Guest Muneer Ahmed Posted October 3, 2007 Posted October 3, 2007 Hi all, I have windows 2003 std version on on which DHCP and printer server is loaded, since one week its rebooting unexpectedly, I have enabled performance monitor and complete dump for dmp file, However I am not able to find out dmp file in the system (C root) i wanted to know how I can generate dmp file, server is far away from me I am using RDP to establish connection. following event found on server Event Type: Error Event Source: Application Error Event Category: (100) Event ID: 1000 Date: 1.10.2007 Time: 4:59:10 User: N/A Computer: ASAS002 Description: Faulting application wmiprvse.exe, version 5.2.3790.1830, faulting module msvcrt.dll, version 7.0.3790.1830, fault address 0x00027d70. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 41 70 70 6c 69 63 61 74 Applicat 0008: 69 6f 6e 20 46 61 69 6c ion Fail 0010: 75 72 65 20 20 77 6d 69 ure wmi 0018: 70 72 76 73 65 2e 65 78 prvse.ex 0020: 65 20 35 2e 32 2e 33 37 e 5.2.37 0028: 39 30 2e 31 38 33 30 20 90.1830 0030: 69 6e 20 6d 73 76 63 72 in msvcr 0038: 74 2e 64 6c 6c 20 37 2e t.dll 7. 0040: 30 2e 33 37 39 30 2e 31 0.3790.1 0048: 38 33 30 20 61 74 20 6f 830 at o 0050: 66 66 73 65 74 20 30 30 ffset 00 0058: 30 32 37 64 37 30 027d70 Thanx in advance Best Regards Amodiamm
Guest Robert L \(MS-MVP\) Posted October 3, 2007 Posted October 3, 2007 Re: how to create DMP file in windows 2003 A complete memory dump, which is written to the %SystemRoot%\Memory.dmp folder. Or these links may help. Server shutdown unexpected with ...Recently, the server has been shutdown unexpected with different Reason Code: 0x806000c, 0x8000005 and 0x805000f. He doesn't remember any thing change. ... http://www.chicagotech.net/netforums/viewtopic.php?t=989&start=0&postdays=0&postorder=asc&highli... Event ID TroubleshootingEvent ID: 1000 - The safe mode service of Windows SharePoint Services has .... Event ID 1000 and 1001 - Windows cannot read the history of GPOs from the ... http://www.chicagotech.net/wineventid.htm -- Bob Lin, MS-MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com "Muneer Ahmed" <MuneerAhmed@discussions.microsoft.com> wrote in message news:CBFA9ABD-5616-4B82-A098-DA668040EFBA@microsoft.com... > Hi all, > > I have windows 2003 std version on on which DHCP and printer server is > loaded, since one week its rebooting unexpectedly, I have enabled > performance > monitor and complete dump for dmp file, > > However I am not able to find out dmp file in the system (C root) i wanted > to know how I can generate dmp file, server is far away from me I am using > RDP to establish connection. > following event found on server > Event Type: Error > Event Source: Application Error > Event Category: (100) > Event ID: 1000 > Date: 1.10.2007 > Time: 4:59:10 > User: N/A > Computer: ASAS002 > Description: > Faulting application wmiprvse.exe, version 5.2.3790.1830, faulting module > msvcrt.dll, version 7.0.3790.1830, fault address 0x00027d70. > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > Data: > 0000: 41 70 70 6c 69 63 61 74 Applicat > 0008: 69 6f 6e 20 46 61 69 6c ion Fail > 0010: 75 72 65 20 20 77 6d 69 ure wmi > 0018: 70 72 76 73 65 2e 65 78 prvse.ex > 0020: 65 20 35 2e 32 2e 33 37 e 5.2.37 > 0028: 39 30 2e 31 38 33 30 20 90.1830 > 0030: 69 6e 20 6d 73 76 63 72 in msvcr > 0038: 74 2e 64 6c 6c 20 37 2e t.dll 7. > 0040: 30 2e 33 37 39 30 2e 31 0.3790.1 > 0048: 38 33 30 20 61 74 20 6f 830 at o > 0050: 66 66 73 65 74 20 30 30 ffset 00 > 0058: 30 32 37 64 37 30 027d70 > > Thanx in advance > > Best Regards > Amodiamm > > > > >
