WMIDiag Errors

Hi,

I'm trying to resolve a "Generic Host Process for Win32 services" error
(caused by running a software that uses WMI [Spiceworks]). I tried checking
the status of my WMI by running wmidiag.vbs and it generated some errors
which I am also trying to resolve.

The first warnings were about Dlls not being registered. After registering
them through regsvr32 and seeing the registration successful prompt, I
thought this part of the problem was solved. But running the wmidiag.vbs
gave me the same results/warnings/errors.

The rest of the errors (with regards to security), I have not touched on yet
since I do not know how.

Can someone assist me on the wmi error/warning resolution? My thanks in
advance!

Here's my complete wmidiag log:

===================================

20878 16:05:18 (0) **
----------------------------------------------------------------------------------------------------------------------------------
20879 16:05:18 (0) ** -----------------------------------------------------
WMI REPORT: BEGIN ----------------------------------------------------------
20880 16:05:18 (0) **
----------------------------------------------------------------------------------------------------------------------------------
20881 16:05:18 (0) **
20882 16:05:18 (0) **
----------------------------------------------------------------------------------------------------------------------------------
20883 16:05:18 (0) ** Windows XP - No service pack - 32-bit (2600) - User
'INFOTECH-MY\CARLITO.PANIS' on computer 'KLADMLT001'.
20884 16:05:18 (0) **
----------------------------------------------------------------------------------------------------------------------------------
20885 16:05:18 (0) ** Environment:
.................................................. .................................................. ..... OK..
20886 16:05:18 (0) ** System drive:
.................................................. .................................................. .... C: (Disk #0 Partition #0).
20887 16:05:18 (0) ** Drive type:
.................................................. .................................................. ...... IDE (SAMSUNG HM160JI).
20888 16:05:18 (0) ** There are no missing WMI system files:
.................................................. ............................. OK.
20889 16:05:18 (0) ** There are no missing WMI repository files:
.................................................. ......................... OK.
20890 16:05:18 (0) ** WMI repository state:
.................................................. .............................................. N/A.
20891 16:05:18 (0) ** BEFORE running WMIDiag:
20892 16:05:18 (0) ** The WMI repository has a size of:
.................................................. .................................. 22 MB.
20893 16:05:18 (0) ** - Disk free space on 'C:':
.................................................. ......................................... 11073 MB.
20894 16:05:18 (0) ** - INDEX.BTR, 1540096 bytes,
5/29/2008 4:02:17 PM
20895 16:05:18 (0) ** - INDEX.MAP, 792 bytes,
5/29/2008 4:02:17 PM
20896 16:05:18 (0) ** - OBJECTS.DATA, 21037056 bytes,
5/29/2008 4:02:17 PM
20897 16:05:18 (0) ** - OBJECTS.MAP, 10296 bytes,
5/29/2008 4:02:17 PM
20898 16:05:18 (0) ** AFTER running WMIDiag:
20899 16:05:18 (0) ** The WMI repository has a size of:
.................................................. .................................. 22 MB.
20900 16:05:18 (0) ** - Disk free space on 'C:':
.................................................. ......................................... 11071 MB.
20901 16:05:18 (0) ** - INDEX.BTR, 1540096 bytes,
5/29/2008 4:05:17 PM
20902 16:05:18 (0) ** - INDEX.MAP, 792 bytes,
5/29/2008 4:05:17 PM
20903 16:05:18 (0) ** - OBJECTS.DATA, 21037056 bytes,
5/29/2008 4:05:17 PM
20904 16:05:18 (0) ** - OBJECTS.MAP, 10296 bytes,
5/29/2008 4:05:17 PM
20905 16:05:18 (0) **
----------------------------------------------------------------------------------------------------------------------------------
20906 16:05:18 (0) ** Windows Firewall:
.................................................. .................................................. NOT INSTALLED.
20907 16:05:18 (0) **
----------------------------------------------------------------------------------------------------------------------------------
20908 16:05:18 (0) ** DCOM Status:
.................................................. .................................................. ..... OK.
20909 16:05:18 (0) ** WMI registry setup:
.................................................. ................................................ OK.
20910 16:05:18 (0) ** WMI Service has no dependents:
.................................................. ..................................... OK.
20911 16:05:18 (0) ** RPCSS service:
.................................................. .................................................. ... OK (Already started).
20912 16:05:18 (0) ** WINMGMT service:
.................................................. .................................................. . OK (Already started).
20913 16:05:18 (0) **
----------------------------------------------------------------------------------------------------------------------------------
20914 16:05:18 (0) ** WMI service DCOM setup:
.................................................. ............................................ OK.
20915 16:05:18 (2) !! WARNING: WMI DCOM components registration is missing
for the following EXE/DLLs: .................................... 6 WARNING(S)!
20916 16:05:18 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL
(\CLSID\{7A0227F6-7108-11D1-AD90-00C04FD8FDFF}\InProcServer32)
20917 16:05:18 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL
(\CLSID\{D71EE747-F455-4804-9DF6-2ED81025F2C1}\InProcServer32)
20918 16:05:18 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL
(\CLSID\{ED51D12E-511F-4999-8DCD-C2BAC91BE86E}\InProcServer32)
20919 16:05:18 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL
(\CLSID\{4C6055D8-84B9-4111-A7D3-6623894EEDB3}\InProcServer32)
20920 16:05:18 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL
(\CLSID\{A1044801-8F7E-11D1-9E7C-00C04FC324A8}\InProcServer32)
