juckie
Aug 13, 2009, updated at 06:40:02 (UTC)
view6720
view2
0
Goto Top

Microsoft IT Environment Health Scanner - Problem mit WMI Provider

GermanQuestionWindows ServerMicrosoft

Hallo,

ich habe mir von Microsoft das Tool "IT Environment Health Scanner" heruntergeladen und wollte es in einem Netzwerk mit 2 Domänencontrollern (Windows Server 2003 R2 Service Pack 2) mit konfiguriertem DNS testen.

Allerdings erhalte ich folgende Fehlermeldung:

A connection canot be made to the WMI provider with a scope of \\servername\Root\MicrosoftDNS and a path of MicrosoftDNS_Server. For more information about troubleshooting problems with WMI, see WMI Troubleshooting at the Microsoft Website.

Allerdings bringt mich der Link zu der Seite von Microsoft nicht wirklich weiter.

Ich habe mir das Tool WMIDiag von Micorosoft heruntergeladen, welches die WMI Einstellungen überprüft. Das Tool habe ich laufen lassen und in dem Log stehen einige Errors drin:


30296 16:48:05 (0) ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
30297 16:48:05 (0) ----------------------------------------------------------------------------------------------------------------------------------
30298 16:48:05 (0)
30299 16:48:05 (0) ----------------------------------------------------------------------------------------------------------------------------------
30301 16:48:05 (0) ----------------------------------------------------------------------------------------------------------------------------------
30302 16:48:05 (0) Environment: ........................................................................................................ OK..
30303 16:48:05 (0) System drive: ....................................................................................................... C: (Datenträger Nr. 0 Partition Nr. 0).
30304 16:48:05 (0) Drive type: ......................................................................................................... SCSI ().
30305 16:48:05 (0) INFO: The following UNEXPECTED binary files are/is found in the WBEM folder: ........................................ 1 FILE(S)!
30306 16:48:05 (0) - WBEMADS.DLL, 28725 bytes, 10.12.1999 14:00:00
30307 16:48:05 (0) => This list is provided for information. Unexpected binary file(s) in 'C:\WINNT\SYSTEM32\WBEM\'
30308 16:48:05 (0) do not necessarily represent an error. For instance, the file(s) listed can be added by
30309 16:48:05 (0) any applications implementing WMI providers.
30310 16:48:05 (0) => NO ACTION is required.
30311 16:48:05 (0)
30312 16:48:05 (0) There are no missing WMI system files: .............................................................................. OK.
30313 16:48:05 (0) There are no missing WMI repository files: .......................................................................... OK.
30314 16:48:05 (0) WMI repository state: ............................................................................................... N/A.
30315 16:48:05 (0) BEFORE running WMIDiag:
30316 16:48:05 (0) The WMI repository has a size of: ................................................................................... 31 MB.
30317 16:48:05 (0) - Disk free space on 'C:': .......................................................................................... 6911 MB.
30318 16:48:05 (0) - INDEX.BTR, 2629632 bytes, 12.08.2009 16:04:51
30319 16:48:05 (0) - MAPPING.VER, 4 bytes, 12.08.2009 16:04:51
30320 16:48:05 (0) - MAPPING1.MAP, 15760 bytes, 12.08.2009 16:04:51
30321 16:48:05 (0) - MAPPING2.MAP, 15760 bytes, 12.08.2009 16:04:43
30322 16:48:05 (0) - OBJECTS.DATA, 29351936 bytes, 12.08.2009 16:04:51
30323 16:48:05 (0) AFTER running WMIDiag:
30324 16:48:05 (0) The WMI repository has a size of: ................................................................................... 31 MB.
30325 16:48:05 (0) - Disk free space on 'C:': .......................................................................................... 6882 MB.
30326 16:48:05 (0) - INDEX.BTR, 2629632 bytes, 12.08.2009 16:04:51
30327 16:48:05 (0) - MAPPING.VER, 4 bytes, 12.08.2009 16:04:51
30328 16:48:05 (0) - MAPPING1.MAP, 15760 bytes, 12.08.2009 16:04:51
30329 16:48:05 (0) - MAPPING2.MAP, 15760 bytes, 12.08.2009 16:04:43
30330 16:48:05 (0) - OBJECTS.DATA, 29351936 bytes, 12.08.2009 16:04:51
30331 16:48:05 (0) ----------------------------------------------------------------------------------------------------------------------------------