Guest Muneer Ahmed Posted October 4, 2007 Posted October 4, 2007 Re: how to create DMP file in windows 2003 Hi Robert, Appreciate your reply it was very helpful, i have requested the hotfix with Microsoft, while digging the root cause i have ran WMIdiag on my server 7 found following out but not able to understand much could you help me to resolve the issue. 29150 11:01:03 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': .................. MODIFIED. 29151 11:01:03 (1) !! ERROR: Actual trustee 'NT AUTHORITY\NETWORK SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default) 29152 11:01:03 (0) ** - ACTUAL ACE: 29153 11:01:03 (0) ** ACEType: &h0 29154 11:01:03 (0) ** ACCESS_ALLOWED_ACE_TYPE 29155 11:01:03 (0) ** ACEFlags: &h2 29156 11:01:03 (0) ** CONTAINER_INHERIT_ACE 29157 11:01:03 (0) ** ACEMask: &h1 29158 11:01:03 (0) ** WBEM_ENABLE 29159 11:01:03 (0) ** - EXPECTED ACE: 29160 11:01:03 (0) ** ACEType: &h0 29161 11:01:03 (0) ** ACCESS_ALLOWED_ACE_TYPE 29162 11:01:03 (0) ** ACEFlags: &h12 29163 11:01:03 (0) ** CONTAINER_INHERIT_ACE 29164 11:01:03 (0) ** INHERITED_ACE 29165 11:01:03 (0) ** ACEMask: &h13 29166 11:01:03 (0) ** WBEM_ENABLE 29167 11:01:03 (0) ** WBEM_METHOD_EXECUTE 29168 11:01:03 (0) ** WBEM_WRITE_PROVIDER 29169 11:01:03 (0) ** 29170 11:01:03 (0) ** => The actual ACE has the right(s) '&h12 WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed! 29171 11:01:03 (0) ** This will cause some operations to fail! 29172 11:01:03 (0) ** It is possible to fix this issue by editing the security descriptor and adding the removed right. 29173 11:01:03 (0) ** For WMI namespaces, this can be done with 'WMIMGMT.MSC'. 29174 11:01:03 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace. 29175 11:01:03 (0) ** The security diagnostic is based on the WMI namespace expected defaults. 29176 11:01:03 (0) ** A specific WMI application can always require a security setup different 29177 11:01:03 (0) ** than the WMI security defaults. 29178 11:01:03 (0) ** 29179 11:01:03 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': ..... MODIFIED. 29180 11:01:03 (1) !! ERROR: Actual trustee 'NT AUTHORITY\LOCAL SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default) 29181 11:01:03 (0) ** - ACTUAL ACE: 29182 11:01:03 (0) ** ACEType: &h0 29183 11:01:03 (0) ** ACCESS_ALLOWED_ACE_TYPE 29184 11:01:03 (0) ** ACEFlags: &h2 29185 11:01:03 (0) ** CONTAINER_INHERIT_ACE 29186 11:01:03 (0) ** ACEMask: &h1 29187 11:01:03 (0) ** WBEM_ENABLE 29188 11:01:03 (0) ** - EXPECTED ACE: 29189 11:01:03 (0) ** ACEType: &h0 29190 11:01:03 (0) ** ACCESS_ALLOWED_ACE_TYPE 29191 11:01:03 (0) ** ACEFlags: &h12 29192 11:01:03 (0) ** CONTAINER_INHERIT_ACE 29193 11:01:03 (0) ** INHERITED_ACE 29194 11:01:03 (0) ** ACEMask: &h13 29195 11:01:03 (0) ** WBEM_ENABLE 29196 11:01:03 (0) ** WBEM_METHOD_EXECUTE 29197 11:01:03 (0) ** WBEM_WRITE_PROVIDER 29198 11:01:03 (0) ** 29199 11:01:03 (0) ** => The actual ACE has the right(s) '&h12 WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed! 29200 11:01:03 (0) ** This will cause some operations to fail! 29201 11:01:03 (0) ** It is possible to fix this issue by editing the security descriptor and adding the removed right. 29202 11:01:03 (0) ** For WMI namespaces, this can be done with 'WMIMGMT.MSC'. 29203 11:01:03 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace. 29204 11:01:03 (0) ** The security diagnostic is based on the WMI namespace expected defaults. 29205 11:01:03 (0) ** A specific WMI application can always require a security setup different 29206 11:01:03 (0) ** than the WMI security defaults. 29207 11:01:03 (0) ** 29208 11:01:03 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': MODIFIED. 