Posted on November 12, 2014 · Posted in Windows 7

WMI Troubleshooting

Every experienced Windows administrator has faced some issues of WMI service and its components. The problems in WMI subsystem are critical for the normal operation of the system, and the administrator has to make use of some tricks that allow recover WMI. In this article we’ll describe quite a simple technique of diagnostics and troubleshooting WMI service.

A problem with the WMI may indicate a wide range of errors:

  • The errors on the WMI queries processing in the system and apps logs
  • GPO errors related with WMI (incorrect work of the WMI-filters in Group  Policies, etc.)
  • Operational errors / impossibility to install SCCM/SCOM agents
  • Errors in scripts (VBS or Powershell) that use the WMI namespace

Verify that Winmgmt service (Windows Management Instrumentation )is present in services.msc console.

Winmgmt service

If winmgmt service is available and has the status Started, it is recommended to test the WMI performance by running simple WMI-query. Using Powershell, you can do it as follows:

get-wmiobject Win32_OperatingSystem

Simple WMI query: get-wmiobject Win32_OperatingSystem

If the system returns an error after running the simple WMI-query (in the screenshot is an example of a correct response WMI service), the WMI service or some of its sub-systems do not function correctly, the WMI repository has been damaged or some other problems have occurred.

WMIDiag Utility

To perform a detailed diagnostics of the WMI service, there is an official Microsoft utility – WMIDiag (Microsoft WMI Diagnosis). The utility is a VBS script that checks different WMI subsystems and writes the collected information to the log files (by default the logs are located in %TEMP%  folder – C:\USERS\%USERNAME%\APPDATA\LOCAL\TEMP\). The resulting report contains files whose names begin with WMIDIAG-V2.1 and includes the following file types:

  1. LOG files contain a detailed report of WMIDiag activity
  2. TXT files contain the final reports of bugs that are worth paying attention
  3. CSV files contain information necessary for a long-term analysis of the WMI subsystem performance

Tip. In Windows x64 versions wmidiag should be run as follows:

c:\windows\System32\cscript.exe wmidiag.vbs

otherwise, there occurs an error: WMIDiag must be run from native 64-bit environment. It is not supported in Wow64.

WMIDiag must be run from native 64-bit environment. It is not supported in Wow64

After WMIDiag has completed its task, the administrator should examine the log files, analyse and try to fix bugs.

In general, WMIDiag can provide information on how to correct local errors in WMI, but in most cases it is a time-consuming process and is worth of the time spent only when looking for solutions to the problems in the critical systems (usually on the production servers). In case of the mass segment of the user workstations, it is much easier resolve WMI issues more radically.

Re-registration of the WMI Libraries and Recompilation of MOF Files

The next script is a «soft» version of WMI recovering on a separate computer (the DLL libraries and WMI are re-registered and MOF files are recompiled). This procedure is safe and its implementation should not cause any more problems with the system

sc config winmgmt start= disabled
net stop winmgmt
cd %windir%\system32\wbem
for /f %%s in ('dir /b *.dll') do regsvr32 /s %%s
wmiprvse /regserver
winmgmt /regserver
sc config winmgmt start= auto
net start winmgmt
for /f %%s in ('dir /b *.mof') do mofcomp %%s
for /f %%s in ('dir /b *.mfl') do mofcomp %%s

These commands can be run by simply pasting them into the command line, or you can save the script as a BAT file and run it under the administrator privileges. After the script has been completed, you must reboot the system and re-test the WMI.

Rebuilding WMI repository

If the method described above has not helped, use more «hard» way of the WMI recovery that implies the recreation of the WMI repository.

The WMI repository is located in %windir%\System32\Wbem\Repository and is a database that contains information on the metadata and descriptions of the WMI classes. In some cases the WMI repository can also contain static information classes. When the repository is damaged, errors occur in the activity of WMI service (Winmgmt), and sometimes it’s even not possible to run it.

If you suspect that the WMI repository is damaged, keep  in mind that it only should be recreated if no other means to restore WMI are effective.

Tip. In practice, there are cases, when the rebuilding of WMI repository causes problems with the third-party software. The reason is that all WMI records are eliminated (to the state of a clean system). Such software may have to reinstall in recovery mode.

In Windows Vista or higher, you can check if the repository is damaged with the following command:

winmgmt /verifyrepository

If the command returns that the WMI database is in inconsistent state (INCONSISTENT), you should try the «soft» recovery of the repository:

Winmgmt /salvagerepository

And restart WMI:

net stop Winmgmt
net start Winmgmt

winmgmt /verifyrepository

If the above command did not help, reset the repository to its initial state (hard reset) as follows:

Winmgmt /resetrepository

If the commands Winmgmt /salvagerepository and Winmgmt /resetrepository haven’t shown the expected result, it’s worth to «hard» recreate the WMI database manually using this scenario:

sc config winmgmt start= disabled
net stop winmgmt
cd %windir%\system32\wbem
winmgmt /kill
winmgmt /unregserver
winmgmt /regserver
winmgmt /resyncperf
if exist Repos_bakup rd Repos_bakup /s /q
rename Repository Repos_bakup
regsvr32 /s %systemroot%\system32\scecli.dll
regsvr32 /s %systemroot%\system32\userenv.dll
for /f %%s in ('dir /b *.dll') do regsvr32 /s %%s
for /f %%s in ('dir /b *.mof') do mofcomp %%s
for /f %%s in ('dir /b *.mfl') do mofcomp %%s
sc config winmgmt start= auto
net start winmgmt
wmiprvse /regserver

This script totally recreates the WMI repository (the old repository is saved to the Repos_backup directory). After the script has completed, the computer must be restarted and then test the WMI performance with a simple request.

Related Articles