45925 09:53:20 (0) ** WMIDiag v2.2 started on Friday, April 07, 2017 at 09:45. 45926 09:53:20 (0) ** 45927 09:53:20 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - July 2007. 45928 09:53:20 (0) ** 45929 09:53:20 (0) ** This script is not supported under any Microsoft standard support program or service. 45930 09:53:20 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all 45931 09:53:20 (0) ** implied warranties including, without limitation, any implied warranties of merchantability 45932 09:53:20 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance 45933 09:53:20 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors, 45934 09:53:20 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for 45935 09:53:20 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits, 45936 09:53:20 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of 45937 09:53:20 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised 45938 09:53:20 (0) ** of the possibility of such damages. 45939 09:53:20 (0) ** 45940 09:53:20 (0) ** 45941 09:53:20 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 45942 09:53:20 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ---------------------------------------------------------- 45943 09:53:20 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 45944 09:53:20 (0) ** 45945 09:53:20 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 45946 09:53:20 (0) ** Windows 7 - Service Pack 1 - 64-bit (7601) - User 'CPU2015\ROBERT R. FENICHEL' on computer 'CPU2015'. 45947 09:53:20 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 45948 09:53:20 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)! 45949 09:53:20 (0) ** INFO: => 7 possible incorrect shutdown(s) detected on: 45950 09:53:20 (0) ** - Shutdown on 22 March 2017 21:31:33 (GMT-0). 45951 09:53:20 (0) ** - Shutdown on 02 April 2017 14:53:13 (GMT-0). 45952 09:53:20 (0) ** - Shutdown on 02 April 2017 14:55:27 (GMT-0). 45953 09:53:20 (0) ** - Shutdown on 02 April 2017 14:57:33 (GMT-0). 45954 09:53:20 (0) ** - Shutdown on 02 April 2017 15:02:01 (GMT-0). 45955 09:53:20 (0) ** - Shutdown on 02 April 2017 15:08:56 (GMT-0). 45956 09:53:20 (0) ** - Shutdown on 03 April 2017 14:28:47 (GMT-0). 45957 09:53:20 (0) ** 45958 09:53:20 (0) ** System drive: ....................................................................................................... C: (Disk #0 Partition #0). 45959 09:53:20 (0) ** Drive type: ......................................................................................................... IDE (Samsun SSD 850 EVO 500G SCSI Disk Device). 45960 09:53:20 (0) ** There are no missing WMI system files: .............................................................................. OK. 45961 09:53:20 (0) ** There are no missing WMI repository files: .......................................................................... OK. 45962 09:53:20 (0) ** WMI repository state: ............................................................................................... N/A. 45963 09:53:20 (0) ** AFTER running WMIDiag: 45964 09:53:20 (0) ** The WMI repository has a size of: ................................................................................... 28 MB. 45965 09:53:20 (0) ** - Disk free space on 'C:': .......................................................................................... 20385 MB. 45966 09:53:20 (0) ** - INDEX.BTR, 5210112 bytes, 4/7/2017 9:48:48 AM 45967 09:53:20 (0) ** - MAPPING1.MAP, 66888 bytes, 4/6/2017 2:59:18 AM 45968 09:53:20 (0) ** - MAPPING2.MAP, 66888 bytes, 4/7/2017 9:48:48 AM 45969 09:53:20 (0) ** - OBJECTS.DATA, 23797760 bytes, 4/7/2017 9:48:48 AM 45970 09:53:20 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 45971 09:53:20 (0) ** INFO: Windows Firewall status: ...................................................................................... ENABLED. 45972 09:53:20 (0) ** Windows Firewall Profile: ........................................................................................... PRIVATE. 45973 09:53:20 (0) ** Inbound connections that do not match a rule BLOCKED: ............................................................... ENABLED. 45974 09:53:20 (0) ** => This will prevent any WMI remote connectivity to this computer except 45975 09:53:20 (0) ** if the following three inbound rules are ENABLED and non-BLOCKING: 45976 09:53:20 (0) ** - 'Windows Management Instrumentation (DCOM-In)' 45977 09:53:20 (0) ** - 'Windows Management Instrumentation (WMI-In)' 45978 09:53:20 (0) ** - 'Windows Management Instrumentation (ASync-In)' 45979 09:53:20 (0) ** Verify the reported status for each of these three inbound rules below. 45980 09:53:20 (0) ** 45981 09:53:20 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI)' group rule: ............................................. DISABLED. 45982 09:53:20 (0) ** => This will prevent any WMI remote connectivity to/from this machine. 