Fixing WMI Errors on Server 2012R2

Had an issue with an Active Directory Server running server 2012R2. The Domain controller was erroring out on WMI and Active Directory DFS replication. We started getting WMI errors as shown below about a few days after it was put into production. The server also exhibited other issues such as not showing up in the server management dashboard and being unable to add or remove roles to the server.

The WMI Errors we were getting ones such as:

A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Event provider attempted to register query "select * from MSFT_DASettingsIndication" whose target class "MSFT_DASettingsIndication" in //./root/standardcimv2 namespace does not exist. The query will be ignored.

*********ERROR LOG**********

48001 10:17:45 (0) ** WMIADAPTER: ....................................................................................................... 0.
48002 10:17:45 (0) **
48003 10:17:45 (0) ** 1 error(s) 0x8004100E - (WBEM_E_INVALID_NAMESPACE) Namespace specified cannot be found
48004 10:17:45 (0) **
48005 10:17:45 (0) ** 172 error(s) 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found
48006 10:17:45 (0) ** => This error is typically a WMI error. This WMI error is due to:
48007 10:17:45 (0) ** - a missing WMI class definition or object.
48008 10:17:45 (0) ** (See any GET, ENUMERATION, EXECQUERY and GET VALUE operation failures).
48009 10:17:45 (0) ** You can correct the missing class definitions by:
48010 10:17:45 (0) ** - Manually recompiling the MOF file(s) with the 'MOFCOMP ' command.
48011 10:17:45 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag.
48012 10:17:45 (0) ** (This list can be built on a similar and working WMI Windows installation)
48013 10:17:45 (0) ** The following command line must be used:
48014 10:17:45 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider'
48015 10:17:45 (0) ** - a WMI repository corruption.
48016 10:17:45 (0) ** In such a case, you must rerun WMIDiag with 'WriteInRepository' parameter
48017 10:17:45 (0) ** to validate the WMI repository operations.
48018 10:17:45 (0) ** Note: ENSURE you are an administrator with FULL access to WMI EVERY namespaces of the computer before
48019 10:17:45 (0) ** executing the WriteInRepository command. To write temporary data from the Root namespace, use:
48020 10:17:45 (0) ** i.e. 'WMIDiag WriteInRepository=Root'
48021 10:17:45 (0) ** - If the WriteInRepository command fails, while being an Administrator with ALL accesses to ALL namespaces
48022 10:17:45 (0) ** the WMI repository must be reconstructed.
48023 10:17:45 (0) ** Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository,
48024 10:17:45 (0) ** otherwise some applications may fail after the reconstruction.
48025 10:17:45 (0) ** This can be achieved with the following command:
48026 10:17:45 (0) ** i.e. 'WMIDiag ShowMOFErrors'
48027 10:17:45 (0) ** Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing
48028 10:17:45 (0) ** ALL fixes previously mentioned.
48029 10:17:45 (2) !! WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory)

**********Attempts at a Fix***********

The team attempted several different repairs of the WMI Repository. Including a manual recovery of it.

The WMI Repository must be rebuilt/repaired so that the Data Collector server can successfully report the host status to the connection broker.

For Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, try to run the following:
winmgmt /verifyrepository
If the result is shown as inconsistent, go to step 2
winmgmt /salvagerepository
winmgmt /verifyrepository - to check again wmi repository had been repaired successfully

To fully rebuild the WMI Repository follow these steps:
Disable and stop the winmgmt service
Remove or rename C:\Windows\System32\wbem\repository
Enable and start the winmgmt service
Open a CMD prompt as Administrator
In the CMD prompt Navigate to C:\Windows\System32\wbem\
Run the following command:

‘for /f %s in ('dir /b *.mof') do mofcomp %s’

Note: This will take a minute or so to complete.
Now run the command:

‘for /f %s in ('dir /b en-us\*.mfl') do mofcomp en-us\%s’
Restart the Data Collector service

Lastly, open PERFMON to verify that all counters can be loaded. If PERFMON generates a popup error, please follow this Microsoft KB to fix it:

http://support.microsoft.com/kb/2554336/en-us

https://social.technet.microsoft.com/Forums/windows/en-US/8ed26d46-9994-4052-a307-5b071805aea8/wmi-corrupt-how-to-reinstallrepair?forum=winservergen

even running the verification winmgmt /verifyrepository showed the repository was just fine however the 2012R2 Server management console said otherwise. It was still giving errors such as

A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Event provider attempted to register query "select * from MSFT_DASettingsIndication" whose target class "MSFT_DASettingsIndication" in //./root/standardcimv2 namespace does not exist. The query will be ignored.

<!-----SOLUTION-----!>

1. Run the cmdprompt as an administrator your current directory should be "C:\Windows\System32". I then did a "dir /a /S *.mof" which listed all the *.mof's.

All are some type like "FFA7CB08D2CC2DB2D3973F6214D0CCDA.mof"

2. cd C:\Windows\System32\wbem\AutoRecover

3. for /f %s in ('dir /b *.mof *.mfl') do mofcomp %s

4. goto Servermanager, do Refresh.

After the solution was run the server manager was functioning properly again and we were able to add roles and features to the AD Server again.