29209 11:01:03 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED! 29210 11:01:03 (0) ** - REMOVED ACE: 29211 11:01:03 (0) ** ACEType: &h0 29212 11:01:03 (0) ** ACCESS_ALLOWED_ACE_TYPE 29213 11:01:03 (0) ** ACEFlags: &h12 29214 11:01:03 (0) ** CONTAINER_INHERIT_ACE 29215 11:01:03 (0) ** INHERITED_ACE 29216 11:01:03 (0) ** ACEMask: &h13 29217 11:01:03 (0) ** WBEM_ENABLE 29218 11:01:03 (0) ** WBEM_METHOD_EXECUTE 29219 11:01:03 (0) ** WBEM_WRITE_PROVIDER 29220 11:01:03 (0) ** 29221 11:01:03 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 29222 11:01:03 (0) ** Removing default security will cause some operations to fail! 29223 11:01:03 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 29224 11:01:03 (0) ** For WMI namespaces, this can be done with 'WMIMGMT.MSC'. 29225 11:01:03 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace. 29226 11:01:03 (0) ** The security diagnostic is based on the WMI namespace expected defaults. 29227 11:01:03 (0) ** A specific WMI application can always require a security setup different 29228 11:01:03 (0) ** than the WMI security defaults. 29229 11:01:03 (0) ** 29230 11:01:03 (0) ** WMI namespace security for 'ROOT/ASPNET': .. MODIFIED. 29231 11:01:03 (1) !! ERROR: Actual trustee 'NT AUTHORITY\NETWORK SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default) 29232 11:01:03 (0) ** - ACTUAL ACE: 29233 11:01:03 (0) ** ACEType: &h0 29234 11:01:03 (0) ** ACCESS_ALLOWED_ACE_TYPE 29235 11:01:03 (0) ** ACEFlags: &h12 29236 11:01:03 (0) ** CONTAINER_INHERIT_ACE 29237 11:01:03 (0) ** INHERITED_ACE 29238 11:01:03 (0) ** ACEMask: &h13 29239 11:01:03 (0) ** WBEM_ENABLE 29240 11:01:03 (0) ** WBEM_METHOD_EXECUTE 29241 11:01:03 (0) ** WBEM_WRITE_PROVIDER 29242 11:01:03 (0) ** - EXPECTED ACE: 29243 11:01:03 (0) ** ACEType: &h0 29244 11:01:03 (0) ** ACCESS_ALLOWED_ACE_TYPE 29245 11:01:03 (0) ** ACEFlags: &h12 29246 11:01:03 (0) ** CONTAINER_INHERIT_ACE 29247 11:01:03 (0) ** INHERITED_ACE 29248 11:01:03 (0) ** ACEMask: &h33 29249 11:01:03 (0) ** WBEM_ENABLE 29250 11:01:03 (0) ** WBEM_METHOD_EXECUTE 29251 11:01:03 (0) ** WBEM_WRITE_PROVIDER 29252 11:01:03 (0) ** WBEM_REMOTE_ACCESS 29253 11:01:03 (0) ** 29254 11:01:03 (0) ** => The actual ACE has the right(s) '&h20 WBEM_REMOTE_ACCESS' removed! 29255 11:01:03 (0) ** This will cause some operations to fail! 29256 11:01:03 (0) ** It is possible to fix this issue by editing the security descriptor and adding the removed right. 29257 11:01:03 (0) ** For WMI namespaces, this can be done with 'WMIMGMT.MSC'. 29258 11:01:03 (0) ** 29259 11:01:03 (0) ** WMI namespace security for 'ROOT/ASPNET': ........................... MODIFIED. 29260 11:01:03 (1) !! ERROR: Actual trustee 'NT AUTHORITY\LOCAL SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default) 29261 11:01:03 (0) ** - ACTUAL ACE: 29262 11:01:03 (0) ** ACEType: &h0 29263 11:01:03 (0) ** ACCESS_ALLOWED_ACE_TYPE 29264 11:01:03 (0) ** ACEFlags: &h12 29265 11:01:03 (0) ** CONTAINER_INHERIT_ACE 29266 11:01:03 (0) ** INHERITED_ACE 29267 11:01:03 (0) ** ACEMask: &h13 29268 11:01:03 (0) ** WBEM_ENABLE 29269 11:01:03 (0) ** WBEM_METHOD_EXECUTE 29270 11:01:03 (0) ** WBEM_WRITE_PROVIDER 29271 11:01:03 (0) ** - EXPECTED ACE: 29272 11:01:03 (0) ** ACEType: &h0 29273 11:01:03 (0) ** ACCESS_ALLOWED_ACE_TYPE 29274 11:01:03 (0) ** ACEFlags: &h12 29275 11:01:03 (0) ** CONTAINER_INHERIT_ACE 29276 11:01:03 (0) ** INHERITED_ACE 29277 11:01:03 (0) ** ACEMask: &h33 29278 11:01:03 (0) ** WBEM_ENABLE 29279 11:01:03 (0) ** WBEM_METHOD_EXECUTE 29280 11:01:03 (0) ** WBEM_WRITE_PROVIDER 29281 11:01:03 (0) ** WBEM_REMOTE_ACCESS 29282 11:01:03 (0) ** 29283 11:01:03 (0) ** => The actual ACE has the right(s) '&h20 WBEM_REMOTE_ACCESS' removed! 29284 11:01:03 (0) ** This will cause some operations to fail! 29285 11:01:03 (0) ** It is possible to fix this issue by editing the security descriptor and adding the removed right. 29286 11:01:03 (0) ** For WMI namespaces, this can be done with 'WMIMGMT.MSC'. 29287 11:01:03 (0) ** 29288 11:01:03 (0) ** 29289 11:01:03 (0) ** DCOM security warning(s) detected: ...... 0. 29290 11:01:03 (0) ** DCOM security error(s) detected: ...... 0. 29291 11:01:03 (0) ** WMI security warning(s) detected: ......................................... 0. 29292 11:01:03 (0) ** WMI security error(s) detected: ................... 5. 29293 11:01:03 (0) ** 29294 11:01:03 (0) ** Overall DCOM security status: ........................ OK. 29295 11:01:03 (1) !! ERROR: Overall WMI security status: ........................ ERROR! 29296 11:01:03 (0) ** - Started at 'Root' 29297 11:01:03 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ............. 54. 29298 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA44". 29299 11:01:03 (0) ** 'select * from MSMCAEvent_InvalidError where (type = 2147811432) and (LogToEventlog <> 0)' 29300 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA23". 29301 11:01:03 (0) ** 'select * from MSMCAEvent_PCIBusError where (type = 3221553235) and (LogToEventlog <> 0)' 29302 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA32". 29303 11:01:03 (0) ** 'select * from MSMCAEvent_PCIBusError where (type = 2147811420) and (LogToEventlog <> 0)' 29304 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA14". 29305 11:01:03 (0) ** 'select * from MSMCAEvent_MemoryError where (type = 2147811402) and (LogToEventlog <> 0)' 29306 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA37". 29307 11:01:03 (0) ** 'select * from MSMCAEvent_PCIBusError where (type = 3221553249) and (LogToEventlog <> 0)' 29308 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer". 29309 11:01:03 (0) ** 'select * from MSFT_SCMEventLogEvent' 29310 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA5". 29311 11:01:03 (0) ** 'select * from MSMCAEvent_CPUError where (type = 3221553217) and (LogToEventlog <> 0)' 29312 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA18". 29313 11:01:03 (0) ** 'select * from MSMCAEvent_SystemEventError where (type = 2147811406) and (LogToEventlog <> 0)' 29314 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA3". 29315 11:01:03 (0) ** 'select * from MSMCAEvent_CPUError where (type = 3221553215) and (LogToEventlog <> 0)' 29316 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA41". 29317 11:01:03 (0) ** 'select * from MSMCAEvent_SMBIOSError where (type = 3221553253) and (LogToEventlog <> 0)' 29318 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA26". 29319 11:01:03 (0) ** 'select * from MSMCAEvent_PCIBusError where (type = 2147811414) and (LogToEventlog <> 0)' 29320 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA36". 29321 11:01:03 (0) ** 'select * from MSMCAEvent_PCIBusError where (type = 2147811424) and (LogToEventlog <> 0)' 29322 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA9". 29323 11:01:03 (0) ** 'select * from MSMCAEvent_CPUError where (type = 3221553221) and (LogToEventlog <> 0) and not ((MSSid = 0) and ((MsOp <> 3) or (MSOp <> 4)))' 29324 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA10". 29325 11:01:03 (0) ** 'select * from MSMCAEvent_MemoryError where (type = 2147811398) and (LogToEventlog <> 0)' 29326 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA17". 29327 11:01:03 (0) ** 'select * from MSMCAEvent_MemoryError where (type = 3221553229) and (LogToEventlog <> 0)' 29328 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA1". 29329 11:01:03 (0) ** 'select * from MSMCAEvent_CPUError where (type = 3221553213) and (LogToEventlog <> 0)' 29330 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA42". 