This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- General Discussions
- Re: Scanning Errors
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-08-2010 05:51 PM
Hello, we have just got into this product yesterday, currently trying out the trial premium version at a K-12 School District.
Currently we have it running active scanning, one large problem being it found 164 PC's, 28 Servers, but 409 have errors.
Every error for every computer is the same:
The IP is correct and matches the DNS, we have gone through the "troubleshooting guide"..
http://www.lansweeper.com/kb/The-RPC-server-is-unavailable.aspx
Doing the firewall fix:
seems to remove the first error of "Cannot connect to DCOM port 135 : Firewalled?" which is fine because we can use GP to change the firewall settings to fix that error.
So next we move onto the second error using this guide..
http://www.lansweeper.com/kb/WMI-Access-is-denied.aspx
All services are running correctly, the dcomcnfg is correct for it.
Moving onto the Diagnostic testing.. here's the report:
After that the second error still remains so we went ahead with the VBS script to repair the WMI. This seemed to have fixed whatever the problem was and made the single computer scan-able.
The problem being, we do not want to have to go through this entire process on 400+ PC's.. Is there an easier way to deploy the WMI repair to fix the problem or something remotely?
Thanks.
Currently we have it running active scanning, one large problem being it found 164 PC's, 28 Servers, but 409 have errors.
Every error for every computer is the same:
Cannot connect to DCOM port 135 : Firewalled? 6/8/2010 9:20:22 AM
The RPC server is unavailable 0x800706BA 6/8/2010 9:20:22 AM
The IP is correct and matches the DNS, we have gone through the "troubleshooting guide"..
http://www.lansweeper.com/kb/The-RPC-server-is-unavailable.aspx
Doing the firewall fix:
call netsh firewall set service RemoteAdmin enable
call netsh firewall add portopening protocol=tcp port=135 name=DCOM_TCP135
call netsh firewall add allowedprogram program=%windir%\system32\wbem\unsecapp.exe name=WMI
call netsh firewall add allowedprogram program=%windir%\system32\dllhost.exe name=Dllhost
seems to remove the first error of "Cannot connect to DCOM port 135 : Firewalled?" which is fine because we can use GP to change the firewall settings to fix that error.
So next we move onto the second error using this guide..
http://www.lansweeper.com/kb/WMI-Access-is-denied.aspx
All services are running correctly, the dcomcnfg is correct for it.
Moving onto the Diagnostic testing.. here's the report:
10372 09:41:41 (0) ** WMIDiag v2.0 started on Tuesday, June 08, 2010 at 09:23.
10373 09:41:41 (0) **
10374 09:41:41 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - January 2007.
10375 09:41:41 (0) **
10376 09:41:41 (0) ** This script is not supported under any Microsoft standard support program or service.
10377 09:41:41 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
10378 09:41:41 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
10379 09:41:41 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
10380 09:41:41 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
10381 09:41:41 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
10382 09:41:41 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
10383 09:41:41 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
10384 09:41:41 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
10385 09:41:41 (0) ** of the possibility of such damages.
10386 09:41:41 (0) **
10387 09:41:41 (0) **
10388 09:41:41 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
10389 09:41:41 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
10390 09:41:41 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
10391 09:41:41 (0) **
10392 09:41:41 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
10393 09:41:41 (0) ** Windows XP - No service pack - 32-bit (2600) - User 'BMR\BMRTEK' on computer 'MESLAB15'.
10394 09:41:41 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
10395 09:41:41 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)!
10396 09:41:41 (0) ** INFO: => 7 incorrect shutdown(s) detected on:
10397 09:41:41 (0) ** - Shutdown on 04 April 2010 07:41:45 (GMT+4).
10398 09:41:41 (0) ** - Shutdown on 08 May 2010 08:32:29 (GMT+4).
10399 09:41:41 (0) ** - Shutdown on 11 May 2010 12:37:44 (GMT+4).
10400 09:41:41 (0) ** - Shutdown on 29 May 2010 23:53:49 (GMT+4).
10401 09:41:41 (0) ** - Shutdown on 01 June 2010 13:49:31 (GMT+4).
10402 09:41:41 (0) ** - Shutdown on 06 June 2010 05:32:54 (GMT+4).
10403 09:41:41 (0) ** - Shutdown on 08 June 2010 08:59:28 (GMT+4).
10404 09:41:41 (0) **
10405 09:41:41 (0) ** System drive: ....................................................................................................... C: (Disk #0 Partition #0).