45983 09:53:20 (0) ** - You can adjust the configuration by executing the following command: 45984 09:53:20 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE GROUP="Windows Management Instrumentation (WMI)" NEW ENABLE=YES' 45985 09:53:20 (0) ** Note: With this command all inbound and outbound WMI rules are activated at once! 45986 09:53:20 (0) ** You can also enable each individual rule instead of activating the group rule. 45987 09:53:20 (0) ** 45988 09:53:20 (0) ** Windows Firewall 'Windows Management Instrumentation (ASync-In)' rule: .............................................. DISABLED. 45989 09:53:20 (0) ** => This will prevent any WMI asynchronous inbound connectivity to this machine. 45990 09:53:20 (0) ** - You can adjust the configuration of this rule by executing the following command: 45991 09:53:20 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (ASync-In)" NEW ENABLE=YES' 45992 09:53:20 (0) ** 45993 09:53:20 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-Out)' rule: ............................................... DISABLED. 45994 09:53:20 (0) ** => This will prevent any WMI asynchronous outbound connectivity from this machine. 45995 09:53:20 (0) ** - You can adjust the configuration of this rule by executing the following command: 45996 09:53:20 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (WMI-Out)" NEW ENABLE=YES' 45997 09:53:20 (0) ** 45998 09:53:20 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-In)' rule: ................................................ DISABLED. 45999 09:53:20 (0) ** => This will prevent any WMI inbound connectivity to this machine. 46000 09:53:20 (0) ** Note: The rule 'Windows Management Instrumentation (WMI-In)' rule must be ENABLED to allow incoming WMI connectivity. 46001 09:53:20 (0) ** - You can adjust the configuration of this rule by executing the following command: 46002 09:53:20 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (WMI-In)" NEW ENABLE=YES' 46003 09:53:20 (0) ** 46004 09:53:20 (0) ** Windows Firewall 'Windows Management Instrumentation (DCOM-In)' rule: ............................................... DISABLED. 46005 09:53:20 (0) ** => This will prevent any DCOM WMI inbound connectivity to this machine. 46006 09:53:20 (0) ** Note: The rule 'Windows Management Instrumentation (DCOM-In)' rule must be ENABLED to allow incoming DCOM WMI connectivity. 46007 09:53:20 (0) ** - You can adjust the configuration of this rule by executing the following command: 46008 09:53:20 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (DCOM-In)" NEW ENABLE=YES' 46009 09:53:20 (0) ** 46010 09:53:20 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 46011 09:53:20 (0) ** DCOM Status: ........................................................................................................ OK. 46012 09:53:20 (0) ** WMI registry setup: ................................................................................................. OK. 46013 09:53:20 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)! 46014 09:53:20 (0) ** - Security Center (WSCSVC, StartMode='Automatic') 46015 09:53:20 (0) ** - Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Disabled') 46016 09:53:20 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well. 46017 09:53:20 (0) ** Note: If the service is marked with (*), it means that the service/application uses WMI but 46018 09:53:20 (0) ** there is no hard dependency on WMI. However, if the WMI service is stopped, 46019 09:53:20 (0) ** this can prevent the service/application to work as expected. 46020 09:53:20 (0) ** 46021 09:53:20 (0) ** RPCSS service: ...................................................................................................... OK (Already started). 46022 09:53:20 (0) ** WINMGMT service: .................................................................................................... OK (Already started). 46023 09:53:20 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 46024 09:53:20 (0) ** WMI service DCOM setup: ............................................................................................. OK. 46025 09:53:20 (2) !! WARNING: WMI DCOM components registration is missing for the following EXE/DLLs: .................................... 2 WARNING(S)! 46026 09:53:20 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\IPMIPRV.DLL (\CLSID\{FD209E2E-813B-41C0-8646-4C3E9C917511}\InProcServer32) 46027 09:53:20 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\SERVERCOMPPROV.DLL (\CLSID\{9042E1B1-8FD4-4008-89FE-4040CC74575A}\InProcServer32) 46028 09:53:20 (0) ** => WMI System components are not properly registered as COM objects, which could make WMI to 46029 09:53:20 (0) ** fail depending on the operation requested. 46030 09:53:20 (0) ** => For a .DLL, you can correct the DCOM configuration by executing the 'REGSVR32.EXE ' command. 46031 09:53:20 (0) ** 46032 09:53:20 (0) ** WMI ProgID registrations: ........................................................................................... OK. 46033 09:53:20 (2) !! WARNING: WMI provider DCOM registrations missing for the following provider(s): ..................................... 7 WARNING(S)! 