Good morning AskPerf blog readers! Subheet here from the Windows Performance Team. It’s been a while since I’ve written a BLOG, and am really excited about this one. This time, I’m back with our brand new, much anticipated, WMI troubleshooting tool, WMIDIAG 2.1.
The WMI Diagnosis Tool is a VBScript based-tool for testing, validating, and analyzing WMI installation/issues. The tool collects data from WMI installations on all Microsoft Operating Systems at any or no service pack level.
WMI Diagnostics 2.1 requires you to have Local Administrator rights as well as Windows Script Host (WSH) enabled.
To download this tool, please click here.
After you download WMIDiag.exe, run it and extract the files to a local folder. If you double-click WMIDiag.vbs, the following message will appear:
If you want to see its activity, then you would run “cscript WMIDiag.vbs” from the command prompt.
WMIDIAG can be run from Windows Explorer, or from the command line. Each time it runs, the WMI Diagnosis Tool creates the following three files in the %TEMP% directory:
- .LOG file containing all the WMI Diagnosis Tool activity as well as a WMI report at the end
- .TXT file containing the WMI Diagnosis Tool report
- .CSV file containing statistics that can be used to measure trends and issues
When the WMI Diagnosis Tool terminates, the ERRORLEVEL environment variable is set to one of the following values:
0 = SUCCESS
- WSH has a script execution timeout setup (in machine or system environment)
- Machine reports suspicious improper shutdowns
- User Account Control (UAC) status is reported (Vista and above)
- Local account token filter policy is reported (Vista and above)
- Unexpected binaries in the WBEM folder
- The Windows Firewall is enabled
- Some WMI service installed in the machine are dependent on the WMI service (i.e. “SMS Agent)
- WMI ADAP has a status different than ‘running’
- Some WMI namespaces require a packet privacy encryption for a successful connection
- Some WMI permanent subscriptions or timer instructions are configured
- Some information about registry key configurations for DCOM and/or WMI was reported
1 = ERROR
- System32 or WBEM folders are not in the PATH
- WMI system file(s)\ repository is/are missing
- WMI repository is inconsistent (XP SP2, 2003 SP1 and above)
- DCOM is disabled
- WMI service is disabled
- The RPCSS and/or the WMI service(s) cannot be started
- WMI DCOM setup issues
- Expected default trustee or ACE has been removed from a DCOM or WMI security descriptor
- The ADAP status is not available
- One or more WMI connections failed
- Some GET operations\WMI class MOF representations\WMI qualifier retrieval operations failed
- Some critical WMI ENUMERATION operations\WMI EXECQUERY\WMI GET operations failed
- Some WRITE operations in the WMI repository\PUT\DELETE operations failed
- One of the queries of the event log entries for DCOM, WMI and WMIADAPTER failed
- Some critical registry key configurations for DCOM and/or WMI were reported
2 = WARNING
- System32 or WBEM folders are further in the PATH string than the maximum system length
- System drive and/or Drive type reporting are skipped
- DCOM has an incorrect default authentication level (other than ‘Connect’)
- DCOM has an incorrect default impersonation level (other than ‘Identify’)
- WMI service has an invalid host setup
- WMI service (SCM configuration) has an invalid registry configuration
- Some WMI components have a DCOM registration issue
- WMI COM ProgID cannot be instantiated
- Some WMI providers have a DCOM registration issue
- Some dynamic WMI classes have a registration issue
- Some WMI providers are registered in WMI but their registration lacks a CLSID
- Some WMI providers have a correct CIM/DCOM registration but the corresponding binary file cannot be found
- A new ACE or Trustee with a denied access has been modified to a default trustee of a DCOM or WMI security descriptor
- An invalid ACE has been found for an actual DCOM or WMI security descriptor
- WMI ADAP never ran on the examined system
- Some WMI non-critical ENUMERATION operations failed\skipped
- Some WMI non-critical EXECQUERY operations failed\skipped
- Some non-critical WMI GET VALUE operations failed
- Some WMI GET VALUE operations were skipped (because of an issue with the WMI provider)
- The WRITE operations in the WMI repository were not completed
- The information collection for the DCOM, WMI and WMIADAPTER event log entries was skipped
- New event log entries for DCOM, WMI and WMIADAPTER were created during the WMI Diagnosis Tool execution
- Some non-critical registry key configurations for DCOM and/or WMI were reported
3 = Command Line Parameter errors
4 = User Declined (Clicked the Cancel button when getting a consent prompt)
- WMIDiag is started on an unsupported build or OS version
- WMIDiag has no Administrative privileges
- WMIDiag is started in Wow environment (64-bit systems only)
When you run the WMI Diagnosis Tool via command line:
The generated report “%TEMP%\WMIDIAG-V2.1_WIN7_.CLI.SP1.64_MYPC_2012.02.02_12.53.07-REPORT.TXT“ contains two types of figures:
- WARNING – Information that is useful if certain actions are executed
- ERROR – Problems that need to be solved to avoid errors reported by WMI
WMI DIAG 2.1 FAQ:
The WMI Diagnosis Tool can be downloaded from the Microsoft Download Center at http://www.microsoft.com/download/en/details.aspx?id=7684. More information about the WMI Diagnosis Tool usage can be found in the document (WMIDiag.doc) which comes along with the download.
There is no official support for WMI Diagnosis Tool. However, feedback for the tool is welcome and can be sent to WMIDiag@microsoft.com.
The WMI Diagnosis Tool is not designed to diagnose remote computers. This is due to the fact that WMI remote access is mainly based on the WMI infrastructure. Because the aim of WMI Diagnosis Tool is to diagnose WMI, the WMI Diagnosis Tool does not use WMI to perform its core operations. That’s why the WMI Diagnosis Tool must be run locally. However, the WMI Diagnosis Tool can be deployed remotely using Group Policy, Systems Management Server (SMS), or Microsoft Operations Manager (MOM) via a Management Pack. With Windows Vista, the WMI Diagnosis Tool can also be remotely executed through WinRM/WinRS, provided you configure and enable these features (WinRM/WinRS are not enabled by default). Microsoft SysInternals tool PSEXEC.EXE can also be used.
No. The WMI Diagnosis Tool executes in read-only mode. Even though the WMI Diagnosis Tool diagnoses the situation and provides procedures to fix problems, at no time does the tool automatically fix a problem. This is by design, because the correct repair procedure depends on the context, the usage, and the list of applications installed on the computer.
I hope this new tool will help you identifying potential WMI issues in your environment. Don’t forget to read the support document (WMIDiag.doc) included in the WMIDIAG 2.1 download. Until my next post, take care!