30332 16:48:05 (0) Windows Firewall: ................................................................................................... NOT INSTALLED.
30333 16:48:05 (0) ----------------------------------------------------------------------------------------------------------------------------------
30334 16:48:05 (0) DCOM Status: ........................................................................................................ OK.
30335 16:48:05 (0) WMI registry setup: ................................................................................................. OK.
30336 16:48:05 (0) INFO: WMI service has dependents: ................................................................................... 1 SERVICE(S)!
30337 16:48:05 (0) - Exchange Management Service (MSEXCHANGEMGMT, StartMode='Automatic')
30338 16:48:05 (0) => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
30339 16:48:05 (0) Note: If the service is marked with (*), it means that the service/application uses WMI but
30340 16:48:05 (0) there is no hard dependency on WMI. However, if the WMI service is stopped,
30341 16:48:05 (0) this can prevent the service/application to work as expected.
30342 16:48:05 (0)
30343 16:48:05 (0) RPCSS service: ...................................................................................................... OK (Already started).
30344 16:48:05 (0) WINMGMT service: .................................................................................................... OK (Already started).
30345 16:48:05 (0) ----------------------------------------------------------------------------------------------------------------------------------
30346 16:48:05 (0) WMI service DCOM setup: ............................................................................................. OK.
30347 16:48:05 (0) WMI components DCOM registrations: .................................................................................. OK.
30348 16:48:05 (0) WMI ProgID registrations: ........................................................................................... OK.
30349 16:48:05 (0) WMI provider DCOM registrations: .................................................................................... OK.
30350 16:48:05 (0) WMI provider CIM registrations: ..................................................................................... OK.
30351 16:48:05 (0) WMI provider CLSIDs: ................................................................................................ OK.
30352 16:48:05 (0) WMI providers EXE/DLL availability: ................................................................................. OK.
30353 16:48:05 (0) ----------------------------------------------------------------------------------------------------------------------------------
30354 16:48:05 (0) DCOM security for 'My Computer' (Access Permissions/Edit Default): .................................................. MODIFIED.
30355 16:48:05 (1) !! ERROR: Default trustee 'NT AUTHORITY\SELF' has been REMOVED!
30356 16:48:05 (0) - REMOVED ACE:
30357 16:48:05 (0) ACEType: &h0
30358 16:48:05 (0) ACCESS_ALLOWED_ACE_TYPE
30359 16:48:05 (0) ACEFlags: &h0
30360 16:48:05 (0) ACEMask: &h1
30361 16:48:05 (0) DCOM_RIGHT_EXECUTE
30362 16:48:05 (0)
30363 16:48:05 (0) => The REMOVED ACE was part of the DEFAULT setup for the trustee.
30364 16:48:05 (0) Removing default security will cause some operations to fail!
30365 16:48:05 (0) It is possible to fix this issue by editing the security descriptor and adding the ACE.
30366 16:48:05 (0) For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
30367 16:48:05 (0)
30368 16:48:05 (0) DCOM security for 'My Computer' (Access Permissions/Edit Default): .................................................. MODIFIED.
30369 16:48:05 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED!
30370 16:48:05 (0) - REMOVED ACE:
30371 16:48:05 (0) ACEType: &h0
30372 16:48:05 (0) ACCESS_ALLOWED_ACE_TYPE
30373 16:48:05 (0) ACEFlags: &h0
30374 16:48:05 (0) ACEMask: &h1
30375 16:48:05 (0) DCOM_RIGHT_EXECUTE
30376 16:48:05 (0)
30377 16:48:05 (0) => The REMOVED ACE was part of the DEFAULT setup for the trustee.
30378 16:48:05 (0) Removing default security will cause some operations to fail!
30379 16:48:05 (0) It is possible to fix this issue by editing the security descriptor and adding the ACE.
30380 16:48:05 (0) For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
30381 16:48:05 (0)
30382 16:48:05 (0) DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED.
30383 16:48:05 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