46034 09:53:20 (0) ** - ROOT/CIMV2/TERMINALSERVICES, Win32_TSPublishedApplication_Prov ({643B0017-1AAE-4AFA-B921-4BE3FB8308A2}) 46035 09:53:20 (0) ** Provider DLL: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 46036 09:53:20 (0) ** - ROOT/MSNFS, MSNFS_PROVIDER ({97E65459-F1BF-473B-993E-1D72B054AC1A}) (i.e. WMI Class 'MSNFS_ExportFencing') 46037 09:53:20 (0) ** Provider DLL: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 46038 09:53:20 (0) ** - ROOT/MICROSOFTIISV2, IIS__PROVIDER ({D78F1796-E03B-4A81-AFE0-B3B6B0EEE091}) (i.e. WMI Class 'IIsMimeMapSetting') 46039 09:53:20 (0) ** Provider DLL: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 46040 09:53:20 (0) ** - ROOT/SNMP/LOCALHOST, MS_SNMP_REFERENT_EVENT_PROVIDER ({9D5BED16-0765-11D1-AB2C-00C04FD9159E}) 46041 09:53:20 (0) ** Provider DLL: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 46042 09:53:20 (0) ** - ROOT/SNMP/LOCALHOST, MS_SNMP_CLASS_PROVIDER ({70426720-F78F-11CF-9151-00AA00A4086C}) 46043 09:53:20 (0) ** Provider DLL: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 46044 09:53:20 (0) ** - ROOT/SNMP/LOCALHOST, MS_SNMP_ENCAPSULATED_EVENT_PROVIDER ({19C813AC-FEE7-11D0-AB22-00C04FD9159E}) 46045 09:53:20 (0) ** Provider DLL: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 46046 09:53:20 (0) ** - ROOT/WEBADMINISTRATION, WebAdministrationProvider ({84951D16-922E-4692-B4E9-90DD80426ECF}) (i.e. WMI Class 'SiteContainsConfigurationSection') 46047 09:53:20 (0) ** Provider DLL: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 46048 09:53:20 (0) ** => This is an issue because there are still some WMI classes referencing this list of providers 46049 09:53:20 (0) ** while the DCOM registration is wrong or missing. This can be due to: 46050 09:53:20 (0) ** - a de-installation of the software. 46051 09:53:20 (0) ** - a deletion of some registry key data. 46052 09:53:20 (0) ** - a registry corruption. 46053 09:53:20 (0) ** => You can correct the DCOM configuration by: 46054 09:53:20 (0) ** - Executing the 'REGSVR32.EXE ' command. 46055 09:53:20 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag. 46056 09:53:20 (0) ** (This list can be built on a similar and working WMI Windows installation) 46057 09:53:20 (0) ** The following command line must be used: 46058 09:53:20 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider' 46059 09:53:20 (2) !! WARNING: Re-registering with REGSVR32.EXE all DLL from 'C:\WINDOWS\SYSTEM32\WBEM\' 46060 09:53:20 (0) ** may not solve the problem as the DLL supporting the WMI class(es) 46061 09:53:20 (0) ** can be located in a different folder. 46062 09:53:20 (0) ** You must refer to the class name to determine the software delivering the related DLL. 46063 09:53:20 (0) ** => If the software has been de-installed intentionally, then this information must be 46064 09:53:20 (0) ** removed from the WMI repository. You can use the 'WMIC.EXE' command to remove 46065 09:53:20 (0) ** the provider registration data. 46066 09:53:20 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT\WEBADMINISTRATION path __Win32Provider Where Name='WebAdministrationProvider' DELETE' 46067 09:53:20 (0) ** => If the namespace was ENTIRELY dedicated to the intentionally de-installed software, 46068 09:53:20 (0) ** the namespace and ALL its content can be ENTIRELY deleted. 46069 09:53:20 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT path __NAMESPACE Where Name='WEBADMINISTRATION' DELETE' 46070 09:53:20 (0) ** - Re-installing the software. 46071 09:53:20 (0) ** 46072 09:53:20 (0) ** WMI provider CIM registrations: ..................................................................................... OK. 46073 09:53:20 (0) ** WMI provider CLSIDs: ................................................................................................ OK. 46074 09:53:20 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK. 46075 09:53:20 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 46076 09:53:20 (0) ** INFO: User Account Control (UAC): ................................................................................... DISABLED. 46077 09:53:20 (0) ** INFO: Local Account Filtering: ...................................................................................... ENABLED. 46078 09:53:20 (0) ** => WMI tasks remotely accessing WMI information on this computer and requiring Administrative 46079 09:53:20 (0) ** privileges MUST use a DOMAIN account part of the Local Administrators group of this computer 46080 09:53:20 (0) ** to ensure that administrative privileges are granted. If a Local User account is used for remote 46081 09:53:20 (0) ** accesses, it will be reduced to a plain user (filtered token), even if it is part of the Local Administrators group. 46082 09:53:20 (0) ** 46083 09:53:20 (0) ** Overall DCOM security status: ....................................................................................... OK. 46084 09:53:20 (0) ** Overall WMI security status: ........................................................................................ OK. 46085 09:53:20 (0) ** - Started at 'Root' -------------------------------------------------------------------------------------------------------------- 46086 09:53:20 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 1. 