imageHere’s a new Knowledge Base article we published today. This one talks about an issue where when using WEDM 2011 and trying to access the Deployments, Configuration Items, and Configuration Packages nodes under the Embedded Device Management node in a remote Configuration Manager 2007 (ConfigMgr) console, the nodes will display “The ConfigMgr Provider reported an error”.

=====

Symptoms

When using WEDM 2011 and trying to access the Deployments, Configuration Items, and Configuration Packages nodes under the Embedded Device Management node in a remote Configuration Manager 2007 (ConfigMgr) console, the nodes will display the following error:

[*The ConfigMgr Provider reported an error.*]

The issue only happens if the logged in user does not have Administrator privileges on the remote site server. The user can access all other nodes in the remote ConfigMgr 2007 console that they have access to without issue. Additionally if the user logs into the server directly and uses the ConfigMgr 2007 console directly on the site server, they do have access to the WEDM nodes.

Examining the SMSAdminUI.log on the PC running the remote console reveals the following errors:

[3][<Date> <Time>] :Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryException\r\nThe ConfigMgr Provider reported an error.\r\n
at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryResultsObject.<GetEnumerator>d__0.MoveNext()
at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryProcessor.ProcessQueryWorker(AsyncOperationDatabase asyncData)
at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)\r\nConfigMgr Error Object:
instance of __ExtendedStatus
{
Operation = "ExecQuery";
ParameterInfo = "SELECT DeploymentID,JobCreationTime,CollectionID,CollectionName,DeploymentName,DeploymentComment,IncludeSubCollection,OEMPluginID,ImageFileLocation,
StartTimeEnabled,StartTimeIsGMT,ExpirationTimeEnabled,ExpirationTimeIsGMT,StartTime,ExpirationTime,DeploymentStatusName,DeploymentStatus,RemoteServerName
FROM EDM_ImageDeployment";
ProviderName = "WinMgmt";
};
Error Code:
ProviderLoadFailure
\r\nSystem.Management.ManagementException\r\nProvider load failure \r\n at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryResultsObject.<GetEnumerator>d__0.MoveNext()\r\nManagementException details:
instance of __ExtendedStatus
{
Operation = "ExecQuery";
ParameterInfo = "SELECT DeploymentID,JobCreationTime,CollectionID,CollectionName,DeploymentName,DeploymentComment,IncludeSubCollection,OEMPluginID,ImageFileLocation,
StartTimeEnabled,StartTimeIsGMT,ExpirationTimeEnabled,ExpirationTimeIsGMT,StartTime,ExpirationTime,DeploymentStatusName,DeploymentStatus,RemoteServerName
FROM EDM_ImageDeployment";
ProviderName = "WinMgmt";
};
\r\n

[3][<Date> <Time>] :Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryException\r\nThe ConfigMgr Provider reported an error.\r\n
at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryResultsObject.<GetEnumerator>d__0.MoveNext()
at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryProcessor.ProcessQueryWorker(AsyncOperationDatabase asyncData)
at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)\r\nConfigMgr Error Object:
instance of __ExtendedStatus
{
Operation = "ExecQuery";
ParameterInfo = "SELECT ProvisioningItemUniqueId, Type, Description, SupportedDeviceTypes, SourceSite FROM EDM_ProvisioningItem";
ProviderName = "WinMgmt";
};
Error Code:
ProviderLoadFailure
\r\nSystem.Management.ManagementException\r\nProvider load failure \r\n at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryResultsObject.<GetEnumerator>d__0.MoveNext()\r\nManagementException details:
instance of __ExtendedStatus
{
Operation = "ExecQuery";
ParameterInfo = "SELECT ProvisioningItemUniqueId, Type, Description, SupportedDeviceTypes, SourceSite FROM EDM_ProvisioningItem";
ProviderName = "WinMgmt";
};
\r\n

