Architecture, Best Practices and Troubleshooting Windows Management Instrumentation (WMI) for Windows XP and Windows Server 2003.

  • Article

Applies to:

Windows Server 2003 R2 Service Pack 2

Windows Server 2003 Service Pack 2

Windows XP Service Pack 3

 

Architecture

If you want to find out the ‘architecture’ of Windows Management Instrumentation (WMI), you want to read this MSDN article.  It will give you a nice perspective on how things move and work.

WMI Architecture
https://msdn.microsoft.com/en-us/library/aa394553.aspx

image

In this diagram above, we are able to see the “WMI Infrastructure” and “WMI providers” which are using the moving pieces that end-up getting corrupted.

Other related references:

Windows Management Instrumentation: A Simple, Powerful Tool for Scripting Windows Management.  (MSDN magazine)
https://msdn.microsoft.com/en-us/magazine/cc302338.aspx

and

WMI Architecture Basics
https://blogs.technet.com/b/askperf/archive/2007/06/12/wmi-architecture-basics.aspx

 

Best Practices

Before we talk about troubleshooting, let’s start out with the WMI best practices.

#1) Backup your WMI repository

image

Click on Start, Run

image

Type “wmimgmt.msc” without the quotation marks and press Enter.

image

Right click on “WMI Control (Local)”

Click on “Properties”

image

Select “Backup/Restore” tab

Click on “Back Up Now…”

image

image

A naming format that you might want to use is “WMI_Backup_MachineN_MM_DD_YEAR

Note:  Where MachineN = Machine Name

Where MM_DD_YEAR = Month, Date, and Year

Click on “Open”

image

So, where does it backup by default?

image

C:\windows\system32\wbem\repository

How to backup the WMI repository from a command prompt.

image

winmgmt /backup C:\windows\system32\wbem\repository\WMI_Backup_MachineN_MM_DD_YEAR.rec

To create an automated way of backing it up.

image

image

image

image

image

image

image

image

image

image

image

image

image

image

image

 

#2) The WMI service is a part of one of the bigger Service Host (SVCHOST.exe).  When you have problems, you will have to break it apart.  You might as well go ahead and do it ahead of time.

Click on Start

Click on Run

Type “CMD.exe” without the quotation marks and press Enter.

Type “RUNDLL32.EXE %Systemroot%\SYSTEM32\WBEM\WMISVC.DLL,MoveToAlone” without the quotation marks and press Enter.

Go to Services (services.msc) and restart WMI

Note:  I prefer it this way than the “net stop/net start” since it will stop and restart the dependent services.

#3) Install the WMI hotfixes that have released after Windows XP SP3, and Windows Server 2003 SP2:

List of WMI related hotfixes post Service Pack 2 for Windows Server 2003
https://blogs.technet.com/b/yongrhee/archive/2010/07/02/list-of-wmi-related-hotfixes-post-service-pack-2-for-windows-server-2003.aspx

#4) Increase the amount of Private bytes that WMI is able to use.

Memory and Handle Quotas in the WMI Provider Service
https://blogs.technet.com/b/askperf/archive/2008/09/16/memory-and-handle-quotas-in-the-wmi-provider-service.aspx

Note:  Yes, we increased it to 512 MB in Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Note 2:  If you have any software that uses WMI extensively such as SMS, SCCM/SCCM client, and SCOM/SCOM client.

#5) Prevent WMI repository (database) corruptions. (Optional)

You might want to disable the “Enable write caching on the device”.

If you have fast disks, such as Solid-State Drives (SSD’s) on your Windows XP or Windows Server 2003.

Note: Don’t do this on 4200 RPM, 5200 RPM, 5400 RPM, and 7200 RPM drives. Your system will come down to a crawl.

Note 2: On servers, this is less of an issue, since a lot of the servers, have a battery backed scsi controller. That is, if the administrators keep the replacing the battery on a timely manner. All it takes is 1 hard reset (hard reboot by pressing the power button or if the server hangs) and you have the chance of corrupting the WMI repository (database).

image

 

Troubleshooting

Step 1.  Check the “Best practices” section above.

For example, restore your WMI repository from a backup.

Step 2.  Run the  WMI Diagnostic tool:

WMIDiag 2.1 for Windows 7 and Windows Server 2008 R2.
https://blogs.technet.com/b/yongrhee/archive/2012/02/02/wmidiag-2-1-for-windows-7-and-windows-server-2008-r2.aspx

Note:  It works fine in Windows XP and Windows Server 2003.

Step 3. Enable WMI verbose logging per:

Logging Activities for WMI Core Components Before Windows Vista
https://msdn.microsoft.com/en-us/library/windows/desktop/aa392285(v=vs.85).aspx

and if troubleshooting WMI providers:

Logging Activities for WMI Provider Components Before Windows Vista
https://msdn.microsoft.com/en-us/library/windows/desktop/aa392285(v=vs.85).aspx

Step 4.  Check the DCOM permissions per

WMI Troubleshooting
https://msdn.microsoft.com/en-us/library/windows/desktop/aa394603(v=vs.85).aspx

Step 5.  Check for file corruptions

Start, Run

Type “SFC /SCANNOW” without the quotation marks, and then press Enter.

Step 6.  Go thru the “WMI Service Log Files”

Wbemcore.log
Wbemess.log
Mofcomp.log
Wmiadap.log
Wbemprox.log
Framework.log
Winmgmt.log

https://msdn.microsoft.com/en-us/library/windows/desktop/aa827355(v=vs.85).aspx

Step 7.  Go thru the “WMI Provider Log Files”

Wmiprov.log
Ntevt.log
Dsprovider.log

https://msdn.microsoft.com/en-us/library/windows/desktop/aa827354(v=vs.85).aspx

Step 8. If the issue is with a particular WMI provider, then you could try narrowing down the problem by going thru:

Splitting up WMI Providers for Troubleshooting
https://blogs.technet.com/b/askperf/archive/2009/05/29/splitting-up-wmi-providers-for-troubleshooting.aspx

Step 9.  Fix the corrupt WMI repository (database)

Note:  Never, ever delete the WMI repository.

================ Start of WMI_Repository_Rebuild.cmd================

sc config winmgmt start= disabled

net stop winmgmt /y

if exist "%windir%\system32\wbem\repository.old" rmdir /s/q "%windir%\system32\wbem\repository.old"
rename "%windir%\system32\wbem\repository" "%windir%\system32\wbem\repository.old"
for /f %s in ('dir /b /s %windir%\system32\wbem\*.dll') do regsvr32 /s %s
wmiprvse /regserver
winmgmt /regserver

sc config winmgmt start= auto

net start winmgmt /y

================ End of WMI_Repository_Rebuild.cmd================

If the system in question hosts Exchange you should run the following additional CMD file after the WMI service is back up.
MOFCOMP %windir%\system32\wbem\exwmi.mof
MOFCOMP -n:root\cimv2\applications\exchange %windir%\system32\wbem\wbemcons.mof
MOFCOMP -n:root\cimv2\applications\exchange %windir%\system32\wbem\smtpcons.mof
MOFCOMP %windir%\system32\wbem\exmgmt.mof