46087 09:53:20 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer". 46088 09:53:20 (0) ** 'select * from MSFT_SCMEventLogEvent' 46089 09:53:20 (0) ** 46090 09:53:20 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE. 46091 09:53:20 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: .................................................................... 5 NAMESPACE(S)! 46092 09:53:20 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTTPM. 46093 09:53:20 (0) ** - ROOT/CIMV2/TERMINALSERVICES. 46094 09:53:20 (0) ** - ROOT/MICROSOFTIISV2. 46095 09:53:20 (0) ** - ROOT/WEBADMINISTRATION. 46096 09:53:20 (0) ** - ROOT/SERVICEMODEL. 46097 09:53:20 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to 46098 09:53:20 (0) ** use an encrypted connection by specifying the PACKET PRIVACY authentication level. 46099 09:53:20 (0) ** (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags) 46100 09:53:20 (0) ** i.e. 'WMIC.EXE /NODE:"CPU2015" /AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class __SystemSecurity' 46101 09:53:20 (0) ** 46102 09:53:20 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK. 46103 09:53:20 (0) ** WMI CONNECTIONS: .................................................................................................... OK. 46104 09:53:20 (0) ** WMI GET operations: ................................................................................................. OK. 46105 09:53:20 (0) ** WMI MOF representations: ............................................................................................ OK. 46106 09:53:20 (0) ** WMI QUALIFIER access operations: .................................................................................... OK. 46107 09:53:20 (0) ** WMI ENUMERATION operations: ......................................................................................... OK. 46108 09:53:20 (0) ** WMI EXECQUERY operations: ........................................................................................... OK. 46109 09:53:20 (0) ** WMI GET VALUE operations: ........................................................................................... OK. 46110 09:53:20 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED. 46111 09:53:20 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED. 46112 09:53:20 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED. 46113 09:53:20 (0) ** WMI static instances retrieved: ..................................................................................... 1758. 46114 09:53:20 (0) ** WMI dynamic instances retrieved: .................................................................................... 0. 46115 09:53:20 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 1. 46116 09:53:20 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 46117 09:53:20 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s): 46118 09:53:20 (0) ** DCOM: ............................................................................................................. 0. 46119 09:53:20 (0) ** WINMGMT: .......................................................................................................... 0. 46120 09:53:20 (0) ** WMIADAPTER: ....................................................................................................... 0. 46121 09:53:20 (0) ** 46122 09:53:20 (0) ** # of additional Event Log events AFTER WMIDiag execution: 46123 09:53:20 (0) ** DCOM: ............................................................................................................. 0. 46124 09:53:20 (0) ** WINMGMT: .......................................................................................................... 0. 46125 09:53:20 (0) ** WMIADAPTER: ....................................................................................................... 0. 46126 09:53:20 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 46127 09:53:20 (0) ** WMI Registry key setup: ............................................................................................. OK. 46128 09:53:20 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 46129 09:53:20 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 46130 09:53:20 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 46131 09:53:20 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 46132 09:53:20 (0) ** 46133 09:53:20 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 46134 09:53:20 (0) ** ------------------------------------------------------ WMI REPORT: END ----------------------------------------------------------- 46135 09:53:20 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 46136 09:53:20 (0) ** 46137 09:53:20 (0) ** WARNING: WMIDiag determined that WMI works CORRECTLY. HOWEVER, some issues were detected. Check 'C:\USERS\ROBERT R. FENICHEL\APPDATA\LOCAL\TEMP\WMIDIAG-V2.2_WIN7_.CLI.SP1.64_CPU2015_2017.04.07_09.44.57.LOG' for details. 46138 09:53:20 (0) ** 46139 09:53:20 (0) ** WMIDiag v2.2 ended on Friday, April 07, 2017 at 09:53 (W:60 E:726 S:2).