20921 16:05:18 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL
(\CLSID\{F7CE2E13-8C90-11D1-9E7B-00C04FC324A8}\InProcServer32)
20922 16:05:18 (0) ** => WMI System components are not properly registered
as COM objects, which could make WMI to
20923 16:05:18 (0) ** fail depending on the operation requested.
20924 16:05:18 (0) ** => For a .DLL, you can correct the DCOM configuration
by executing the 'REGSVR32.EXE <Filename.DLL>' command.
20925 16:05:18 (0) **
20926 16:05:18 (0) ** WMI ProgID registrations:
.................................................. .......................................... OK.
20927 16:05:18 (2) !! WARNING: WMI provider DCOM registrations missing for
the following provider(s): ..................................... 1 WARNING(S)!
20928 16:05:18 (0) ** - ROOT/MSAPPS12, OffProv12
({DBF82DC7-E750-4CCF-B09C-D8AECEF7158E}) (i.e. WMI Class
'Win32_ExcelComAddins')
20929 16:05:18 (0) ** Provider DLL: 'WMI information not available (This
could be the case for an external application or a third party WMI provider)'
20930 16:05:18 (0) ** => This is an issue because there are still some WMI
classes referencing this list of providers
20931 16:05:18 (0) ** while the DCOM registration is wrong or missing.
This can be due to:
20932 16:05:18 (0) ** - a de-installation of the software.
20933 16:05:18 (0) ** - a deletion of some registry key data.
20934 16:05:18 (0) ** - a registry corruption.
20935 16:05:18 (0) ** => You can correct the DCOM configuration by:
20936 16:05:18 (0) ** - Executing the 'REGSVR32.EXE <Provider.DLL>'
command.
20937 16:05:18 (0) ** Note: You can build a list of classes in relation
with their WMI provider and MOF file with WMIDiag.
20938 16:05:18 (0) ** (This list can be built on a similar and
working WMI Windows installation)
20939 16:05:18 (0) ** The following command line must be used:
20940 16:05:18 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider'
20941 16:05:18 (2) !! WARNING: Re-registering with REGSVR32.EXE all DLL from
'C:\WINDOWS\SYSTEM32\WBEM\'
20942 16:05:18 (0) ** may not solve the problem as the DLL
supporting the WMI class(es)
20943 16:05:18 (0) ** can be located in a different folder.
20944 16:05:18 (0) ** You must refer to the class name to determine
the software delivering the related DLL.
20945 16:05:18 (0) ** => If the software has been de-installed
intentionally, then this information must be
20946 16:05:18 (0) ** removed from the WMI repository. You can use the
'WMIC.EXE' command to remove
20947 16:05:18 (0) ** the provider registration data.
20948 16:05:18 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT\MSAPPS12 path
__Win32Provider Where Name='OffProv12' DELETE'
20949 16:05:18 (0) ** => If the namespace was ENTIRELY dedicated to the
intentionally de-installed software,
20950 16:05:18 (0) ** the namespace and ALL its content can be ENTIRELY
deleted.
20951 16:05:18 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT path __NAMESPACE
Where Name='MSAPPS12' DELETE'
20952 16:05:18 (0) ** - Re-installing the software.
20953 16:05:18 (0) **
20954 16:05:18 (0) ** WMI provider CIM registrations:
.................................................. .................................... OK.
20955 16:05:18 (0) ** WMI provider CLSIDs:
.................................................. ............................................... OK.
20956 16:05:18 (0) ** WMI providers EXE/DLL availability:
.................................................. ................................ OK.
20957 16:05:18 (0) **
----------------------------------------------------------------------------------------------------------------------------------
20958 16:05:18 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment'
(Launch & Activation Permissions): ........................... MODIFIED.
20959 16:05:18 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has
been REMOVED!
20960 16:05:18 (0) ** - REMOVED ACE:
20961 16:05:18 (0) ** ACEType: &h0
20962 16:05:18 (0) ** ACCESS_ALLOWED_ACE_TYPE
20963 16:05:18 (0) ** ACEFlags: &h0
20964 16:05:18 (0) ** ACEMask: &h1
20965 16:05:18 (0) ** DCOM_RIGHT_EXECUTE
20966 16:05:18 (0) **
20967 16:05:18 (0) ** => The REMOVED ACE was part of the DEFAULT setup for
the trustee.
20968 16:05:18 (0) ** Removing default security will cause some
operations to fail!
20969 16:05:18 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the ACE.
20970 16:05:18 (0) ** For DCOM objects, this can be done with
'DCOMCNFG.EXE'.
20971 16:05:18 (0) **
20972 16:05:18 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment'
(Launch & Activation Permissions): ........................... MODIFIED.
20973 16:05:18 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has
been REMOVED!
20974 16:05:18 (0) ** - REMOVED ACE:
20975 16:05:18 (0) ** ACEType: &h0
20976 16:05:18 (0) ** ACCESS_ALLOWED_ACE_TYPE
20977 16:05:18 (0) ** ACEFlags: &h0
20978 16:05:18 (0) ** ACEMask: &h1
20979 16:05:18 (0) ** DCOM_RIGHT_EXECUTE
20980 16:05:18 (0) **
20981 16:05:18 (0) ** => The REMOVED ACE was part of the DEFAULT setup for
the trustee.
20982 16:05:18 (0) ** Removing default security will cause some
operations to fail!
20983 16:05:18 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the ACE.
20984 16:05:18 (0) ** For DCOM objects, this can be done with
'DCOMCNFG.EXE'.
20985 16:05:18 (0) **
20986 16:05:18 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment'
(Launch & Activation Permissions): ........................... MODIFIED.
20987 16:05:18 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been
REMOVED!
20988 16:05:18 (0) ** - REMOVED ACE:
20989 16:05:18 (0) ** ACEType: &h0
20990 16:05:18 (0) ** ACCESS_ALLOWED_ACE_TYPE
20991 16:05:18 (0) ** ACEFlags: &h0
20992 16:05:18 (0) ** ACEMask: &h1
20993 16:05:18 (0) ** DCOM_RIGHT_EXECUTE
20994 16:05:18 (0) **
20995 16:05:18 (0) ** => The REMOVED ACE was part of the DEFAULT setup for
the trustee.
20996 16:05:18 (0) ** Removing default security will cause some
operations to fail!
20997 16:05:18 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the ACE.
20998 16:05:18 (0) ** For DCOM objects, this can be done with
'DCOMCNFG.EXE'.
20999 16:05:18 (0) **
21000 16:05:18 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL':
.................................................. ....................
MODIFIED.
21001 16:05:18 (1) !! ERROR: Actual trustee 'NT AUTHORITY\NETWORK SERVICE'
DOES NOT match corresponding expected trustee rights (Actual->Default)
21002 16:05:18 (0) ** - ACTUAL ACE:
21003 16:05:18 (0) ** ACEType: &h0
21004 16:05:18 (0) ** ACCESS_ALLOWED_ACE_TYPE
21005 16:05:18 (0) ** ACEFlags: &h2
21006 16:05:18 (0) ** CONTAINER_INHERIT_ACE
21007 16:05:18 (0) ** ACEMask: &h1
21008 16:05:18 (0) ** WBEM_ENABLE
21009 16:05:18 (0) ** - EXPECTED ACE:
21010 16:05:18 (0) ** ACEType: &h0
21011 16:05:18 (0) ** ACCESS_ALLOWED_ACE_TYPE
21012 16:05:18 (0) ** ACEFlags: &h12
21013 16:05:18 (0) ** CONTAINER_INHERIT_ACE
21014 16:05:18 (0) ** INHERITED_ACE
21015 16:05:18 (0) ** ACEMask: &h13
21016 16:05:18 (0) ** WBEM_ENABLE
21017 16:05:18 (0) ** WBEM_METHOD_EXECUTE
21018 16:05:18 (0) ** WBEM_WRITE_PROVIDER
21019 16:05:18 (0) **
21020 16:05:18 (0) ** => The actual ACE has the right(s) '&h12
WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
21021 16:05:18 (0) ** This will cause some operations to fail!
21022 16:05:18 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the removed right.
21023 16:05:18 (0) ** For WMI namespaces, this can be done with
'WMIMGMT.MSC'.
21024 16:05:18 (0) ** Note: WMIDiag has no specific knowledge of this WMI
namespace.
21025 16:05:18 (0) ** The security diagnostic is based on the WMI
namespace expected defaults.
21026 16:05:18 (0) ** A specific WMI application can always require a
security setup different
21027 16:05:18 (0) ** than the WMI security defaults.
21028 16:05:18 (0) **
21029 16:05:18 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL':
.................................................. ....................
MODIFIED.
21030 16:05:18 (1) !! ERROR: Actual trustee 'NT AUTHORITY\LOCAL SERVICE'
DOES NOT match corresponding expected trustee rights (Actual->Default)
21031 16:05:18 (0) ** - ACTUAL ACE:
21032 16:05:18 (0) ** ACEType: &h0
21033 16:05:18 (0) ** ACCESS_ALLOWED_ACE_TYPE
21034 16:05:18 (0) ** ACEFlags: &h2
21035 16:05:18 (0) ** CONTAINER_INHERIT_ACE
21036 16:05:18 (0) ** ACEMask: &h1
21037 16:05:18 (0) ** WBEM_ENABLE
21038 16:05:18 (0) ** - EXPECTED ACE:
21039 16:05:18 (0) ** ACEType: &h0
21040 16:05:18 (0) ** ACCESS_ALLOWED_ACE_TYPE
21041 16:05:18 (0) ** ACEFlags: &h12
21042 16:05:18 (0) ** CONTAINER_INHERIT_ACE
21043 16:05:18 (0) ** INHERITED_ACE
21044 16:05:18 (0) ** ACEMask: &h13
21045 16:05:18 (0) ** WBEM_ENABLE
21046 16:05:18 (0) ** WBEM_METHOD_EXECUTE
21047 16:05:18 (0) ** WBEM_WRITE_PROVIDER
21048 16:05:18 (0) **
21049 16:05:18 (0) ** => The actual ACE has the right(s) '&h12
WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
21050 16:05:18 (0) ** This will cause some operations to fail!
21051 16:05:18 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the removed right.
21052 16:05:18 (0) ** For WMI namespaces, this can be done with
'WMIMGMT.MSC'.
21053 16:05:18 (0) ** Note: WMIDiag has no specific knowledge of this WMI
namespace.
21054 16:05:18 (0) ** The security diagnostic is based on the WMI
namespace expected defaults.
21055 16:05:18 (0) ** A specific WMI application can always require a
security setup different
21056 16:05:18 (0) ** than the WMI security defaults.
21057 16:05:18 (0) **
21058 16:05:18 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL':
.................................................. ....................
MODIFIED.
21059 16:05:18 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED!
21060 16:05:18 (0) ** - REMOVED ACE:
21061 16:05:18 (0) ** ACEType: &h0
21062 16:05:18 (0) ** ACCESS_ALLOWED_ACE_TYPE
21063 16:05:18 (0) ** ACEFlags: &h12
21064 16:05:18 (0) ** CONTAINER_INHERIT_ACE
21065 16:05:18 (0) ** INHERITED_ACE
21066 16:05:18 (0) ** ACEMask: &h13
21067 16:05:18 (0) ** WBEM_ENABLE
21068 16:05:18 (0) ** WBEM_METHOD_EXECUTE
21069 16:05:18 (0) ** WBEM_WRITE_PROVIDER
21070 16:05:18 (0) **
21071 16:05:18 (0) ** => The REMOVED ACE was part of the DEFAULT setup for
the trustee.
21072 16:05:18 (0) ** Removing default security will cause some
operations to fail!
21073 16:05:18 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the ACE.
21074 16:05:18 (0) ** For WMI namespaces, this can be done with
'WMIMGMT.MSC'.
21075 16:05:18 (0) ** Note: WMIDiag has no specific knowledge of this WMI
namespace.
21076 16:05:18 (0) ** The security diagnostic is based on the WMI
namespace expected defaults.
21077 16:05:18 (0) ** A specific WMI application can always require a
security setup different
21078 16:05:18 (0) ** than the WMI security defaults.
21079 16:05:18 (0) **
21080 16:05:18 (0) **
21081 16:05:18 (0) ** DCOM security warning(s) detected:
.................................................. ................................. 0.
21082 16:05:18 (0) ** DCOM security error(s) detected:
.................................................. ................................... 3.
21083 16:05:18 (0) ** WMI security warning(s) detected:
.................................................. .................................. 0.
21084 16:05:18 (0) ** WMI security error(s) detected:
.................................................. .................................... 3.
21085 16:05:18 (0) **
21086 16:05:18 (1) !! ERROR: Overall DCOM security status:
.................................................. ............................... ERROR!
21087 16:05:18 (1) !! ERROR: Overall WMI security status:
.................................................. ................................ ERROR!
21088 16:05:18 (0) ** - Started at 'Root'
--------------------------------------------------------------------------------------------------------------
21089 16:05:18 (0) ** INFO: WMI permanent SUBSCRIPTION(S):
.................................................. ............................... 2.
21090 16:05:18 (0) ** - ROOT/SUBSCRIPTION,
MSFT_UCScenarioControl.Name="Microsoft WMI Updating Consumer Scenario
Control".
21091 16:05:18 (0) ** 'SELECT * FROM __InstanceOperationEvent WHERE
TargetInstance ISA 'MSFT_UCScenario''
21092 16:05:18 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM
Event Log Consumer".
21093 16:05:18 (0) ** 'select * from MSFT_SCMEventLogEvent'
21094 16:05:18 (0) **
21095 16:05:18 (0) ** WMI TIMER instruction(s):
.................................................. .......................................... NONE.
21096 16:05:18 (0) ** WMI ADAP status:
.................................................. .................................................. . OK.
21097 16:05:18 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY:
.................................................. ................... 1
NAMESPACE(S)!
21098 16:05:18 (0) ** - ROOT/SERVICEMODEL.
21099 16:05:18 (0) ** => When remotely connecting, the namespace(s) listed
require(s) the WMI client to
21100 16:05:18 (0) ** use an encrypted connection by specifying the
PACKET PRIVACY authentication level.
21101 16:05:18 (0) ** (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags)
21102 16:05:18 (0) ** i.e. 'WMIC.EXE /NODE:"KLADMLT001"
/AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class __SystemSecurity'
21103 16:05:18 (0) **
21104 16:05:18 (0) ** WMI MONIKER CONNECTIONS:
.................................................. ........................................... OK.
21105 16:05:18 (0) ** WMI CONNECTIONS:
.................................................. .................................................. . OK.
21106 16:05:18 (0) ** WMI GET operations:
.................................................. ................................................ OK.
21107 16:05:18 (0) ** WMI MOF representations:
.................................................. ........................................... OK.
21108 16:05:18 (0) ** WMI QUALIFIER access operations:
.................................................. ................................... OK.
21109 16:05:18 (0) ** WMI ENUMERATION operations:
.................................................. ........................................ OK.
21110 16:05:18 (0) ** WMI EXECQUERY operations:
.................................................. .......................................... OK.
21111 16:05:18 (0) ** WMI GET VALUE operations:
.................................................. .......................................... OK.
21112 16:05:18 (0) ** WMI WRITE operations:
.................................................. .............................................. NOT TESTED.
21113 16:05:18 (0) ** WMI PUT operations:
.................................................. ................................................ NOT TESTED.
21114 16:05:18 (0) ** WMI DELETE operations:
.................................................. ............................................. NOT TESTED.
21115 16:05:18 (0) ** WMI static instances retrieved:
.................................................. .................................... 974.
21116 16:05:18 (0) ** WMI dynamic instances retrieved:
.................................................. ................................... 0.
21117 16:05:18 (0) ** WMI instance request cancellations (to limit
performance impact): .................................................. . 0.
21118 16:05:18 (0) **
----------------------------------------------------------------------------------------------------------------------------------
21119 16:05:18 (0) ** # of Event Log events BEFORE WMIDiag execution since
the last 20 day(s):
21120 16:05:18 (0) ** DCOM:
.................................................. .................................................. .......... 8.
21121 16:05:18 (0) ** WINMGMT:
.................................................. .................................................. ....... 33.
21122 16:05:18 (0) ** WMIADAPTER:
.................................................. .................................................. .... 0.
21123 16:05:18 (0) ** => Verify the WMIDiag LOG at line #20193 for more
details.
21124 16:05:18 (0) **
21125 16:05:18 (0) ** # of additional Event Log events AFTER WMIDiag
execution:
21126 16:05:18 (0) ** DCOM:
.................................................. .................................................. .......... 1.
21127 16:05:18 (0) ** WINMGMT:
.................................................. .................................................. ....... 0.
21128 16:05:18 (0) ** WMIADAPTER:
.................................................. .................................................. .... 0.
21129 16:05:18 (2) !! WARNING: => Verify the WMIDiag LOG at line #20427 for
more details.
21130 16:05:18 (0) **
----------------------------------------------------------------------------------------------------------------------------------
21131 16:05:18 (0) ** WMI Registry key setup:
.................................................. ............................................ OK.
21132 16:05:18 (0) **
----------------------------------------------------------------------------------------------------------------------------------
21133 16:05:18 (0) **
----------------------------------------------------------------------------------------------------------------------------------
21134 16:05:18 (0) **
----------------------------------------------------------------------------------------------------------------------------------
21135 16:05:18 (0) **
----------------------------------------------------------------------------------------------------------------------------------
21136 16:05:18 (0) **
21137 16:05:18 (0) **
----------------------------------------------------------------------------------------------------------------------------------
21138 16:05:18 (0) ** ------------------------------------------------------
WMI REPORT: END -----------------------------------------------------------
21139 16:05:18 (0) **
----------------------------------------------------------------------------------------------------------------------------------
21140 16:05:18 (0) **
21141 16:05:18 (0) ** ERROR: WMIDiag detected issues that could prevent WMI
to work properly!. Check 'C:\DOCUMENTS AND SETTINGS\CARLITO.PANIS\LOCAL
SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.RTM.32_KLADMLT001_2008.05.29_16.02. 21.LOG' for details.
21142 16:05:18 (0) **
21143 16:05:18 (0) ** WMIDiag v2.0 ended on Thursday, May 29, 2008 at 16:05
(W:67 E:142 S:1).

