0

So I'm trying to make sense of the issue with WMI I have. Every time a new object change is made via Group Policy Client (be it new firewall rule or any other property state change) I see about 50 WMI errors like:

Id = {4320A058-2BD9-49EF-8426-B39B9B4EC723}; ClientMachine = DESKTOP-RE487UR; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2576; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : RSOP_ExtensionStatus.extensionGuid="{FC491EF1-C4AA-4CE1-B329-414B101DB823}"; ResultCode = 0x80041002; PossibleCause = Unknown

Enabling Debug & Trace logging I see only this in Trace:

CorrelationId = {4320A058-2BD9-49EF-8426-B39B9B4EC723}; GroupOperationId = 15129; OperationId = 15132; Operation = Start IWbemServices::DeleteInstance - Root\Rsop\Computer : \\DESKTOP-RE487UR\ROOT\Rsop\Computer:RSOP_GPLink.GPO="RSOP_GPO.id=\"LocalGPO\"",SOM="RSOP_SOM.id=\"Local\",reason=1",somOrder=1; ClientMachine = DESKTOP-RE487UR; User = NT AUTHORITY\SYSTEM; ClientProcessId = 2576; NamespaceName = 132819057713037525

Activity Transfer

Performing delete operation on the WMI repository. OperationID = 15129; Operation = \\DESKTOP-RE487UR\ROOT\Rsop\Computer:RSOP_RegistryPolicySetting.id="{E9B915ED-383A-4625-8512-0AEA580BAAF9}",precedence=126

Stop OperationId = 15235; ResultCode = 0x0

which does not tell me much either. I did read this great compilation of suggestions, however, it is not really applicable since I dont need to profile WMI's performance, I need to understand what causes it. So far my understanding is this:

  1. Either GPO client is not up to date and tries to access no longer relevant WMI resources for some reason. or
  2. WMI provider, for some reason, does not have the resources/targets GPO client tries to access validly.

Is there any way to get some sensible and reasonable insight into what causes it and, if possible, potentially address the issue? May be someone with WMI experience can chime in?

Digika
  • 11
  • 3
  • The error says Class Not Registered. What does this key say if it exists. `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FC491EF1-C4AA-4CE1-B329-414B101DB823}`. https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-error-constants – user1292580 Nov 20 '21 at 21:48
  • https://i.imgur.com/jGHn2eA.png – Digika Nov 20 '21 at 22:51
  • There are two GUIDs and one error number. The first GUID has no hits on the internet suggesting that it is specific to your computer/network. The second GUID has hits for people using Group Policy, it does not appear on my laptop. I gave you a link for the error, which is specific to WMI ( 0x8004nnnn are up to 0x8004n200 are COM specific and above that are component specific). The WMI error says `Class not registered`. So no other same error number from something other than WMI is the same. Your question asked for debugging tips. – user1292580 Nov 21 '21 at 05:45
  • You also need to edit further information into your question rather than adding it in comments. – user1292580 Nov 21 '21 at 05:46
  • Yes, I found the error code myself, it does not tell anything as to why it might happen, hence the question. – Digika Nov 21 '21 at 08:54

0 Answers0