10406 09:41:41 (0) ** Drive type: ......................................................................................................... IDE (WDC WD800JD-00LSA0).
10407 09:41:41 (0) ** There are no missing WMI system files: .............................................................................. OK.
10408 09:41:41 (0) ** There are no missing WMI repository files: .......................................................................... OK.
10409 09:41:41 (0) ** WMI repository state: ............................................................................................... N/A.
10410 09:41:41 (0) ** BEFORE running WMIDiag:
10411 09:41:41 (0) ** The WMI repository has a size of: ................................................................................... 24 MB.
10412 09:41:41 (0) ** - Disk free space on 'C:': .......................................................................................... 53890 MB.
10413 09:41:41 (0) ** - INDEX.BTR, 7356416 bytes, 6/8/2010 9:09:37 AM
10414 09:41:41 (0) ** - INDEX.MAP, 3616 bytes, 6/8/2010 9:09:37 AM
10415 09:41:41 (0) ** - OBJECTS.DATA, 17375232 bytes, 6/8/2010 9:09:37 AM
10416 09:41:41 (0) ** - OBJECTS.MAP, 8508 bytes, 6/8/2010 9:09:37 AM
10417 09:41:41 (0) ** AFTER running WMIDiag:
10418 09:41:41 (0) ** The WMI repository has a size of: ................................................................................... 24 MB.
10419 09:41:41 (0) ** - Disk free space on 'C:': .......................................................................................... 53877 MB.
10420 09:41:41 (0) ** - INDEX.BTR, 7356416 bytes, 6/8/2010 9:37:25 AM
10421 09:41:41 (0) ** - INDEX.MAP, 3616 bytes, 6/8/2010 9:37:25 AM
10422 09:41:41 (0) ** - OBJECTS.DATA, 17375232 bytes, 6/8/2010 9:37:25 AM
10423 09:41:41 (0) ** - OBJECTS.MAP, 8508 bytes, 6/8/2010 9:37:25 AM
10424 09:41:41 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
10425 09:41:41 (0) ** Windows Firewall: ................................................................................................... NOT INSTALLED.
10426 09:41:41 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
10427 09:41:41 (0) ** DCOM Status: ........................................................................................................ OK.
10428 09:41:41 (0) ** WMI registry setup: ................................................................................................. OK.
10429 09:41:41 (0) ** WMI Service has no dependents: ...................................................................................... OK.
10430 09:41:41 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
10431 09:41:41 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
10432 09:41:41 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
10433 09:41:41 (0) ** WMI service DCOM setup: ............................................................................................. OK.
10434 09:41:41 (2) !! WARNING: WMI DCOM components registration is missing for the following EXE/DLLs: .................................... 3 WARNING(S)!
10435 09:41:41 (0) ** - C:\WINNT\SYSTEM32\WBEM\FASTPROX.DLL (\CLSID\{D71EE747-F455-4804-9DF6-2ED81025F2C1}\InProcServer32)
10436 09:41:41 (0) ** - C:\WINNT\SYSTEM32\WBEM\FASTPROX.DLL (\CLSID\{ED51D12E-511F-4999-8DCD-C2BAC91BE86E}\InProcServer32)
10437 09:41:41 (0) ** - C:\WINNT\SYSTEM32\WBEM\WBEMPROX.DLL (\CLSID\{4C6055D8-84B9-4111-A7D3-6623894EEDB3}\InProcServer32)
10438 09:41:41 (0) ** => WMI System components are not properly registered as COM objects, which could make WMI to
10439 09:41:41 (0) ** fail depending on the operation requested.
10440 09:41:41 (0) ** => For a .DLL, you can correct the DCOM configuration by executing the 'REGSVR32.EXE <Filename.DLL>' command.
10441 09:41:41 (0) **
10442 09:41:41 (0) ** WMI ProgID registrations: ........................................................................................... OK.
10443 09:41:41 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
10444 09:41:41 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
10445 09:41:41 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
10446 09:41:41 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
10447 09:41:41 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
10448 09:41:41 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment' (Launch & Activation Permissions): ........................... MODIFIED.
10449 09:41:41 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
10450 09:41:41 (0) ** - REMOVED ACE:
10451 09:41:41 (0) ** ACEType: &h0
10452 09:41:41 (0) ** ACCESS_ALLOWED_ACE_TYPE
10453 09:41:41 (0) ** ACEFlags: &h0
10454 09:41:41 (0) ** ACEMask: &h1
10455 09:41:41 (0) ** DCOM_RIGHT_EXECUTE
10456 09:41:41 (0) **
10457 09:41:41 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
10458 09:41:41 (0) ** Removing default security will cause some operations to fail!
10459 09:41:41 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
10460 09:41:41 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
10461 09:41:41 (0) **
10462 09:41:41 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment' (Launch & Activation Permissions): ........................... MODIFIED.
10463 09:41:41 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED!
10464 09:41:41 (0) ** - REMOVED ACE:
10465 09:41:41 (0) ** ACEType: &h0
10466 09:41:41 (0) ** ACCESS_ALLOWED_ACE_TYPE
10467 09:41:41 (0) ** ACEFlags: &h0
10468 09:41:41 (0) ** ACEMask: &h1
10469 09:41:41 (0) ** DCOM_RIGHT_EXECUTE
10470 09:41:41 (0) **
10471 09:41:41 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
10472 09:41:41 (0) ** Removing default security will cause some operations to fail!
10473 09:41:41 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
10474 09:41:41 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
10475 09:41:41 (0) **
10476 09:41:41 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment' (Launch & Activation Permissions): ........................... MODIFIED.
10477 09:41:41 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED!
10478 09:41:41 (0) ** - REMOVED ACE:
10479 09:41:41 (0) ** ACEType: &h0
10480 09:41:41 (0) ** ACCESS_ALLOWED_ACE_TYPE
10481 09:41:41 (0) ** ACEFlags: &h0
10482 09:41:41 (0) ** ACEMask: &h1
10483 09:41:41 (0) ** DCOM_RIGHT_EXECUTE
10484 09:41:41 (0) **
10485 09:41:41 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
10486 09:41:41 (0) ** Removing default security will cause some operations to fail!
10487 09:41:41 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
10488 09:41:41 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
10489 09:41:41 (0) **
10490 09:41:41 (0) **
10491 09:41:41 (0) ** DCOM security warning(s) detected: .................................................................................. 0.
10492 09:41:41 (0) ** DCOM security error(s) detected: .................................................................................... 3.
10493 09:41:41 (0) ** WMI security warning(s) detected: ................................................................................... 0.
10494 09:41:41 (0) ** WMI security error(s) detected: ..................................................................................... 0.
10495 09:41:41 (0) **
10496 09:41:41 (1) !! ERROR: Overall DCOM security status: ................................................................................ ERROR!
10497 09:41:41 (0) ** Overall WMI security status: ........................................................................................ OK.
10498 09:41:41 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
10499 09:41:41 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 2.
10500 09:41:41 (0) ** - ROOT/SUBSCRIPTION, MSFT_UCScenarioControl.Name="Microsoft WMI Updating Consumer Scenario Control".
10501 09:41:41 (0) ** 'SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario''
10502 09:41:41 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer".
10503 09:41:41 (0) ** 'select * from MSFT_SCMEventLogEvent'
10504 09:41:41 (0) **
10505 09:41:41 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
10506 09:41:41 (0) ** WMI ADAP status: .................................................................................................... OK.
10507 09:41:41 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK.
10508 09:41:41 (0) ** WMI CONNECTIONS: .................................................................................................... OK.
10509 09:41:41 (0) ** WMI GET operations: ................................................................................................. OK.
10510 09:41:41 (0) ** WMI MOF representations: ............................................................................................ OK.
10511 09:41:41 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
10512 09:41:41 (0) ** WMI ENUMERATION operations: ......................................................................................... OK.
10513 09:41:41 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
10514 09:41:41 (2) !! WARNING: WMI GET VALUE operation errors reported: ................................................................... 5 WARNING(S)!
10515 09:41:41 (0) ** - Root, Instance: __EventProviderCacheControl=@, Property: ClearAfter='00000000000010.000000:000' (Expected default='00000000000030.000000:000').
10516 09:41:41 (0) ** - Root, Instance: __ObjectProviderCacheControl=@, Property: ClearAfter='00000000000200.000000:000' (Expected default='00000000000030.000000:000').
10517 09:41:41 (0) ** - Root, Instance: __EventSinkCacheControl=@, Property: ClearAfter='00000000000010.000000:000' (Expected default='00000000000015.000000:000').
10518 09:41:41 (0) ** - Root, Instance: __EventConsumerProviderCacheControl=@, Property: ClearAfter='00000000000010.000000:000' (Expected default='00000000000030.000000:000').
10519 09:41:41 (0) ** - Root, Instance: __PropertyProviderCacheControl=@, Property: ClearAfter='00000000000200.000000:000' (Expected default='00000000000030.000000:000').
10520 09:41:41 (0) **
10521 09:41:41 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
10522 09:41:41 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
10523 09:41:41 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
10524 09:41:41 (0) ** WMI static instances retrieved: ..................................................................................... 10071.
10525 09:41:41 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
10526 09:41:41 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 0.
10527 09:41:41 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
10528 09:41:41 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
10529 09:41:41 (0) ** DCOM: ............................................................................................................. 0.
10530 09:41:41 (0) ** WINMGMT: .......................................................................................................... 0.
10531 09:41:41 (0) ** WMIADAPTER: ....................................................................................................... 0.
10532 09:41:41 (0) **
10533 09:41:41 (0) ** # of additional Event Log events AFTER WMIDiag execution:
10534 09:41:41 (0) ** DCOM: ............................................................................................................. 0.
10535 09:41:41 (0) ** WINMGMT: .......................................................................................................... 0.
10536 09:41:41 (0) ** WMIADAPTER: ....................................................................................................... 0.
10537 09:41:41 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
10538 09:41:41 (0) ** WMI Registry key setup: ............................................................................................. OK.
10539 09:41:41 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
10540 09:41:41 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
10541 09:41:41 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
10542 09:41:41 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
10543 09:41:41 (0) **
10544 09:41:41 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
10545 09:41:41 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
10546 09:41:41 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
10547 09:41:41 (0) **
10548 09:41:41 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\DOCUMENTS AND SETTINGS\BMRTEK\LOCAL SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.RTM.32_MESLAB15_2010.06.08_09.23.10.LOG' for details.
10549 09:41:41 (0) **
10550 09:41:41 (0) ** WMIDiag v2.0 ended on Tuesday, June 08, 2010 at 09:41 (W:67 E:11 S:1).
After that the second error still remains so we went ahead with the VBS script to repair the WMI. This seemed to have fixed whatever the problem was and made the single computer scan-able.
The problem being, we do not want to have to go through this entire process on 400+ PC's.. Is there an easier way to deploy the WMI repair to fix the problem or something remotely?
Thanks.
Solved! Go to Solution.
Labels:
- Labels:
-
General Discussion
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-08-2010 11:25 PM
It looks like the default permissions for administrators have been removed.
If you use computer images to deploy it's a common problem is the "base" image has this problem.
I've never tried it but maybe you can run the wmi repair script in a startup script.
If you use computer images to deploy it's a common problem is the "base" image has this problem.
I've never tried it but maybe you can run the wmi repair script in a startup script.
12 REPLIES 12
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-09-2010 03:50 PM
Lansweeper wrote:
Another suggestions:
A custom action in lansweeper which uses psexec to run the wmi repair script on a target computer.
This way you can go to the non-working computer in lansweeper and click on the action.
Thought of that also which does sound like a good idea, except the fact that we would have to go to every computer in the list and click the action (not too bad).. is there a way to perform a batch action or select multiple computers and then perform the custom action?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-08-2010 11:25 PM
It looks like the default permissions for administrators have been removed.
If you use computer images to deploy it's a common problem is the "base" image has this problem.
I've never tried it but maybe you can run the wmi repair script in a startup script.
If you use computer images to deploy it's a common problem is the "base" image has this problem.
I've never tried it but maybe you can run the wmi repair script in a startup script.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-08-2010 11:46 PM
Lansweeper wrote:
It looks like the default permissions for administrators have been removed.
If you use computer images to deploy it's a common problem is the "base" image has this problem.
I've never tried it but maybe you can run the wmi repair script in a startup script.
Sounds reasonable as to the fact that we do clone/image our computers, especially labs.
We thought of running the wmi repair as a startup script however our concern being then how do we ONLY have it be a startup script for computers that aren't working; if there are computers that are both working & not working in terms of the scan, how can we really only have the startup script load for the "broken" ones.. We're not sure whether it matters and if running the wmi repair on a "working" one will in fact harm the computer or interrupt any other computer processes/programs..
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- Inside Lansweeper: Weekly Recap in General Discussions
- Scanning Queue Timeout Adjustment in General Discussions
- What is a best practice to keep your scanning queue running smoothly at all times? in Technical Troubleshooting
- Registry and File Scanning - description field in General Discussions
- Scan slowness in General Discussions
