kind of cool. thought i'd post just to have one out there for leap year.
Feb 22, 2008
Feb 21, 2008
it's understated to say that issues with wmi are nebulous problems. i've blogged about it a couple of times in the past, each with a potentially different solution. there are even pretty in depth posts with how to correct wmi problems. here's some links for starters:
they contain some of the more common ways of troubleshooting wmi problems. there's going to come a time when none of it works. you'll be tempted to rebuild the entire repository just to beat down the recalcitrant system. before doing so, try this method that one of my coworkers used to correct a problem issued when issuing this query:
select * from win32_networkadapter
this would kick back error # 0x80041013 - "provider load failure". (you may be more familiar with it as wbem_e_provider_load_failure) knowing that this was a problem with the win32_networkadapter class, it was tracked back to these requirements. what was believed to be the offending .dll and .mof (cimwin32.dll and cimwin32.mof) files were copied from another working system and compiled/registered. well... that didn't fix it. yeah, surprise.
wmidiag.vbs was executed against the system to see what it could locate. these are the results that came up of notable interest:
92567 15:12:33 (1) !! ERROR: WMI EXECQUERY operation errors reported: ..................................................................... 1 ERROR(S)! 92568 15:12:33 (0) ** - Root/CIMv2, Select * From Win32_NetworkAdapter WHERE AdapterType IS NOT NULL AND AdapterType != "Wide Area Network (WAN)" AND Description != "Packet Scheduler Miniport", 0x80041013 - (WBEM_E_PROVIDER_LOAD_FAILURE) COM cannot locate a provider referenced in the schema.
when i looked at the logs originally, i glossed over it and tried to execute the query in the wrong context. my coworker had a bit more diligence about it and did it right.
the real stuff to look at is where i bolded and underlined the results. to use this, execute the "select * from msft_wmiselfevent" in the namespace where the problem exists. it must be executed as an asynchronous notification query. (The namespace for win32_networkadapter is root\cimv2, for example.)
once you execute the query, leave the window open and perform the following:
switch the method invocation options to "semisynchronous".
use the "query" button and execute the problem query statement.
switch back to the window running the msft_wmiselfevent query.
hopefully you'll see where the problem occurs. in our case, the problem traced back to "brcmgroup provider" which turns out is a broadcom cim provider. once this was removed, the problem went away. good job, chris. here's a link to his post about this topic.
Feb 8, 2008
this time, i'm going to show you how to retrieve the group membership of a user. so to begin with, in cmd shell with dsquery:
dsquery user -samid username | dsget user -memberof
and in powershell:
(Get-QADUser -samaccountname username).memberof
look at that, the powershell command-line is in fact, just a tiny bit shorter. if you run them both, though, dsquery does outperform powershell by a large margin in this demonstration. still, you have to learn this stuff sooner or later. :)
now, if you run it as two separate commands, powershell performs just as fast as dsquery (to the human eye at least). like this:
$user = get-qaduser -samaccountname username $user.memberof
Feb 6, 2008
after an upgrade of our mom servers and agents, we noticed that any of our performance threshold rules were bringing back empty values in the "description:" field. as you'll notice from the snippet below, the information does exist. for example, source contains "smtp server" and "remote queue length", both of which should be filled in for the description.
Description: : : value = Name: SMTP: Remote Queue > 250 Severity: Error Source: SMTP Server: Remote Queue Length: _Total
if you're running into this problem, it most likely stems from a deployment of hotfix kb934441. kb934441 upgrades the momengine.dll component to 5.0.2911.41 which is the source of the issue. there's an unpublished hotfix for this known issue that corrects this problem. you'll know you're running it if your version number is at 5.0.2911.42. you'll need to call microsoft if you're experiencing this problem. here's the .msi name to reference: MOM2005-SP1-KB942736-X86-IA64-ENU.msi.
Feb 1, 2008
i don't think it's too much of a stretch or really a broad assumption that any given collection at probably any given site has some amount of stale information. machines go offline, people go on vacation, machines "mysteriously" drop off the domain...
this tends to come up often so i thought i'd put it out there. it's all over the place though. do a search for "sms datediff", "sms getdate", or "sms dateadd". my guess is the first one will be the most beneficial since it's the one most people use. if you find that you have too many old machines showing up in your collections, try something like this:
select SMS_R_System.ResourceID from SMS_R_System inner join SMS_G_System_WORKSTATION_STATUS on SMS_G_System_WORKSTATION_STATUS.ResourceID = SMS_R_System.ResourceId where DATEDIFF(dd,SMS_G_System_WORKSTATION_STATUS.LastHardwareScan,GetDate()) < 14
datediff looks for these parts: what to measure, the starting date, the ending date. in our evaluation, we're measuring by the day, looking at the lasthardwarescan value and using the current date to check against. we take that value and check to see if it's less than 14. if it is, cool. show it. if not, drop it.
you can do this in sql, too. no doubt you want to make your reports not show old crap. here's an example of what a sql statement would look like:
select distinct sys.ad_site_name0 as [Site], cs.name0 as [CI Name], cs.manufacturer0 as [Manufacturer], cs.model0 as [Model], se.serialnumber0 as [Serial #] from v_GS_COMPUTER_SYSTEM cs inner join v_GS_SYSTEM_ENCLOSURE se on cs.resourceid=se.resourceid inner join v_R_SYSTEM sys on cs.resourceid=sys.resourceid inner join v_GS_WORKSTATION_STATUS ws on cs.resourceid=ws.resourceid where DATEDIFF(day, ws.lasthwscan, getdate()) < 14