===================================

--
Warm regards,
Carlito

Just an update...

I managed to solve the WMI Namespace Security warnings. But the DCOM
Security warnings remain. Reason is, I cannot find the "Microsoft WBEM
UnSecured Apartment" in the DCOM Config folder (dcomcnfg.exe). Does somebody
know why it's missing? Or can anyone tell me how to have it reinstalled?

Also, the DCOM Component registration warnings (below) are still there. I
tried to unregister and re-register the DLLs in question (fastprox.dll and
wbemprox.dll) as instructed but running the wmidiag.vbs utility still gives
the same warnings.

==============
18582 14:28:27 (2) !! WARNING: WMI DCOM components registration is missing
for the following EXE/DLLs: .................................... 6 WARNING(S)!
18583 14:28:27 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL
(\CLSID\{7A0227F6-7108-11D1-AD90-00C04FD8FDFF}\InProcServer32)
18584 14:28:27 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL
(\CLSID\{D71EE747-F455-4804-9DF6-2ED81025F2C1}\InProcServer32)
18585 14:28:27 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL
(\CLSID\{ED51D12E-511F-4999-8DCD-C2BAC91BE86E}\InProcServer32)
18586 14:28:27 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL
(\CLSID\{4C6055D8-84B9-4111-A7D3-6623894EEDB3}\InProcServer32)
18587 14:28:27 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL
(\CLSID\{A1044801-8F7E-11D1-9E7C-00C04FC324A8}\InProcServer32)
18588 14:28:27 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL
(\CLSID\{F7CE2E13-8C90-11D1-9E7B-00C04FC324A8}\InProcServer32)
18589 14:28:27 (0) ** => WMI System components are not properly registered
as COM objects, which could make WMI to
18590 14:28:27 (0) ** fail depending on the operation requested.
18591 14:28:27 (0) ** => For a .DLL, you can correct the DCOM configuration
by executing the 'REGSVR32.EXE <Filename.DLL>' command.
==============

I saw a similar problem in this post,
http://www.windowsbbs.com/showthread.php?t=71007&page=9, but the thread
trailed-off so I'm still left with an unsolved problem.

Anyone?

--
Warm regards,
Carlito


"cqpanis3" wrote:

> Hi,
>
> I'm trying to resolve a "Generic Host Process for Win32 services" error
> (caused by running a software that uses WMI [Spiceworks]). I tried checking
> the status of my WMI by running wmidiag.vbs and it generated some errors
> which I am also trying to resolve.
>
> The first warnings were about Dlls not being registered. After registering
> them through regsvr32 and seeing the registration successful prompt, I
> thought this part of the problem was solved. But running the wmidiag.vbs
> gave me the same results/warnings/errors.
>
> The rest of the errors (with regards to security), I have not touched on yet
> since I do not know how.
>
> Can someone assist me on the wmi error/warning resolution? My thanks in
> advance!
>
> Here's my complete wmidiag log:
>
> ===================================
>
> 20878 16:05:18 (0) **
> ----------------------------------------------------------------------------------------------------------------------------------
> 20879 16:05:18 (0) ** -----------------------------------------------------
> WMI REPORT: BEGIN ----------------------------------------------------------
> 20880 16:05:18 (0) **
> ----------------------------------------------------------------------------------------------------------------------------------
> 20881 16:05:18 (0) **
> 20882 16:05:18 (0) **
> ----------------------------------------------------------------------------------------------------------------------------------
> 20883 16:05:18 (0) ** Windows XP - No service pack - 32-bit (2600) - User
> 'INFOTECH-MY\CARLITO.PANIS' on computer 'KLADMLT001'.
> 20884 16:05:18 (0) **
> ----------------------------------------------------------------------------------------------------------------------------------
> 20885 16:05:18 (0) ** Environment:
> .................................................. .................................................. .... OK..
> 20886 16:05:18 (0) ** System drive:
> .................................................. .................................................. ... C: (Disk #0 Partition #0).
> 20887 16:05:18 (0) ** Drive type:
> .................................................. .................................................. ..... IDE (SAMSUNG HM160JI).
> 20888 16:05:18 (0) ** There are no missing WMI system files:
> .................................................. ............................ OK.
> 20889 16:05:18 (0) ** There are no missing WMI repository files:
> .................................................. ........................ OK.
> 20890 16:05:18 (0) ** WMI repository state:
> .................................................. ............................................. N/A.
> 20891 16:05:18 (0) ** BEFORE running WMIDiag:
> 20892 16:05:18 (0) ** The WMI repository has a size of:
> .................................................. ................................. 22 MB.
> 20893 16:05:18 (0) ** - Disk free space on 'C:':
> .................................................. ........................................ 11073 MB.
> 20894 16:05:18 (0) ** - INDEX.BTR, 1540096 bytes,
> 5/29/2008 4:02:17 PM
> 20895 16:05:18 (0) ** - INDEX.MAP, 792 bytes,
> 5/29/2008 4:02:17 PM
> 20896 16:05:18 (0) ** - OBJECTS.DATA, 21037056 bytes,
> 5/29/2008 4:02:17 PM
> 20897 16:05:18 (0) ** - OBJECTS.MAP, 10296 bytes,
> 5/29/2008 4:02:17 PM
> 20898 16:05:18 (0) ** AFTER running WMIDiag:
> 20899 16:05:18 (0) ** The WMI repository has a size of:
> .................................................. ................................. 22 MB.
> 20900 16:05:18 (0) ** - Disk free space on 'C:':
> .................................................. ........................................ 11071 MB.
> 20901 16:05:18 (0) ** - INDEX.BTR, 1540096 bytes,
> 5/29/2008 4:05:17 PM
> 20902 16:05:18 (0) ** - INDEX.MAP, 792 bytes,
> 5/29/2008 4:05:17 PM
> 20903 16:05:18 (0) ** - OBJECTS.DATA, 21037056 bytes,
> 5/29/2008 4:05:17 PM
> 20904 16:05:18 (0) ** - OBJECTS.MAP, 10296 bytes,
> 5/29/2008 4:05:17 PM
> 20905 16:05:18 (0) **
> ----------------------------------------------------------------------------------------------------------------------------------
> 20906 16:05:18 (0) ** Windows Firewall:
> .................................................. ................................................. NOT INSTALLED.
> 20907 16:05:18 (0) **
> ----------------------------------------------------------------------------------------------------------------------------------
> 20908 16:05:18 (0) ** DCOM Status:
> .................................................. .................................................. .... OK.
> 20909 16:05:18 (0) ** WMI registry setup:
> .................................................. ............................................... OK.
> 20910 16:05:18 (0) ** WMI Service has no dependents:
> .................................................. .................................... OK.
> 20911 16:05:18 (0) ** RPCSS service:
> .................................................. .................................................. .. OK (Already started).
> 20912 16:05:18 (0) ** WINMGMT service:
> .................................................. .................................................. OK (Already started).
> 20913 16:05:18 (0) **
> ----------------------------------------------------------------------------------------------------------------------------------