30384 16:48:05 (0) - REMOVED ACE:
30385 16:48:05 (0) ACEType: &h0
30386 16:48:05 (0) ACCESS_ALLOWED_ACE_TYPE
30387 16:48:05 (0) ACEFlags: &h0
30388 16:48:05 (0) ACEMask: &h1
30389 16:48:05 (0) DCOM_RIGHT_EXECUTE
30390 16:48:05 (0)
30391 16:48:05 (0) => The REMOVED ACE was part of the DEFAULT setup for the trustee.
30392 16:48:05 (0) Removing default security will cause some operations to fail!
30393 16:48:05 (0) It is possible to fix this issue by editing the security descriptor and adding the ACE.
30394 16:48:05 (0) For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
30395 16:48:05 (0)
30396 16:48:05 (0) DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED.
30397 16:48:05 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED!
30398 16:48:05 (0) - REMOVED ACE:
30399 16:48:05 (0) ACEType: &h0
30400 16:48:05 (0) ACCESS_ALLOWED_ACE_TYPE
30401 16:48:05 (0) ACEFlags: &h0
30402 16:48:05 (0) ACEMask: &h1
30403 16:48:05 (0) DCOM_RIGHT_EXECUTE
30404 16:48:05 (0)
30405 16:48:05 (0) => The REMOVED ACE was part of the DEFAULT setup for the trustee.
30406 16:48:05 (0) Removing default security will cause some operations to fail!
30407 16:48:05 (0) It is possible to fix this issue by editing the security descriptor and adding the ACE.
30408 16:48:05 (0) For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
30409 16:48:05 (0)
30410 16:48:05 (0) DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED.
30411 16:48:05 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED!
30412 16:48:05 (0) - REMOVED ACE:
30413 16:48:05 (0) ACEType: &h0
30414 16:48:05 (0) ACCESS_ALLOWED_ACE_TYPE
30415 16:48:05 (0) ACEFlags: &h0
30416 16:48:05 (0) ACEMask: &h1
30417 16:48:05 (0) DCOM_RIGHT_EXECUTE
30418 16:48:05 (0)
30419 16:48:05 (0) => The REMOVED ACE was part of the DEFAULT setup for the trustee.
30420 16:48:05 (0) Removing default security will cause some operations to fail!
30421 16:48:05 (0) It is possible to fix this issue by editing the security descriptor and adding the ACE.
30422 16:48:05 (0) For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
30423 16:48:05 (0)
30424 16:48:05 (0) DCOM security for 'Windows Management Instrumentation' (Launch & Activation Permissions): ........................... MODIFIED.
30425 16:48:05 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED!
30426 16:48:05 (0) - REMOVED ACE:
30427 16:48:05 (0) ACEType: &h0
30428 16:48:05 (0) ACCESS_ALLOWED_ACE_TYPE
30429 16:48:05 (0) ACEFlags: &h0
30430 16:48:05 (0) ACEMask: &h1
30431 16:48:05 (0) DCOM_RIGHT_EXECUTE
30432 16:48:05 (0)
30433 16:48:05 (0) => The REMOVED ACE was part of the DEFAULT setup for the trustee.
30434 16:48:05 (0) Removing default security will cause some operations to fail!
30435 16:48:05 (0) It is possible to fix this issue by editing the security descriptor and adding the ACE.
30436 16:48:05 (0) For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
30437 16:48:05 (0)
30438 16:48:05 (0) DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
30439 16:48:05 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
30440 16:48:05 (0) - REMOVED ACE:
30441 16:48:05 (0) ACEType: &h0
30442 16:48:05 (0) ACCESS_ALLOWED_ACE_TYPE
30443 16:48:05 (0) ACEFlags: &h0
30444 16:48:05 (0) ACEMask: &h1
30445 16:48:05 (0) DCOM_RIGHT_EXECUTE
30446 16:48:05 (0)
30447 16:48:05 (0) => The REMOVED ACE was part of the DEFAULT setup for the trustee.
30448 16:48:05 (0) Removing default security will cause some operations to fail!
30449 16:48:05 (0) It is possible to fix this issue by editing the security descriptor and adding the ACE.
30450 16:48:05 (0) For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
30451 16:48:05 (0)
30452 16:48:05 (0) DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
30453 16:48:05 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED!
30454 16:48:05 (0) - REMOVED ACE:
30455 16:48:05 (0) ACEType: &h0
30456 16:48:05 (0) ACCESS_ALLOWED_ACE_TYPE
30457 16:48:05 (0) ACEFlags: &h0
30458 16:48:05 (0) ACEMask: &h1
30459 16:48:05 (0) DCOM_RIGHT_EXECUTE
30460 16:48:05 (0)
30461 16:48:05 (0) => The REMOVED ACE was part of the DEFAULT setup for the trustee.
30462 16:48:05 (0) Removing default security will cause some operations to fail!
30463 16:48:05 (0) It is possible to fix this issue by editing the security descriptor and adding the ACE.
30464 16:48:05 (0) For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
30465 16:48:05 (0)
30466 16:48:05 (0) DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.