Good Reads.

https://blogs.technet.microsoft.com/askperf/2014/08/08/wmi-repository-corruption-or-not/
http://support.microsoft.com/kb/2554336/en-us
https://social.technet.microsoft.com/Forums/windows/en-US/8ed26d46-9994-4052-a307-5b071805aea8/wmi-corrupt-how-to-reinstallrepair?forum=winservergen
https://technet.microsoft.com/en-us/library/cc755121(v=ws.11).aspx

Using a ChromeBox for digital signage and PA System

I was tasked to look into a replacement for a digital signage/public announcement (PA) System.  The old signage/PA system was running a single core 2.0 Ghz AMD barton running windows xp.  The System is about 15 years old not really maintained and extremely dated.  After looking at some third party vendors and the costs associated with them, we looked at using the new Google Sign Builder since the organization is on Google Apps anyway and it wouldn't hurt to look into a low cost, easy way to update and manage the digital signage/PA System.

https://chrome.google.com/webstore/detail/chrome-sign-builder/odjaaghiehpobimgdjjfofmablbaleem

https://support.google.com/chrome/a/answer/6180529?hl=en

The chrome devices are administered through the sign builder app and the Google Admin.

Chrome Management

Devices can be given different permissions, and settings by use of subdomains in the google admin area.  For example, there are 11 kiosk stations and 1 signage station and 1 general use chrome device for meetings.

As you can see you can assign devices to different sub domains which also allows you to give them different permissions and lets you also assign different chrome apps.

The chrome signage settings are found under chrome management in the picture above under device settings.  In the picture below I have chrome sign builder assigned to the signage sub domain and no other sub domain.

Chrome Device Settings

Chrome Sign Builder Kiosk Settings

With chrome sign builder you can assign all day schedules and you have a variety of settings you can use.  What was required for this project was the ability to do an all day running sign can can get updates, and run the closing announcements.  I found that it can do both.  However when you set this up make sure if there are others that need access you use a universal account; currently chrome sign builder can only work under one account.

I also found that the most important part of the URL for using chrome sign builder is 

pub?start=false&loop=false&delayms=3000

start is set to true otherwise the slides will not play.  Start should always be set to true.

loop, if you want to have the presentation loop or not.  

delay, how long you want the slides to be on for before moving on to the next slide. (default is 3 seconds)

Signage Running (All Day Schedule)

The signage I've setup to run in presentation mode, with auto start and to loop with a delay of 7 seconds before switching slides.

https://docs.google.com/presentation/embed?id=1yourgoogledocumentULR&start=true&loop=true&rm=minimal&delayms=7000

As you can see in the image below I've also set the URL to reload every 10 minutes so that if any changes are made to the document it gets shown on the signage. (This is the setting for the all day schedule)

PA System.

The chome sign builder can work double duty much like the signage system before.  What I've done here is setup 3 separate google slides.  Since Google sides doesn't play audio I've converted the audio files that are used into movies using handbrake.

Some interesting things that came up while I was working with this.  The media I was working with is only about 30 seconds long (max) but if I set the content time to 1 minute it does not play also setting the zone size to 1px by 1px also caused a problem. 

NOTE:

The URL looks like this https://docs.google.com/presentation/embed?id=1yourgoogledocumentULR/embed?start=true&loop=false&rm=minimal&delayms=60000&slide=id.p

These must have &slide=id.p to the url of the slide otherwise it will not play 

The content time I required was only 1 minute but it would should be set to 3 minutes.

zone is set to lower right and a size of the to 10px by 10px.  The Slides I need to play play but do not show up in front of the other signage.

Chrome Signbuilder Schedule

Example of PA System Notification Settings

Use powershell to do an export of a running Hyper-V Guest.

Export a live VM using Powershell

You can do lots of things with powershell in hyper-v one of the great ones is automating an export of your virtual machines.

To do that you use a very simple powershell script

Export-VM -Name $VMNAME -Path $PATH

Now you can use this in a loop script to export your VMs to a network storage location, external drive, what ever you need.

How to visualize a physical system for Hyper-V

Physical to Virtual (P2V)

There are many different ways to visualize systems.  I did a video on how to use Disk2VHD if you want to see it visit my youtube channel.  This post is going to cover how to use Sysinternals disk2vhd application.  Disk2vhd is a utility that creates a virtual hard disk (VHD/VHDX) for use in Microsoft Virtual PC or Microsoft Hyper-V. The difference between Disk2vhd and other physical-to-virtual tools is that you can run Disk2vhd on a system that’s online. Disk2vhd uses Windows' Volume Snapshot (VSS) capability to create consistent point-in-time snapshots of the volumes you want to include in a conversion.

Disk2VHD GUI

Disk2VHD is a very small application and can just be run from a directory it does not need to be installed.  You can see from the GUI above the options are very simple to select, and since Disk2 VHD uses windows VSS capabilities you can save the VHD/VHDX to the drive your cloning but it is not recommended.  I recommend you always save to a drive that you are not visualizing.

Disk2VHD Progress

You can continue to use the System as your visualizing it just keep in mind it may not catch all your changes as the VHD/VHDX is created.  Here is a great post about when to use VHD/VHDX https://blogs.technet.microsoft.com/ausoemteam/2015/04/24/deciding-on-when-to-use-vhdx-or-vhd-files-with-hyper-v/ If your using server 2008R2 or older you will have to use vhd

When the process is complete you should see a .vhd/vhdx file in your file system that you can now use to attach to a Hyper-V virtual machine.

Finished Conversion