> 20914 16:05:18 (0) ** WMI service DCOM setup:
> .................................................. ........................................... OK.
> 20915 16:05:18 (2) !! WARNING: WMI DCOM components registration is missing
> for the following EXE/DLLs: .................................... 6 WARNING(S)!
> 20916 16:05:18 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL
> (\CLSID\{7A0227F6-7108-11D1-AD90-00C04FD8FDFF}\InProcServer32)
> 20917 16:05:18 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL
> (\CLSID\{D71EE747-F455-4804-9DF6-2ED81025F2C1}\InProcServer32)
> 20918 16:05:18 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL
> (\CLSID\{ED51D12E-511F-4999-8DCD-C2BAC91BE86E}\InProcServer32)
> 20919 16:05:18 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL
> (\CLSID\{4C6055D8-84B9-4111-A7D3-6623894EEDB3}\InProcServer32)
> 20920 16:05:18 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL
> (\CLSID\{A1044801-8F7E-11D1-9E7C-00C04FC324A8}\InProcServer32)
> 20921 16:05:18 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMPROX.DLL
> (\CLSID\{F7CE2E13-8C90-11D1-9E7B-00C04FC324A8}\InProcServer32)
> 20922 16:05:18 (0) ** => WMI System components are not properly registered
> as COM objects, which could make WMI to
> 20923 16:05:18 (0) ** fail depending on the operation requested.
> 20924 16:05:18 (0) ** => For a .DLL, you can correct the DCOM configuration
> by executing the 'REGSVR32.EXE <Filename.DLL>' command.
> 20925 16:05:18 (0) **
> 20926 16:05:18 (0) ** WMI ProgID registrations:
> .................................................. ......................................... OK.
> 20927 16:05:18 (2) !! WARNING: WMI provider DCOM registrations missing for
> the following provider(s): ..................................... 1 WARNING(S)!
> 20928 16:05:18 (0) ** - ROOT/MSAPPS12, OffProv12
> ({DBF82DC7-E750-4CCF-B09C-D8AECEF7158E}) (i.e. WMI Class
> 'Win32_ExcelComAddins')
> 20929 16:05:18 (0) ** Provider DLL: 'WMI information not available (This
> could be the case for an external application or a third party WMI provider)'
> 20930 16:05:18 (0) ** => This is an issue because there are still some WMI
> classes referencing this list of providers
> 20931 16:05:18 (0) ** while the DCOM registration is wrong or missing.
> This can be due to:
> 20932 16:05:18 (0) ** - a de-installation of the software.
> 20933 16:05:18 (0) ** - a deletion of some registry key data.
> 20934 16:05:18 (0) ** - a registry corruption.
> 20935 16:05:18 (0) ** => You can correct the DCOM configuration by:
> 20936 16:05:18 (0) ** - Executing the 'REGSVR32.EXE <Provider.DLL>'
> command.
> 20937 16:05:18 (0) ** Note: You can build a list of classes in relation
> with their WMI provider and MOF file with WMIDiag.
> 20938 16:05:18 (0) ** (This list can be built on a similar and
> working WMI Windows installation)
> 20939 16:05:18 (0) ** The following command line must be used:
> 20940 16:05:18 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider'
> 20941 16:05:18 (2) !! WARNING: Re-registering with REGSVR32.EXE all DLL from
> 'C:\WINDOWS\SYSTEM32\WBEM\'
> 20942 16:05:18 (0) ** may not solve the problem as the DLL
> supporting the WMI class(es)
> 20943 16:05:18 (0) ** can be located in a different folder.
> 20944 16:05:18 (0) ** You must refer to the class name to determine
> the software delivering the related DLL.
> 20945 16:05:18 (0) ** => If the software has been de-installed
> intentionally, then this information must be
> 20946 16:05:18 (0) ** removed from the WMI repository. You can use the
> 'WMIC.EXE' command to remove
> 20947 16:05:18 (0) ** the provider registration data.
> 20948 16:05:18 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT\MSAPPS12 path
> __Win32Provider Where Name='OffProv12' DELETE'
> 20949 16:05:18 (0) ** => If the namespace was ENTIRELY dedicated to the
> intentionally de-installed software,
> 20950 16:05:18 (0) ** the namespace and ALL its content can be ENTIRELY
> deleted.
> 20951 16:05:18 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT path __NAMESPACE
> Where Name='MSAPPS12' DELETE'
> 20952 16:05:18 (0) ** - Re-installing the software.
> 20953 16:05:18 (0) **
> 20954 16:05:18 (0) ** WMI provider CIM registrations:
> .................................................. ................................... OK.
> 20955 16:05:18 (0) ** WMI provider CLSIDs:
> .................................................. .............................................. OK.
> 20956 16:05:18 (0) ** WMI providers EXE/DLL availability:
> .................................................. ............................... OK.
> 20957 16:05:18 (0) **
> ----------------------------------------------------------------------------------------------------------------------------------
> 20958 16:05:18 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment'
> (Launch & Activation Permissions): ........................... MODIFIED.
> 20959 16:05:18 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has
> been REMOVED!
> 20960 16:05:18 (0) ** - REMOVED ACE:
> 20961 16:05:18 (0) ** ACEType: &h0
> 20962 16:05:18 (0) ** ACCESS_ALLOWED_ACE_TYPE
> 20963 16:05:18 (0) ** ACEFlags: &h0
> 20964 16:05:18 (0) ** ACEMask: &h1
> 20965 16:05:18 (0) ** DCOM_RIGHT_EXECUTE
> 20966 16:05:18 (0) **
> 20967 16:05:18 (0) ** => The REMOVED ACE was part of the DEFAULT setup for
> the trustee.
> 20968 16:05:18 (0) ** Removing default security will cause some