29331 11:01:03 (0) ** 'select * from MSMCAEvent_PlatformSpecificError where (type = 2147811430) and (LogToEventlog <> 0)' 29332 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA4". 29333 11:01:03 (0) ** 'select * from MSMCAEvent_CPUError where (type = 2147811392) and (LogToEventlog <> 0)' 29334 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA25". 29335 11:01:03 (0) ** 'select * from MSMCAEvent_PCIBusError where (type = 3221553237) and (LogToEventlog <> 0)' 29336 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA49". 29337 11:01:03 (0) ** 'select * from MSMCAEvent_CPUError where (MajorErrorType = 4) and (MSSid = 0) and (MSOp = 4) and (LogToEventlog <> 0)' 29338 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA27". 29339 11:01:03 (0) ** 'select * from MSMCAEvent_PCIBusError where (type = 3221553239) and (LogToEventlog <> 0)' 29340 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA45". 29341 11:01:03 (0) ** 'select * from MSMCAEvent_InvalidError where (type = 3221553257) and (LogToEventlog <> 0)' 29342 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA8". 29343 11:01:03 (0) ** 'select * from MSMCAEvent_CPUError where (type = 2147811396) and (LogToEventlog <> 0) and not ((MSSid = 0) and ((MsOp <> 3) or (MSOp <> 4)))' 29344 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA40". 29345 11:01:03 (0) ** 'select * from MSMCAEvent_SMBIOSError where (type = 2147811428) and (LogToEventlog <> 0)' 29346 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA39". 29347 11:01:03 (0) ** 'select * from MSMCAEvent_PCIComponentError where (type = 3221553251) and (LogToEventlog <> 0)' 29348 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA29". 29349 11:01:03 (0) ** 'select * from MSMCAEvent_PCIBusError where (type = 3221553241) and (LogToEventlog <> 0)' 29350 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA20". 29351 11:01:03 (0) ** 'select * from MSMCAEvent_PCIBusError where (type = 2147811408) and (LogToEventlog <> 0)' 29352 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA48". 29353 11:01:03 (0) ** 'select * from MSMCAEvent_CPUError where (MajorErrorType = 4) and (MSSid = 0) and (MSOp = 3) and (LogToEventlog <> 0)' 29354 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA28". 29355 11:01:03 (0) ** 'select * from MSMCAEvent_PCIBusError where (type = 2147811416) and (LogToEventlog <> 0)' 29356 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA33". 29357 11:01:03 (0) ** 'select * from MSMCAEvent_PCIBusError where (type = 3221553245) and (LogToEventlog <> 0)' 29358 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA7". 29359 11:01:03 (0) ** 'select * from MSMCAEvent_CPUError where (type = 3221553219) and (LogToEventlog <> 0)' 29360 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA16". 29361 11:01:03 (0) ** 'select * from MSMCAEvent_MemoryError where (type = 2147811404) and (LogToEventlog <> 0)' 29362 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA43". 29363 11:01:03 (0) ** 'select * from MSMCAEvent_PlatformSpecificError where (type = 3221553255) and (LogToEventlog <> 0)' 29364 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA21". 29365 11:01:03 (0) ** 'select * from MSMCAEvent_PCIBusError where (type = 3221553233) and (LogToEventlog <> 0)' 29366 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA6". 29367 11:01:03 (0) ** 'select * from MSMCAEvent_CPUError where (type = 2147811394) and (LogToEventlog <> 0)' 29368 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA31". 29369 11:01:03 (0) ** 'select * from MSMCAEvent_PCIBusError where (type = 3221553243) and (LogToEventlog <> 0)' 29370 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA12". 29371 11:01:03 (0) ** 'select * from MSMCAEvent_MemoryError where (type = 2147811400) and (LogToEventlog <> 0)' 29372 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA46". 