WMIDiag 2.2 is here!

Hello AskPerf blog readers! Jeff here from the Windows Performance Team once again. I am happy to announce that the new version of WMIDIAG is finally here. It’s now compatible for Windows 8/8.1 as well as Sever 2012/2012R2. Some of you may have been aware that the previous version used to also show a lot of errors and that majority of them were erroneous or false positives simply due to wmi class name changes between OS versions. That has been all cleaned up and all errors have been corrected. When you run the new version it should look a lot cleaner and what errors you do see should be accurate and deserving of attention.

The WMI Diagnosis Tool is a VBScript based-tool for testing, validating, and analyzing WMI installation/issues. The tool collects data from WMI installations on all Microsoft Operating Systems at any or no service pack level.

WMI Diagnostics 2.2 requires you to have Local Administrator rights as well as Windows Script Host (WSH) enabled.

To download this tool, please click here.

After you download WMIDiag.exe, run it and extract the files to a local folder. If you double-click WMIDiag.vbs, the following message will appear:

image

If you want to see its activity, then you would run “cscript WMIDiag.vbs” from the command prompt, or you can change the default script host to the command line by running “cscript //H:CScript”.

Note: By default WMIDiag does not check repository consistency and you would need to run manually from command prompt using “cscript WMIDiag.vbs checkconsistency

WMIDIAG can be run from Windows Explorer, or from the command line. Each time it runs, the WMI Diagnosis Tool creates the following three files in the %TEMP% directory:

  • .LOG file containing all the WMI Diagnosis Tool activity as well as a WMI report at the end
  • .TXT file containing the WMI Diagnosis Tool report
  • .CSV file containing statistics that can be used to measure trends and issues

When the WMI Diagnosis Tool terminates, the ERRORLEVEL environment variable is set to one of the following values:

0 = SUCCESS

  • WSH has a script execution timeout setup (in machine or system environment)
  • Machine reports suspicious improper shutdowns
  • User Account Control (UAC) status is reported (Vista and above)
  • Local account token filter policy is reported (Vista and above)
  • Unexpected binaries in the WBEM folder
  • The Windows Firewall is enabled
  • Some WMI service installed in the machine are dependent on the WMI service (i.e. "SMS Agent)
  • WMI ADAP has a status different than 'running'
  • Some WMI namespaces require a packet privacy encryption for a successful connection
  • Some WMI permanent subscriptions or timer instructions are configured
  • Some information about registry key configurations for DCOM and/or WMI was reported

1 = ERROR

  • System32 or WBEM folders are not in the PATH
  • WMI system file(s)\ repository is/are missing
  • WMI repository is inconsistent (XP SP2, 2003 SP1 and above)
  • DCOM is disabled
  • WMI service is disabled
  • The RPCSS and/or the WMI service(s) cannot be started
  • WMI DCOM setup issues
  • Expected default trustee or ACE has been removed from a DCOM or WMI security descriptor
  • The ADAP status is not available
  • One or more WMI connections failed
  • Some GET operations\WMI class MOF representations\WMI qualifier retrieval operations failed
  • Some critical WMI ENUMERATION operations\WMI EXECQUERY\WMI GET operations failed
  • Some WRITE operations in the WMI repository\PUT\DELETE operations failed
  • One of the queries of the event log entries for DCOM, WMI and WMIADAPTER failed
  • Some critical registry key configurations for DCOM and/or WMI were reported

2 = WARNING

  • System32 or WBEM folders are further in the PATH string than the maximum system length
  • System drive and/or Drive type reporting are skipped
  • DCOM has an incorrect default authentication level (other than 'Connect')
  • DCOM has an incorrect default impersonation level (other than 'Identify')
  • WMI service has an invalid host setup
  • WMI service (SCM configuration) has an invalid registry configuration
  • Some WMI components have a DCOM registration issue
  • WMI COM ProgID cannot be instantiated
  • Some WMI providers have a DCOM registration issue
  • Some dynamic WMI classes have a registration issue
  • Some WMI providers are registered in WMI but their registration lacks a CLSID
  • Some WMI providers have a correct CIM/DCOM registration but the corresponding binary file cannot be found
  • A new ACE or Trustee with a denied access has been modified to a default trustee of a DCOM or WMI security descriptor
  • An invalid ACE has been found for an actual DCOM or WMI security descriptor
  • WMI ADAP never ran on the examined system
  • Some WMI non-critical ENUMERATION operations failed\skipped
  • Some WMI non-critical EXECQUERY operations failed\skipped
  • Some non-critical WMI GET VALUE operations failed
  • Some WMI GET VALUE operations were skipped (because of an issue with the WMI provider)
  • The WRITE operations in the WMI repository were not completed
  • The information collection for the DCOM, WMI and WMIADAPTER event log entries was skipped
  • New event log entries for DCOM, WMI and WMIADAPTER were created during the WMI Diagnosis Tool execution
  • Some non-critical registry key configurations for DCOM and/or WMI were reported

3 = Command Line Parameter errors

4 = User Declined (Clicked the Cancel button when getting a consent prompt)

  • WMIDiag is started on an unsupported build or OS version
  • WMIDiag has no Administrative privileges
  • WMIDiag is started in Wow environment (64-bit systems only)

When you run the WMI Diagnosis Tool via command line:

C:\>CSCRIPT WMIDiag.vbs

image

The generated report “ %TEMP%\WMIDIAG-V2.2_WIN8.1_CLI.RTM.64_MYPC_2015.05.11_15.02.30-REPORT.TXT“ contains two types of figures:

  • WARNING - Information that is useful if certain actions are executed
  • ERROR - Problems that need to be solved to avoid errors reported by WMI

WMI DIAG 2.2 FAQ:

1. Where can I get the WMI Diagnosis Tool?

The WMI Diagnosis Tool can be downloaded from the Microsoft Download Center at https://www.microsoft.com/en-us/download/details.aspx?id=7684. More information about the WMI Diagnosis Tool usage can be found in the document (WMIDiag.doc) which comes along with the download.

2. Is the tool supported?

There is no official support for WMI Diagnosis Tool.

3. Can the WMI Diagnosis Tool diagnose a remote computer?

The WMI Diagnosis Tool is not designed to diagnose remote computers. This is due to the fact that WMI remote access is mainly based on the WMI infrastructure. Because the aim of WMI Diagnosis Tool is to diagnose WMI, the WMI Diagnosis Tool does not use WMI to perform its core operations. That’s why the WMI Diagnosis Tool must be run locally. However, the WMI Diagnosis Tool can be deployed remotely using Group Policy, Systems Management Server (SMS), or Microsoft Operations Manager (MOM) via a Management Pack. With Windows Vista, the WMI Diagnosis Tool can also be remotely executed through WinRM/WinRS, provided you configure and enable these features (WinRM/WinRS are not enabled by default). Microsoft SysInternals tool PSEXEC.EXE on Technet can also be used.

4. Does the WMI Diagnosis Tool fix problems it discovers?

No. The WMI Diagnosis Tool executes in read-only mode. Even though the WMI Diagnosis Tool diagnoses the situation and provides procedures to fix problems, at no time does the tool automatically fix a problem. This is by design, because the correct repair procedure depends on the context, the usage, and the list of applications installed on the computer.

I hope this new tool will help you identifying potential WMI issues in your environment. Don’t forget to read the support document (WMIDiag.doc) included in the WMIDIAG 2.2 download.

-Jeff