Skip to main content

misc: an additional method to resolving wmi failures...

it's understated to say that issues with wmi are nebulous problems.  i've blogged about it a couple of times in the past, each with a potentially different solution.  there are even pretty in depth posts with how to correct wmi problems.  here's some links for starters:

they contain some of the more common ways of troubleshooting wmi problems.  there's going to come a time when none of it works.  you'll be tempted to rebuild the entire repository just to beat down the recalcitrant system.  before doing so, try this method that one of my coworkers used to correct a problem issued when issuing this query:

select * from win32_networkadapter

this would kick back error # 0x80041013 - "provider load failure".  (you may be more familiar with it as wbem_e_provider_load_failure) knowing that this was a problem with the win32_networkadapter class, it was tracked back to these requirements.  what was believed to be the offending .dll and .mof (cimwin32.dll and cimwin32.mof) files were copied from another working system and compiled/registered.  well... that didn't fix it.  yeah, surprise.

wmidiag.vbs was executed against the system to see what it could locate.  these are the results that came up of notable interest:

92567 15:12:33 (1) !! ERROR: WMI EXECQUERY operation errors reported: ..................................................................... 1 ERROR(S)!
92568 15:12:33 (0) ** - Root/CIMv2, Select * From Win32_NetworkAdapter WHERE AdapterType IS NOT NULL AND AdapterType != "Wide Area Network (WAN)" AND Description != "Packet Scheduler Miniport", 0x80041013 - (WBEM_E_PROVIDER_LOAD_FAILURE) COM cannot locate a provider referenced in the schema.
92159 15:12:33 (0) ** 1 error(s) 0x80041013 - (WBEM_E_PROVIDER_LOAD_FAILURE) COM cannot locate a provider referenced in the schema
92160 15:12:33 (0) ** => This error is typically due to the following major reasons:
92161 15:12:33 (0) **    - The application queried by the WMI provider is not installed, not available or not running
92162 15:12:33 (0) **      at the time of the request was made. This error can also be generated because 
92163 15:12:33 (0) **      the application supporting the providers has been uninstalled.
92164 15:12:33 (0) **    - Some WMI providers (i.e. RSOP Planning Mode, Exchange 2003) are implemented as a WMI service.
92165 15:12:33 (0) **      Make sure the required services are successfully started.
92166 15:12:33 (0) **    - The WMI provider binary files are not accessible (i.e. access denied ACL).
92167 15:12:33 (0) **    - A WMI provider registration problem at the CIM level (MOFCOMP.EXE) or at the COM level (REGSVR32.EXE).
92168 15:12:33 (0) **      You must re-register the WMI provider by recompiling its associated MOF file with MOFCOMP.EXE
92169 15:12:33 (0) **    Note: - If the WMI provider DLL CIM and COM registrations are correct, this error can
92170 15:12:33 (0) **            be returned because the provider has a dependency on another DLL that cannot be
92171 15:12:33 (0) **            loaded (missing or bad DLL)
92172 15:12:33 (0) **          - Dependencies can be found with the DEPENDS.EXE tool coming with the
92173 15:12:33 (0) **            Windows XP and Windows 2003 Support Tools. The command line is as follows:
92174 15:12:33 (0) **            i.e. DEPENDS.EXE <PATH><Provider.DLL>
92175 15:12:33 (0) ** => When a WMI provider fails to load, it is possible to trace the provider load process by
92176 15:12:33 (0) **    submitting, via WBEMTEST and asynchronously, the following WMI event query:
92177 15:12:33 (0) **    'Select * From MSFT_WmiSelfEvent'
92178 15:12:33 (0) **    Then you can trace the following WMI events:
92179 15:12:33 (0) **    - Msft_WmiProvider_ComServerLoadOperationEvent
92180 15:12:33 (0) **    - Msft_WmiProvider_InitializationOperationEvent
92181 15:12:33 (0) **    - Msft_WmiProvider_LoadOperationEvent
92182 15:12:33 (0) **    and depending on the WMI operation executed, you can trace the following WMI events:
92183 15:12:33 (0) **    i.e. for an enumeration:
92184 15:12:33 (0) **    - Msft_WmiProvider_CreateInstanceEnumAsyncEvent_Pre and Msft_WmiProvider_CreateInstanceEnumAsyncEvent_Post
92185 15:12:33 (0) **    i.e. for a put operation:
92186 15:12:33 (0) **    - Msft_WmiProvider_PutInstanceAsyncEvent_Pre and Msft_WmiProvider_PutInstanceAsyncEvent_Post

when i looked at the logs originally, i glossed over it and tried to execute the query in the wrong context.  my coworker had a bit more diligence about it and did it right.