[3][<Date> <Time>] :Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryException\r\nThe ConfigMgr Provider reported an error.\r\n
at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryResultsObject.<GetEnumerator>d__0.MoveNext()
at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryProcessor.ProcessQueryWorker(AsyncOperationDatabase asyncData)
at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)\r\nConfigMgr Error Object:
instance of __ExtendedStatus
{
Operation = "ExecQuery";
ParameterInfo = "Select ProvisioningPackageUniqueId, Description,ProvisioningItemUniqueIds,SourceSite,PlatFormType,PackageID FROM EDM_ProvisioningPackage";
ProviderName = "WinMgmt";
};
Error Code:
ProviderLoadFailure
\r\nSystem.Management.ManagementException\r\nProvider load failure \r\n at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryResultsObject.<GetEnumerator>d__0.MoveNext()\r\nManagementException details:
instance of __ExtendedStatus
{
Operation = "ExecQuery";
ParameterInfo = "Select ProvisioningPackageUniqueId, Description,ProvisioningItemUniqueIds,SourceSite,PlatFormType,PackageID FROM EDM_ProvisioningPackage";
ProviderName = "WinMgmt";
};
\r\n

The SMSProv.log on the site server does not reveal any errors.

Using WBEMTest on the PC running the remote console to perform either one of the following two actions on the \\<site_server>\root\SMS\site_<site_code> namespace:

  1. Trying to run the WMI queries shown in the SMSAdminUI.log
  2. Trying to access the instances of the EDM_ImageDeployment, EDM_ProvisioningItem, or EDM_ProvisioningPackage classes

it will generate the following error message:

Error
Number: 0x80041013
Facility: WMI
Description: Provider load failure

Error 0x80041013 is:

hex 0x80041013 / decimal -2147217389
WBEM_E_PROVIDER_LOAD_FAILURE

Cause

In addition to the standard ConfigMgr WMI namespace of \\<site_server>\root\SMS\site_<site_code>, WEDM 2011 also has a second WMI namespace it utilizes under \\<site_server>\root\EDM. The EDM namespace is used by the ConfigMgr 2007 console when accessing the WEDM 2011 nodes. Although the classes and instances for WEDM can be seen under the ConfigMgr namespace, they actually map back to the WEDM namespace via a proxy provider. By default administrators on the site server have remote privileges on the EDM namespace. However non-administrators on the site server do not have remote privileges to the EDM namespace.

Resolution

To resolve the issue, on the site server give the appropriate permissions on the EDM WMI namespace to the local group SMS Admins:

  1. On the site server, open Server Manager.
  2. In the Server Manager console expand the Configuration node.
  3. Right click on WMI Control and choose Properties.
  4. In the WMI Control Properties window, click on the Security tab.
  5. Expand the Root tree and select Edm.
  6. With the Edm node selected, click on the Security button.
  7. In the Security for ROOT\Edm window, click on the Add... button.
  8. In the Select Users, Computers, Service Accounts, or Groups window, click on the Locations... button.
  9. In the Locations window, select the local site server instead of a domain under Entire Directory. The local site server will usually be the first item in the list.
  10. After selecting the local site server in the Locations window, click on the OK button.
  11. In the Select Users or Groups window, in the text box under Enter the object names to select, type in
    SMS Admins

    In the Select Users or Groups window, click on the OK button.
  12. Under Group or user names:, make sure that SMS Admins is highlighted.
  13. Under Permissions for SMS Admins, check the Allow box for the following items:
    Execute Methods
    Provider Write
    Enable Account
    Remote Enable
  14. In the Security for ROOT\Edm window, click on the OK button.
  15. In the WMI Control Properties window, click on the OK button.

=====

For the most current version of this article please see the following:

2723355 - Unable to Access WEDM 2011 Nodes on a Remote System Center Configuration Manager 2007 Console

J.C. Hornbeck | System Center & Security Knowledge Engineer

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

App-V Team blog: http://blogs.technet.com/appv/
ConfigMgr Support Team blog: http://blogs.technet.com/configurationmgr/
DPM Team blog: http://blogs.technet.com/dpm/
MED-V Team blog: http://blogs.technet.com/medv/
Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
Operations Manager Team blog: http://blogs.technet.com/momteam/
SCVMM Team blog: http://blogs.technet.com/scvmm
Server App-V Team blog: http://blogs.technet.com/b/serverappv
Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center Essentials Team blog: http://blogs.technet.com/b/systemcenteressentials
WSUS Support Team blog: http://blogs.technet.com/sus/

The Forefront Server Protection blog: http://blogs.technet.com/b/fss/
The Forefront Endpoint Security blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/