29373 11:01:03 (0) ** 'select * from MSMCAEvent_InvalidError where (type = 2147811434) and (LogToEventlog <> 0)' 29374 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA47". 29375 11:01:03 (0) ** 'select * from MSMCAEvent_InvalidError where (type = 3221553259) and (LogToEventlog <> 0)' 29376 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA35". 29377 11:01:03 (0) ** 'select * from MSMCAEvent_PCIBusError where (type = 3221553247) and (LogToEventlog <> 0)' 29378 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA0". 29379 11:01:03 (0) ** 'select * from MSMCAEvent_CPUError where (type = 2147811388) and (LogToEventlog <> 0)' 29380 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA19". 29381 11:01:03 (0) ** 'select * from MSMCAEvent_SystemEventError where (type = 3221553231) and (LogToEventlog <> 0)' 29382 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA11". 29383 11:01:03 (0) ** 'select * from MSMCAEvent_MemoryError where (type = 3221553223) and (LogToEventlog <> 0)' 29384 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA52". 29385 11:01:03 (0) ** 'select * from MSMCAEvent_MemoryPageRemoved' 29386 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA30". 29387 11:01:03 (0) ** 'select * from MSMCAEvent_PCIBusError where (type = 2147811418) and (LogToEventlog <> 0)' 29388 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA15". 29389 11:01:03 (0) ** 'select * from MSMCAEvent_MemoryError where (type = 3221553227) and (LogToEventlog <> 0)' 29390 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA38". 29391 11:01:03 (0) ** 'select * from MSMCAEvent_PCIComponentError where (type = 2147811426) and (LogToEventlog <> 0)' 29392 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA34". 29393 11:01:03 (0) ** 'select * from MSMCAEvent_PCIBusError where (type = 2147811422) and (LogToEventlog <> 0)' 29394 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA2". 29395 11:01:03 (0) ** 'select * from MSMCAEvent_CPUError where (type = 2147811390) and (LogToEventlog <> 0)' 29396 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA22". 29397 11:01:03 (0) ** 'select * from MSMCAEvent_PCIBusError where (type = 2147811410) and (LogToEventlog <> 0)' 29398 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA13". 29399 11:01:03 (0) ** 'select * from MSMCAEvent_MemoryError where (type = 3221553225) and (LogToEventlog <> 0)' 29400 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA50". 29401 11:01:03 (0) ** 'select * from MSMCAEvent_CPUError where (type = 2147811441) and (LogToEventlog <> 0)' 29402 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA51". 29403 11:01:03 (0) ** 'select * from MSMCAEvent_CPUError where (type = 3221553266) and (LogToEventlog <> 0)' 29404 11:01:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA24". 29405 11:01:03 (0) ** 'select * from MSMCAEvent_PCIBusError where (type = 2147811412) and (LogToEventlog <> 0)' 29406 11:01:03 (0) ** 29407 11:01:03 (0) ** WMI TIMER instruction(s): ... NONE. 29408 11:01:03 (0) ** WMI ADAP status: ........... OK. 29409 11:01:03 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: ........... 1 NAMESPACE(S)! 29410 11:01:03 (0) ** - ROOT/SERVICEMODEL. 29411 11:01:03 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to 29412 11:01:03 (0) ** use an encrypted connection by specifying the PACKET PRIVACY authentication level. 29413 11:01:03 (0) ** (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags) 29414 11:01:03 (0) ** i.e. 'WMIC.EXE /NODE:"ASAS002" /AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class __SystemSecurity' 29415 11:01:03 (0) ** 29416 11:01:03 (0) ** WMI MONIKER 29418 11:01:03 (1) !! ERROR: WMI GET operation errors reported: .... 