> operations to fail!
> 20969 16:05:18 (0) ** It is possible to fix this issue by editing the
> security descriptor and adding the ACE.
> 20970 16:05:18 (0) ** For DCOM objects, this can be done with
> 'DCOMCNFG.EXE'.
> 20971 16:05:18 (0) **
> 20972 16:05:18 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment'
> (Launch & Activation Permissions): ........................... MODIFIED.
> 20973 16:05:18 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has
> been REMOVED!
> 20974 16:05:18 (0) ** - REMOVED ACE:
> 20975 16:05:18 (0) ** ACEType: &h0
> 20976 16:05:18 (0) ** ACCESS_ALLOWED_ACE_TYPE
> 20977 16:05:18 (0) ** ACEFlags: &h0
> 20978 16:05:18 (0) ** ACEMask: &h1
> 20979 16:05:18 (0) ** DCOM_RIGHT_EXECUTE
> 20980 16:05:18 (0) **
> 20981 16:05:18 (0) ** => The REMOVED ACE was part of the DEFAULT setup for
> the trustee.
> 20982 16:05:18 (0) ** Removing default security will cause some
> operations to fail!
> 20983 16:05:18 (0) ** It is possible to fix this issue by editing the
> security descriptor and adding the ACE.
> 20984 16:05:18 (0) ** For DCOM objects, this can be done with
> 'DCOMCNFG.EXE'.
> 20985 16:05:18 (0) **
> 20986 16:05:18 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment'
> (Launch & Activation Permissions): ........................... MODIFIED.
> 20987 16:05:18 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been
> REMOVED!
> 20988 16:05:18 (0) ** - REMOVED ACE:
> 20989 16:05:18 (0) ** ACEType: &h0
> 20990 16:05:18 (0) ** ACCESS_ALLOWED_ACE_TYPE
> 20991 16:05:18 (0) ** ACEFlags: &h0
> 20992 16:05:18 (0) ** ACEMask: &h1
> 20993 16:05:18 (0) ** DCOM_RIGHT_EXECUTE
> 20994 16:05:18 (0) **
> 20995 16:05:18 (0) ** => The REMOVED ACE was part of the DEFAULT setup for
> the trustee.
> 20996 16:05:18 (0) ** Removing default security will cause some
> operations to fail!
> 20997 16:05:18 (0) ** It is possible to fix this issue by editing the
> security descriptor and adding the ACE.
> 20998 16:05:18 (0) ** For DCOM objects, this can be done with
> 'DCOMCNFG.EXE'.
> 20999 16:05:18 (0) **
> 21000 16:05:18 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL':
> .................................................. ...................
> MODIFIED.
> 21001 16:05:18 (1) !! ERROR: Actual trustee 'NT AUTHORITY\NETWORK SERVICE'
> DOES NOT match corresponding expected trustee rights (Actual->Default)
> 21002 16:05:18 (0) ** - ACTUAL ACE:
> 21003 16:05:18 (0) ** ACEType: &h0
> 21004 16:05:18 (0) ** ACCESS_ALLOWED_ACE_TYPE
> 21005 16:05:18 (0) ** ACEFlags: &h2
> 21006 16:05:18 (0) ** CONTAINER_INHERIT_ACE
> 21007 16:05:18 (0) ** ACEMask: &h1
> 21008 16:05:18 (0) ** WBEM_ENABLE
> 21009 16:05:18 (0) ** - EXPECTED ACE:
> 21010 16:05:18 (0) ** ACEType: &h0
> 21011 16:05:18 (0) ** ACCESS_ALLOWED_ACE_TYPE
> 21012 16:05:18 (0) ** ACEFlags: &h12
> 21013 16:05:18 (0) ** CONTAINER_INHERIT_ACE
> 21014 16:05:18 (0) ** INHERITED_ACE
> 21015 16:05:18 (0) ** ACEMask: &h13
> 21016 16:05:18 (0) ** WBEM_ENABLE
> 21017 16:05:18 (0) ** WBEM_METHOD_EXECUTE
> 21018 16:05:18 (0) ** WBEM_WRITE_PROVIDER
> 21019 16:05:18 (0) **
> 21020 16:05:18 (0) ** => The actual ACE has the right(s) '&h12
> WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
> 21021 16:05:18 (0) ** This will cause some operations to fail!
> 21022 16:05:18 (0) ** It is possible to fix this issue by editing the
> security descriptor and adding the removed right.
> 21023 16:05:18 (0) ** For WMI namespaces, this can be done with
> 'WMIMGMT.MSC'.
> 21024 16:05:18 (0) ** Note: WMIDiag has no specific knowledge of this WMI
> namespace.
> 21025 16:05:18 (0) ** The security diagnostic is based on the WMI
> namespace expected defaults.
> 21026 16:05:18 (0) ** A specific WMI application can always require a
> security setup different
> 21027 16:05:18 (0) ** than the WMI security defaults.
> 21028 16:05:18 (0) **
> 21029 16:05:18 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL':
> .................................................. ...................
> MODIFIED.
> 21030 16:05:18 (1) !! ERROR: Actual trustee 'NT AUTHORITY\LOCAL SERVICE'
> DOES NOT match corresponding expected trustee rights (Actual->Default)
> 21031 16:05:18 (0) ** - ACTUAL ACE:
> 21032 16:05:18 (0) ** ACEType: &h0
> 21033 16:05:18 (0) ** ACCESS_ALLOWED_ACE_TYPE
> 21034 16:05:18 (0) ** ACEFlags: &h2
> 21035 16:05:18 (0) ** CONTAINER_INHERIT_ACE
> 21036 16:05:18 (0) ** ACEMask: &h1
> 21037 16:05:18 (0) ** WBEM_ENABLE
> 21038 16:05:18 (0) ** - EXPECTED ACE:
> 21039 16:05:18 (0) ** ACEType: &h0
> 21040 16:05:18 (0) ** ACCESS_ALLOWED_ACE_TYPE
> 21041 16:05:18 (0) ** ACEFlags: &h12
> 21042 16:05:18 (0) ** CONTAINER_INHERIT_ACE
> 21043 16:05:18 (0) ** INHERITED_ACE
> 21044 16:05:18 (0) ** ACEMask: &h13
> 21045 16:05:18 (0) ** WBEM_ENABLE
> 21046 16:05:18 (0) ** WBEM_METHOD_EXECUTE
> 21047 16:05:18 (0) ** WBEM_WRITE_PROVIDER
> 21048 16:05:18 (0) **
> 21049 16:05:18 (0) ** => The actual ACE has the right(s) '&h12
> WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
> 21050 16:05:18 (0) ** This will cause some operations to fail!
> 21051 16:05:18 (0) ** It is possible to fix this issue by editing the
> security descriptor and adding the removed right.
> 21052 16:05:18 (0) ** For WMI namespaces, this can be done with
> 'WMIMGMT.MSC'.
> 21053 16:05:18 (0) ** Note: WMIDiag has no specific knowledge of this WMI
> namespace.
> 21054 16:05:18 (0) ** The security diagnostic is based on the WMI
> namespace expected defaults.