...

32523 16:48:05 (0)
32524 16:48:05 (0)
32525 16:48:05 (0) DCOM security warning(s) detected: .................................................................................. 0.
32526 16:48:05 (0) DCOM security error(s) detected: .................................................................................... 11.
32527 16:48:05 (0) WMI security warning(s) detected: ................................................................................... 0.
32528 16:48:05 (0) WMI security error(s) detected: ..................................................................................... 103.
32529 16:48:05 (0)
32530 16:48:05 (1) !! ERROR: Overall DCOM security status: ................................................................................ ERROR!
32531 16:48:05 (1) !! ERROR: Overall WMI security status: ................................................................................. ERROR!
32532 16:48:05 (0) - Started at 'Root' --------------------------------------------------------------------------------------------------------------
32533 16:48:05 (0) INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 54.
32534 16:48:05 (0) - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA44".
32535 16:48:05 (0) 'select * from MSMCAEvent_InvalidError where (type = 2147811432) and (LogToEventlog <> 0)'
32536 16:48:05 (0) - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA23".
32537 16:48:05 (0) 'select * from MSMCAEvent_PCIBusError where (type = 3221553235) and (LogToEventlog <> 0)'
32538 16:48:05 (0) - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA32".
32539 16:48:05 (0) 'select * from MSMCAEvent_PCIBusError where (type = 2147811420) and (LogToEventlog <> 0)'
32540 16:48:05 (0) - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA14".
32541 16:48:05 (0) 'select * from MSMCAEvent_MemoryError where (type = 2147811402) and (LogToEventlog <> 0)'
32542 16:48:05 (0) - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA37".
32543 16:48:05 (0) 'select * from MSMCAEvent_PCIBusError where (type = 3221553249) and (LogToEventlog <> 0)'
32544 16:48:05 (0) - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer".
32545 16:48:05 (0) 'select * from MSFT_SCMEventLogEvent'
32546 16:48:05 (0) - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA5".

...

32639 16:48:05 (0) 'select * from MSMCAEvent_CPUError where (type = 3221553266) and (LogToEventlog <> 0)'
32640 16:48:05 (0) - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="MCA24".
32641 16:48:05 (0) 'select * from MSMCAEvent_PCIBusError where (type = 2147811412) and (LogToEventlog <> 0)'
32642 16:48:05 (0)
32643 16:48:05 (0) WMI TIMER instruction(s): ........................................................................................... NONE.
32644 16:48:05 (0) INFO: WMI ADAP status: .............................................................................................. 1.
32645 16:48:05 (0) => The WMI ADAP process is currently running (1).
32646 16:48:05 (0) Some WMI performance classes could be missing at the time WMIDiag was executed.
32647 16:48:05 (0) INFO: WMI namespace(s) requiring PACKET PRIVACY: .................................................................... 1 NAMESPACE(S)!
32648 16:48:05 (0) - ROOT/MICROSOFTIISV2.
32649 16:48:05 (0) => When remotely connecting, the namespace(s) listed require(s) the WMI client to
32650 16:48:05 (0) use an encrypted connection by specifying the PACKET PRIVACY authentication level.
32651 16:48:05 (0) (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags)
32652 16:48:05 (0) i.e. 'WMIC.EXE /NODE:"XXX" /AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\MICROSOFTIISV2 Class __SystemSecurity'
32653 16:48:05 (0)
32654 16:48:05 (0) WMI MONIKER CONNECTIONS: ............................................................................................ OK.
32655 16:48:05 (0) WMI CONNECTIONS: .................................................................................................... OK.
32656 16:48:05 (0) WMI GET operations: ................................................................................................. OK.
32657 16:48:05 (0) WMI MOF representations: ............................................................................................ OK.
32658 16:48:05 (0) WMI QUALIFIER access operations: .................................................................................... OK.
32659 16:48:05 (0) WMI ENUMERATION operations: ......................................................................................... OK.
32660 16:48:05 (0) WMI EXECQUERY operations: ........................................................................................... OK.
32661 16:48:05 (0) WMI GET VALUE operations: ........................................................................................... OK.
32662 16:48:05 (0) WMI WRITE operations: ............................................................................................... NOT TESTED.
32663 16:48:05 (0) WMI PUT operations: ................................................................................................. NOT TESTED.
32664 16:48:05 (0) WMI DELETE operations: .............................................................................................. NOT TESTED.
32665 16:48:05 (0) WMI static instances retrieved: ..................................................................................... 1692.
32666 16:48:05 (0) WMI dynamic instances retrieved: .................................................................................... 0.
32667 16:48:05 (0) WMI instance request cancellations (to limit performance impact): ................................................... 1.
32668 16:48:05 (0) ----------------------------------------------------------------------------------------------------------------------------------
32669 16:48:05 (0) # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
32670 16:48:05 (0) DCOM: ............................................................................................................. 165.
32671 16:48:05 (0) WINMGMT: .......................................................................................................... 323.
32672 16:48:05 (0) WMIADAPTER: ....................................................................................................... 0.
32673 16:48:05 (0) => Verify the WMIDiag LOG at line #27295 for more details.
32674 16:48:05 (0)
32675 16:48:05 (0) # of additional Event Log events AFTER WMIDiag execution:
32676 16:48:05 (0) DCOM: ............................................................................................................. 0.
32677 16:48:05 (0) WINMGMT: .......................................................................................................... 0.
32678 16:48:05 (0) WMIADAPTER: ....................................................................................................... 0.
32679 16:48:05 (0) ----------------------------------------------------------------------------------------------------------------------------------
32680 16:48:05 (0) WMI Registry key setup: ............................................................................................. OK.
32681 16:48:05 (0) ----------------------------------------------------------------------------------------------------------------------------------
32682 16:48:05 (0) ----------------------------------------------------------------------------------------------------------------------------------
32683 16:48:05 (0) ----------------------------------------------------------------------------------------------------------------------------------
32684 16:48:05 (0) ----------------------------------------------------------------------------------------------------------------------------------
32685 16:48:05 (0)
32686 16:48:05 (0) ----------------------------------------------------------------------------------------------------------------------------------
32687 16:48:05 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------

