentication right as shown in the screen shot below.

clip_image006

4. Module Registration:

In some cases it may be necessary to re-register all the WMI modules. Before doing so, please stop and disable the Windows Management Instrumentation service. After the procedure below is over, you can re-enable the service.

a. Start > Run > cmd.

b. Change directories, so we are on the C:\Windows\System32\WBEM prompt.

c. Run the following command to ensure that all the DLL’s are re-registered:

For /f %s in (‘dir /b /s *.dll’) do regsvr32 /s %s

d. Run the following command to re-register the WMI service:

Wmiprvse /regserver

e. Exit the command prompt.

Like the title says, these are just some basic steps that you might want to perform before you dig any deeper in WMI. If you still cannot resolve your issue with WMI then we suggest you call PSS.