12 ERROR(S)! 29419 11:01:03 (0) ** - Root/CIMv2, Win32_PerfRawData_PerfOS_Cache, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 29420 11:01:03 (0) ** MOF Registration: 'No located MOF file (exception)' 29421 11:01:03 (0) ** - Root/CIMv2, Win32_PerfRawData_PerfOS_Memory, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 29422 11:01:03 (0) ** MOF Registration: 'No located MOF file (exception)' 29423 11:01:03 (0) ** - Root/CIMv2, Win32_PerfRawData_PerfOS_Objects, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 29424 11:01:03 (0) ** MOF Registration: 'No located MOF file (exception)' 29425 11:01:03 (0) ** - Root/CIMv2, Win32_PerfRawData_PerfOS_PagingFile, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 29426 11:01:03 (0) ** MOF Registration: 'No located MOF file (exception)' 29427 11:01:03 (0) ** - Root/CIMv2, Win32_PerfRawData_PerfOS_Processor, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 29428 11:01:03 (0) ** MOF Registration: 'No located MOF file (exception)' 29429 11:01:03 (0) ** - Root/CIMv2, Win32_PerfRawData_PerfOS_System, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 29430 11:01:03 (0) ** MOF Registration: 'No located MOF file (exception)' 29431 11:01:03 (0) ** - Root/CIMv2, Win32_PerfFormattedData_PerfOS_Cache, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 29432 11:01:03 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\WMI.MOF' 29433 11:01:03 (0) ** - Root/CIMv2, Win32_PerfFormattedData_PerfOS_Memory, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 29434 11:01:03 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\WMI.MOF' 29435 11:01:03 (0) ** - Root/CIMv2, Win32_PerfFormattedData_PerfOS_Objects, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 29436 11:01:03 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\WMI.MOF' 29437 11:01:03 (0) ** - Root/CIMv2, Win32_PerfFormattedData_PerfOS_PagingFile, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 29438 11:01:03 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\WMI.MOF' 29439 11:01:03 (0) ** - Root/CIMv2, Win32_PerfFormattedData_PerfOS_Processor, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 29440 11:01:03 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\WMI.MOF' 29441 11:01:03 (0) ** - Root/CIMv2, Win32_PerfFormattedData_PerfOS_System, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 29442 11:01:03 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\WMI.MOF' 29443 11:01:03 (0) ** => When a WMI performance class is missing (i.e. 'Win32_PerfFormattedData_PerfOS_System'), it is generally due to 29444 11:01:03 (0) ** a synchronization issue between the performance counters and WMI. 29445 11:01:03 (0) ** The AutoDiscovery/AutoPurge (ADAP) process logs informative events in the Windows NT event log. 29446 11:01:03 (0) ** More information can be found on MSDN at: 29447 11:01:03 (0) ** http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/wmi_adap_event_log_events.asp 29448 11:01:03 (0) ** 29449 11:01:03 (0) ** - The last time the ADAP process was STARTED was the '12 July 2007 03:03:21:040000 (GMT+2)'. 29450 11:01:03 (0) ** - The last time the ADAP process was STOPPED was the '12 July 2007 03:05:25:683000 (GMT+2)'. 29451 11:01:03 (0) ** - The latest ADAP process status is 'The WMI ADAP process has finished (4).'. 29452 11:01:03 (0) ** 29453 11:01:03 (0) ** You can attempt to resynchronize the WMI performance classes with the existing Windows 29454 11:01:03 (0) ** performance counters with the following commands: 29455 11:01:03 (0) ** i.e. 'WINMGMT.EXE /CLEARADAP' 29456 11:01:03 (0) ** i.e. 