Ich vermute, daß hier wohl ein Rechteproblem vorliegt. Doch allerdings habe ich die Zugriffsrechte auf die betreffenden Objekte mittels dcomcnfg.exe und wmimgmt.msc gemäß dem Log bereits gelockert, doch die Errors in dem Log von WMIDiag.exe und die Fehlermeldung von dem IT Environment Health Scanner Tool bestehen nach wie vor.

Im Ereignisprotokoll von Windows wird über diesen Fehler nichts geloggt.

Kennt jemand dieses Problem und hat mir entsprechende Tipps, wie ich das lösen kann? Bin für jeden Tipp dankbar.
comment-contentCommentShareShare
Share on Facebook Share on Twitter Share on Reddit Share on Linkedin

Content-Key: 122639

Url: https://administrator.de/contentid/122639

Printed on: April 20, 2024 at 02:04 o'clock

2 Comments
Latest comment
Goto Top
Mitglied: 97872
97872 Jun 21, 2013 at 11:49:16 (UTC)
Goto Top
Hi,

es wird für den Kollegen über mir wohl nicht mehr interessant sein, aber für jemand anderen vielleicht der das WMIDiag nutzt und dieselben Fehler bekommt (wie ich auch gerade).

Da die beanstandeten Berechtigungen entgegen der Behauptung des Scripts NICHT fehlten, habe ich mich auf Fehlersuche begeben und herausgefunden, dass das Script leider nur auf einem englisch sprachigen Betriebssystem einwandfrei funktioniert. Auf einem Deutschen heißen die "Administrators" ja "Administratoren" usw. weswegen das Script sie als fehlend vermutet.

-greets
Member: Juckie
Juckie Jul 10, 2013 at 12:19:05 (UTC)
Goto Top
Hi Bonk3rs,

danke für die Info.

Gruß

Juckie
GermanQuestionWindows ServerMicrosoft
Hotly discussed
gleixnerdCheck of ZFW Firewallgleixnerd - 3 CommentsAlexWishaHow to set up and configure a Linux GRE tunnelAlexWisha - 3 CommentsjstrickerWIREGUARD VPN ON UDM PRO BEHIND FRITZBOX - HANDSHAKE DID NOT COMPLETEjstricker - 3 CommentsDaniEnd of Support dates for Office 2016, 2019 Apps und Productivity ServersDani - 1 Comment