Had an issue with an Active Directory Server running server 2012R2. The Domain controller was erroring out on WMI and Active Directory DFS replication. We started getting WMI errors as shown below about a few days after it was put into production. The server also exhibited other issues such as not showing up in the server management dashboard and being unable to add or remove roles to the server.
The WMI Errors we were getting ones such as:
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Event provider attempted to register query "select * from MSFT_DASettingsIndication" whose target class "MSFT_DASettingsIndication" in //./root/standardcimv2 namespace does not exist. The query will be ignored.
*********ERROR LOG**********
48002 10:17:45 (0) **
48003 10:17:45 (0) ** 1 error(s) 0x8004100E - (WBEM_E_INVALID_NAMESPACE) Namespace specified cannot be found
48004 10:17:45 (0) **
48005 10:17:45 (0) ** 172 error(s) 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found
48006 10:17:45 (0) ** => This error is typically a WMI error. This WMI error is due to:
48007 10:17:45 (0) ** - a missing WMI class definition or object.
48008 10:17:45 (0) ** (See any GET, ENUMERATION, EXECQUERY and GET VALUE operation failures).
48009 10:17:45 (0) ** You can correct the missing class definitions by:
48010 10:17:45 (0) ** - Manually recompiling the MOF file(s) with the 'MOFCOMP
48011 10:17:45 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag.
48012 10:17:45 (0) ** (This list can be built on a similar and working WMI Windows installation)
48013 10:17:45 (0) ** The following command line must be used:
48014 10:17:45 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider'
48015 10:17:45 (0) ** - a WMI repository corruption.
48016 10:17:45 (0) ** In such a case, you must rerun WMIDiag with 'WriteInRepository' parameter
48017 10:17:45 (0) ** to validate the WMI repository operations.
48018 10:17:45 (0) ** Note: ENSURE you are an administrator with FULL access to WMI EVERY namespaces of the computer before
48019 10:17:45 (0) ** executing the WriteInRepository command. To write temporary data from the Root namespace, use:
48020 10:17:45 (0) ** i.e. 'WMIDiag WriteInRepository=Root'
48021 10:17:45 (0) ** - If the WriteInRepository command fails, while being an Administrator with ALL accesses to ALL namespaces
48022 10:17:45 (0) ** the WMI repository must be reconstructed.
48023 10:17:45 (0) ** Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository,
48024 10:17:45 (0) ** otherwise some applications may fail after the reconstruction.
48025 10:17:45 (0) ** This can be achieved with the following command:
48026 10:17:45 (0) ** i.e. 'WMIDiag ShowMOFErrors'
48027 10:17:45 (0) ** Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing
48028 10:17:45 (0) ** ALL fixes previously mentioned.
48029 10:17:45 (2) !! WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory)
**********Attempts at a Fix***********
The team attempted several different repairs of the WMI Repository. Including a manual recovery of it.The WMI Repository must be rebuilt/repaired so that the Data Collector server can successfully report the host status to the connection broker.
For Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, try to run the following:
winmgmt /verifyrepository
If the result is shown as inconsistent, go to step 2
winmgmt /salvagerepository
winmgmt /verifyrepository - to check again wmi repository had been repaired successfully
To fully rebuild the WMI Repository follow these steps:
Disable and stop the winmgmt service
Remove or rename C:\Windows\System32\wbem\repository
Enable and start the winmgmt service
Open a CMD prompt as Administrator
In the CMD prompt Navigate to C:\Windows\System32\wbem\
Run the following command:
‘for /f %s in ('dir /b *.mof') do mofcomp %s’
Note: This will take a minute or so to complete.
Now run the command:
‘for /f %s in ('dir /b en-us\*.mfl') do mofcomp en-us\%s’
Restart the Data Collector service
Lastly, open PERFMON to verify that all counters can be loaded. If PERFMON generates a popup error, please follow this Microsoft KB to fix it:
http://support.microsoft.com/kb/2554336/en-us
https://social.technet.microsoft.com/Forums/windows/en-US/8ed26d46-9994-4052-a307-5b071805aea8/wmi-corrupt-how-to-reinstallrepair?forum=winservergen
even running the verification winmgmt /verifyrepository showed the repository was just fine however the 2012R2 Server management console said otherwise. It was still giving errors such as
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Event provider attempted to register query "select * from MSFT_DASettingsIndication" whose target class "MSFT_DASettingsIndication" in //./root/standardcimv2 namespace does not exist. The query will be ignored.
<!-----SOLUTION-----!>
1. Run the cmdprompt as an administrator your current directory should be "C:\Windows\System32". I then did a "dir /a /S *.mof" which listed all the *.mof's.All are some type like "FFA7CB08D2CC2DB2D3973F6214D0CCDA.mof"
2. cd C:\Windows\System32\wbem\AutoRecover
3. for /f %s in ('dir /b *.mof *.mfl') do mofcomp %s
4. goto Servermanager, do Refresh.
After the solution was run the server manager was functioning properly again and we were able to add roles and features to the AD Server again.
Good Reads.
https://blogs.technet.microsoft.com/askperf/2014/08/08/wmi-repository-corruption-or-not/
http://support.microsoft.com/kb/2554336/en-us
https://social.technet.microsoft.com/Forums/windows/en-US/8ed26d46-9994-4052-a307-5b071805aea8/wmi-corrupt-how-to-reinstallrepair?forum=winservergen
https://technet.microsoft.com/en-us/library/cc755121(v=ws.11).aspx