'WINMGMT.EXE /RESYNCPERF' 29457 11:01:03 (0) ** 29458 11:01:03 (0) ** WMI MOF representations: ....OK. 29459 11:01:03 (0) ** WMI QUALIFIER access operations: ................... OK. 29460 11:01:03 (0) ** WMI ENUMERATION operations: .............. OK. 29461 11:01:03 (0) ** WMI EXECQUERY operations: ................... OK. 29462 11:01:03 (0) ** WMI GET VALUE operations: ............ OK. 29463 11:01:03 (0) ** WMI WRITE operations: ........... NOT TESTED. 29464 11:01:03 (0) ** WMI PUT operations: ........ NOT TESTED. 29465 11:01:03 (0) ** WMI DELETE operations: ........... NOT TESTED. 29466 11:01:03 (0) ** WMI static instances retrieved: ........ 1230. 29467 11:01:03 (0) ** WMI dynamic instances retrieved: ............. 0. 29468 11:01:03 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 0. 29469 11:01:03 (0) ** -- 29470 11:01:03 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s): 29471 11:01:03 (0) ** DCOM: .................. 0. 29472 11:01:03 (0) ** WINMGMT: ............. 0. 29473 11:01:03 (0) ** WMIADAPTER: ............. 0. 29474 11:01:03 (0) ** 29475 11:01:03 (0) ** # of additional Event Log events AFTER WMIDiag execution: 29476 11:01:03 (0) ** DCOM: ..... 0. 29477 11:01:03 (0) ** WINMGMT: ...................... 0. 29478 11:01:03 (0) ** WMIADAPTER: ................. 0. 29479 11:01:03 (0) ** 29480 11:01:03 (0) ** 12 error(s) 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found 29481 11:01:03 (0) ** => This error is typically a WMI error. This WMI error is due to: 29482 11:01:03 (0) ** - a missing WMI class definition or object. 29483 11:01:03 (0) ** (See any GET, ENUMERATION, EXECQUERY and GET VALUE operation failures). 29484 11:01:03 (0) ** You can correct the missing class definitions by: 29485 11:01:03 (0) ** - Manually recompiling the MOF file(s) with the 'MOFCOMP <FileName.MOF>' command. 29486 11:01:03 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag. 29487 11:01:03 (0) ** (This list can be built on a similar and working WMI Windows installation) 29488 11:01:03 (0) ** The following command line must be used: 29489 11:01:03 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider' 29490 11:01:03 (0) ** Note: When a WMI performance class is missing, you can manually resynchronize performance counters 29491 11:01:03 (0) ** with WMI by starting the ADAP process. 29492 11:01:03 (0) ** - a WMI repository corruption. 29493 11:01:03 (0) ** Under Windows XP 64-bit SP1, Windows 2003 SP1 and Windows Vista, the 29494 11:01:03 (0) ** repository consistency is ALWAYS verified. 29495 11:01:03 (0) ** Under Windows XP SP2, the repository consistency must be explicitly requested: 29496 11:01:03 (0) ** i.e. 'WMIDiag CheckConsistency'' 29497 11:01:03 (0) ** Check the state of the repository above in the WMIDiag report. 29498 11:01:03 (0) ** If the repository is inconsistent, it must be reconstructed. 29499 11:01:03 (0) ** Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository, 29500 11:01:03 (0) ** otherwise some applications may fail after the reconstruction. 29501 11:01:03 (0) ** This can be achieved with the following command: 29502 11:01:03 (0) ** i.e. 'WMIDiag ShowMOFErrors' 29503 11:01:03 (0) ** Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing 29504 11:01:03 (0) ** ALL fixes previously mentioned. 29505 11:01:03 (2) !! WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory) 29506 11:01:03 (0) ** 29507 11:01:03 (0) ** 29508 11:01:03 (0) ** WMI Registry key setup: .............. OK. 29517 11:01:03 (0) ** 29518 11:01:03 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\DOCUMENTS AND SETTINGS\CAPKHAMZ\LOCAL SETTINGS\TEMP\WMIDIAG-V2.0_2003_.SRV.SP1.32_ASAS002_2007.10.04_10.52.56.LOG' for details. 29519 11:01:03 (0) ** 29520 11:01:03 (0) ** WMIDiag v2.0 ended on 4. lokakuuta 2007 at 11:01 (W:80 E:28 S:1). Thanks in advance. Amodiamm
Recommended Posts