WMI Management Tools

In this post, I will be mentioning how to determine if WMI is corrupted on a machine and what are the various WMI Management tools which will be helpful in resolving WMI related issues.

First, we will understand what is WMI?

Windows Management Instrumentation – Windows Management Instrumentation (WMI) is a set of specifications from Microsoft for consolidating the management of devices and applications in a network from Windows computing systems. WMI is installed on all computers with Windows Millennium Edition (Me), Windows 2000, Windows XP, or Windows Server 2003. It can be downloaded for computers using Windows 98 or Windows NT 4.0. WMI is the Microsoft implementation of Web Based Enterprise Management (WBEM), which is built on the Common Information Model (CIM), a computer industry standard for defining device and application characteristics so that system administrators and management programs can control devices and applications from multiple manufacturers or sources in the same way.

WMI provides users with information about the status of local or remote computer systems. It also supports such actions as the configuration of security settings, setting and changing system properties, setting and changing permissions for authorized users and user groups, assigning and changing drive labels, scheduling processes to run at specific times, backing up the object repository, and enabling or disabling error logging.

For more information on WMI, below are the good references:-

https://msdn.microsoft.com/en-us/library/aa384642(v=vs.85).aspx

https://technet.microsoft.com/en-us/library/ee692772.aspx 

So, how do we define – WMI is not functioning properly / corrupted?

If WMIis corrupted, you can receive various errors and symptoms, depending on what activity was being done at the time. Below is a few errors and symptoms that could indicate that the repository is corrupted:

  1. Unable to connect to rootdefault or rootcimv2 namespaces. Fails returning error code 0x80041002 pointing to WBEM_E_NOT_FOUND.
  2. When we open Computer Management and Right Click on Computer Management (Local) and select Properties, you get the following error: “WMI: Not Found” or it hangs trying connect
  3. 0x80041010 WBEM_E_INVALID_CLASS
  4. Trying to use wbemtest, it hangs
  5. Schemas/Objects missing
  6. Strange connection/operation errors (0x8007054e):

Open – Run – type – WBEMTEST

Successful WMI Properties

It will open the “Windows Management Instrumentation Tester”.

wbemtest11

Connect to the default Name Space – (Click on Connect)

wbemtest12

Once you connect to default name space, click on ‘Query’ – and enter a simple query as shown below –

wbemtest1

On a WMI healthy machine, you will get the results for the query and hence you can say that WMI is functioning properly.

wbemtest10

If you see any errors, you might consider repairing WMI to re-build WMI and resolve respective issues.

More information on this – https://blogs.technet.microsoft.com/askperf/2014/08/08/wmi-repository-corruption-or-not/ 

WMI Management Tools

You can manage WMI by using the following tools:

  • WMI Control
  • MOF Compiler (MOFComp.exe)
  • WinMgmt.exe

WMI Control is the primary tool for managing WMI. It can be used to control WMI logging, execute WMI backups and restores, and control WMI security. On computers with WMI 1.5 or later (including computers running Windows 2000, Windows XP, or the Windows Server 2003 family), you access WMI Control by opening the Computer Management console.

To access WMI Control

  1. On the taskbar, click Start, and then click Control Panel.
  2. Double-click the Administrative Tools icon, and then double-click Computer Management.
  3. In the Computer Management console, expand Services and Applications, right-click WMI Control, and then click Properties.

The Computer Management console can also be opened by right-clicking the My Computer icon and clicking Manage.

On computers with WMI earlier than version 1.5 (possibly including computers running Windows 95, Windows 98, and Windows NT 4.0), WMI Control can be found in Control Panel (or you can run Wbemcntl.exe from the %Windir%\System32\wbem directory). This version of WMI Control does not manage WMI security. You must manage WMI security by running Wbemperm.exe from the %Windir%\System32\wbem directory.

MOFComp.exe

To make the contents of a MOF file effective (by placing them in the CIM Repository), the file must be compiled. MOF files are usually automatically compiled during the installation of the systems with which they are provided, but you can also compile MOF files by using the MOF Compiler (Mofcomp.exe). The MOF Compiler is available in the %Windir%\System32\wbem directory. You must specify the MOF file as the parameter of the MOF Compiler. You can also specify an Autorecover switch if you want the MOF file to be automatically recompiled if the CIM Repository ever has to be automatically recovered. For more information, type Mofcomp /? at the command prompt.

Another tool that you can use to manage WMI is Winmgmt.exe. This tool is located in the %Windir%\System32\wbem directory. For a list of the available switches, type WinMgmt /? at the command prompt.

WinMgmt.exe Switches

Switch Description Comment
/kill Causes all instances of WMI to stop. Use NET START “Windows Management Instrumentation” to restart WMI, or restart the computer.
/regserver Invokes self-registration. Only needed if the WMI service registry entries are corrupted.
/unregserver Removes the registry entries. Only needed if the WMI service registry entries are corrupted.
/backup Backs up the repository. A file must be specified. If you do not specify a path for the file, it is put in the %Windir%\System32 directory.
/restore Restores the repository. A file must be specified. The flag must be 1 to disconnect users prior to the restore, or 0 to restore only if no users are connected.
/resyncperf Registers the computer’s performance libraries with WMI. WMI PID is the process ID for the WMI service. Only needed if the performance monitor classes are not returning reliable results.
/clearadap Clears prior /resycperf information from the registry. Only needed if the performance monitor classes are not returning reliable results.
Advertisements

1 Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s