the real stuff to look at is where i bolded and underlined the results.  to use this, execute the "select * from msft_wmiselfevent" in the namespace where the problem exists.  it must be executed as an asynchronous notification query.  (The namespace for win32_networkadapter is root\cimv2, for example.)


wbemtest: these are the data elements to choose for asynchronous notification queries

once you execute the query, leave the window open and perform the following:

  1. switch the method invocation options to "semisynchronous".
  2. use the "query" button and execute the problem query statement.
  3. switch back to the window running the msft_wmiselfevent query.

hopefully you'll see where the problem occurs.  in our case, the problem traced back to "brcmgroup provider" which turns out is a broadcom cim provider.  once this was removed, the problem went away.  good job, chris.  here's a link to his post about this topic.


  1. Many thanks!

    Had the same problem on a Dell notebook
    and solved it in this way!
    (Had been searching for a resolution a long time)


  2. Thanks a lot for this. I wrote a app that kept giving this error. Ended up being a Broadcom management program that was installed. My app now looks for that program at startup and uninstalls it...

  3. Thanks a lot for this. I wrote a app that kept giving this error. Ended up being a Broadcom management program that was installed. My app now looks for that program at startup and uninstalls it...


Post a Comment

Popular posts from this blog

how to retrieve your ip address with powershell...

update: this is how it’s performed in powershell v3 as demonstrated here.(get-netadapter | get-netipaddress | ? addressfamily -eq'IPv4').ipaddress update: this is by far the easiest.PS C:\temp> (gwmi Win32_NetworkAdapterConfiguration | ? { $_.IPAddress -ne $null }).ipaddress
are you laughing yet?  i know you probably find this topic amusing.  it's really interesting though.  whenever you get over it, i'll do this in the standard cmd.exe interpreter and then in powershell to show you what kind of coolness powershell does.done?  okay, good.  this is an interpretation of a demo that bob wells did at our smug meeting.  hope you like it.i should tell you, it's not as simple as the title would lead you to believe.  i like doing that little slight-of-hand thing since it gives the impression that i'm painting a very easy target on my back for your criticism (though it's probably true in other ways)!  the idea is that we want to retrieve just the ip ad…

understanding the “ad op master is inconsistent” alert

i use the term “understanding” loosely.  this is by far no definitive guide on this particular alert, just a few things i have picked up in my attempt to understand it.let’s look at the context of the alert:The Domain Controller's Op Master is inconsitent. See additional alerts for details.
first of all, it gives very little information.  the only particularly useful detail is that it indicates which server is having the issue.  other than that, just a spelling error as there are no additional critical alerts to look at for details.this rule, as you know, comes from a sealed mp.  therefore, we can’t modify anything in it except the overrides.  the couple i’ve tinkered with are:interval (sec) log success event to begin with, interval (sec) is just set way too high.  the default is 60 seconds.  why on earth would anyone want to know that your op master consistency may be off, every minute?  actually, i could think of a few reasons, but really, it’s overkill.  the way the script works…

sccm: content hash fails to match

back in 2008, I wrote up a little thing about how distribution manager fails to send a package to a distribution point. even though a lot of what I wrote that for was the failure of packages to get delivered to child sites, the result was pretty much the same. when the client tries to run the advertisement with an old package, the result was a failure because of content mismatch.I went through an ordeal recently capturing these exact kinds of failures and corrected quite a number of problems with these packages. the resulting blog post is my effort to capture how these problems were resolved. if nothing else, it's a basic checklist of things you can use.DETECTIONstatus messagestake a look at your status messages. this has to be the easiest way to determine where these problems exist. unfortunately, it requires that a client is already experiencing problems. there are client logs you can examine as well such as cas, but I wasn't even sure I was going to have enough material to …