[gptalk] Re: WMI and MORE errors on multiple systems
- From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Tue, 16 Oct 2007 07:03:30 -0700
If a GPO is blocked by a block inheritance flag, then any policy on the
workstation that normally gets removed when the GPO no longer applies will
be removed. Examples include Admin. Templates and some security policy. If
you already reset workstation security to default then using block
inheritance will only help if you still have some Admin. Template policies
that may be causing the issue.
-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Piet Slaghekke
Sent: Tuesday, October 16, 2007 6:58 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: WMI and MORE errors on multiple systems
Jamie,
If I do put a system in a block policy inheritance OU, would that
system not have to be a new system?
Since the inherited GPO settings will already have been inherited on any
system on my domain, or is there a way to remove all inherited gpo
settings on a system? If so can you please specify?
Thanks!
-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Nelson, Jamie R Contr 72 CS/SCBAF
Sent: Monday, October 15, 2007 5:37 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: WMI and MORE errors on multiple systems
You can always try to put a system in a block policy inheritance OU and
see if the issues go away. If they do, then link GPOs back to the OU
one-by-one until you figure out which one is causing the problem.
If you haven't already, you might also want to enable verbose GP logging
and see if that provides any leads.
Regards,
Jamie Nelson
-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Piet Slaghekke
Sent: Monday, October 15, 2007 4:09 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: WMI and MORE errors on multiple systems
Thanks Darren and Jamie,
I tried Darren's approach, but this did not solve the issue, then did
Jamie's first suggestion. No luck either. I did not getting Symantec
AV event error after this.
I have not tried rebuilding the wmi repository... Will look into this.
I am thinking thought that if all my machines are having these issues,
would changing something in my GPO's be the solution?
-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Nelson, Jamie R Contr 72 CS/SCBAF
Sent: Monday, October 15, 2007 11:16 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: WMI and MORE errors on multiple systems
Try rebuilding the local security policy database on one of the affected
workstations (see "resolution" section via link below). Then do a
gpupdate /force and see if the errors go away.
http://support.microsoft.com/kb/278316
As a last resort, you might attempt rebuilding the WMI repository,
however, do so with caution. Microsoft has a great guide for
troubleshooting WMI issues on their ScriptCenter website. Check it out.
http://www.microsoft.com/technet/scriptcenter/topics/help/wmi.mspx
Regards,
Jamie Nelson
-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Piet Slaghekke
Sent: Monday, October 15, 2007 10:03 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: WMI and MORE errors on multiple systems
Hi everyone,
I am still not able to fix this issue. Perhaps I need to import an ADM
template to reset my wmi and firewall settings. I get the errors below
consistently on all systems.
Event ID: 1090
Event ID: 1085
Event ID: 1202
Thanks,
________________________________
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Piet Slaghekke
Sent: Friday, October 12, 2007 3:04 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: WMI and MORE errors on multiple systems
Hi Darren,
I don't think so. The only thing I have changed is some of the
password requirements.
I did have a corrupt default domain policy which I fixed.
________________________________
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Friday, October 12, 2007 12:00 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: WMI and MORE errors on multiple systems
Piet-
Did you make any changes to system security on your systems that might
be causing permission issues with WMI?
Darren
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Piet Slaghekke
Sent: Friday, October 12, 2007 6:37 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] WMI and MORE errors on multiple systems
Hi Everyone,
I am having an issue with my systems firewalls and WMI.
I get the following text when I try to access my local windows firewall
settings on my NIC's on all systems
"Windows cannot display the properties of this connection. The Windows
Management Instrumentation (WMI) information might be corrupted. To
correct this, use System Restore to restore Windows to an earlier time
(called restore point). System Restore is located in the System Tolls
Folder in Accessories."
I am hoping I can fix this from my domain controller and not have to fix
each individual system.
any help will be greatly appreciated. Thanks!
Here are some errors and warnings:
Application Logs
Error 1
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1090
Date: 10/12/2007
Time: 8:49:43 AM
User: NT AUTHORITY\SYSTEM
Computer: my computer
Description: Windows couldn't log the RSoP (Resultant Set of Policies)
session status. An attempt to connect to WMI failed. No more RSoP
logging will be done for this application of policy.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp
<http://go.microsoft.com/fwlink/events.asp> .
Error 2
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1085
Date: 10/12/2007
Time: 8:48:12 AM
User: NT AUTHORITY\SYSTEM
Computer: My computer
Description: The Group Policy client-side extension Security failed to
execute. Please look for any errors reported earlier by that extension.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp
<http://go.microsoft.com/fwlink/events.asp> .
Warning 1
Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 10/12/2007
Time: 8:48:12 AM
User: N/A
Computer: My Computer
Description: Security policies were propagated with warning. 0x4b8 : An
extended error has occurred.
For best results in resolving this event, log on with a
non-administrative account and search http://support.microsoft.com
<http://support.microsoft.com> for "Troubleshooting Event 1202's".
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp
<http://go.microsoft.com/fwlink/events.asp> .
Warning 2
Event Type: Warning
Event Source: EventSystem
Event Category: (52)
Event ID: 4356
Date: 10/12/2007
Time: 8:47:38 AM
User: N/A
Computer: my computer
Description: The COM+ Event System failed to create an instance of the
subscriber
partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{6295DF2D-35EE-11D1
-8707-00C04FD93327}. CoGetObject returned HRESULT 8000401A.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp
<http://go.microsoft.com/fwlink/events.asp> .
Security Logs
Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 10/12/2007
Time: 9:12:57 AM
User: NT AUTHORITY\NETWORK SERVICE
Computer: my computer
Description:
Object Open:
Object Server: SC Manager
Object Type: SERVICE OBJECT
Object Name: winmgmt
Handle ID: -
Operation ID: {0,2815946}
Process ID: 1928
Image File Name: C:\WINDOWS\system32\services.exe
Primary User Name: my computer$
Primary Domain: my domain
Primary Logon ID: (0x0,0x3E7)
Client User Name: NETWORK SERVICE
Client Domain: NT AUTHORITY
Client Logon ID: (0x0,0x3E4)
Accesses: READ_CONTROL
Query information from service
Privileges: -
Restricted Sid Count: 0
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp
<http://go.microsoft.com/fwlink/events.asp> .
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at //www.freelists.org/archives/gptalk/
************************
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at //www.freelists.org/archives/gptalk/
************************
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at //www.freelists.org/archives/gptalk/
************************
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at //www.freelists.org/archives/gptalk/
************************
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at //www.freelists.org/archives/gptalk/
************************
Other related posts:
