Wmi activity ошибка 5858 win 10

Windows 10: WMI activity even 5858 and no one seems to know how to fix it

Discus and support WMI activity even 5858 and no one seems to know how to fix it in Windows 10 Network and Sharing to solve the problem; I have been receiving these errors for a very long time on windows 10. My event viewer for the service WMI is completely full of 5858 errors. The only…
Discussion in ‘Windows 10 Network and Sharing’ started by JumpierElf91, Aug 26, 2021.

  1. WMI activity even 5858 and no one seems to know how to fix it

    I have been receiving these errors for a very long time on windows 10. My event viewer for the service WMI is completely full of 5858 errors. The only fix i haven’t tried is one that no one seems to be able to help me do.https://docs.microsoft.com/de-DE/troubleshoot/windows-client/system-management-components/wmi-activity-event-5858-logged-with-resultcode-0x80041032it explains that I should do the following.The WMI client application should be modified to IEnumWbemClassObject::Nextissue calls to get the full result set before the IWbemContext object is released. If no objec

    :)

  2. WMI Activity generates event ID 5858 every 15 seconds

    WMI Activity generates event ID 5858 every 15 seconds
    Errors Are related to Intel CIntelWLANEvent, win32_perfformatteddata_perfdisk_physicaldisk CurrentDiskQueueLength, BIOSEvent

    Ran dism Sfc Chkdsk all without error.

    Turned off WMI performance adapter Service and the errors ceased

    At one point it had reconfigured all my apps

    I have created a wmi activity evtx file
    Error 11/15/2017 2:18:52 PM WMI-Activity 5858 None

    Windows 10 home Fall creators edition Dell 5567

    [Moved from: Windows / Windows 10 / Windows settings]

  3. WMI events 5858 on a Windows Server 2016, what to do?

    Thanks for your quick reply.

    As suggested I created a copy of this question on Technet forum: Technet
    copy

  4. WMI activity even 5858 and no one seems to know how to fix it

    Windows not shutting down, caused by Event Error 5858 ? (WMI Activity)

    Regularly my pc does not shut down, it gets stuck on the blue screen with «Shutting Down»
    After a while I need to shut down the pc, using the power-button on the case.

    I already untagged «Turn on fast start-up (recommended)»
    under Control Panel->All Control Panel Items->Power Options->System Settings under ‘Shut-down settings»

    Regretfully that did not solve the issue.

    I checked the event log between me initiating shutdown (event 1074) and rebooting.

    There are quite a number of entries reading like this:

    Event : 5858
    Source : Microsoft-Windows-WMI-Activity
    Description:
    Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = DESKTOP-JFFLEA5; User = NT AUTHORITYSYSTEM; ClientProcessId = 2908; Component = Unknown; Operation = Start IWbemServices::ExecQuery — rootwmi : select * from WDMClassesOfDriver where ClassName = «MSStorageDriver_ClassErrorLogEntry»; ResultCode = 80041032; PossibleCause Unknown

    Event : 5858
    Source : Microsoft-Windows-WMI-Activity
    Description:
    Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = DESKTOP-JFFLEA5; User = NT AUTHORITYSYSTEM; ClientProcessId = 2908; Component = Unknown; Operation = Start IWbemServices::ExecQuery — rootwmi : select * from WMIBinaryMofResource where Name = «USBSTOR\Disk&Ven_WD&Prod_My_Book_1230&Rev_1065\57583231443934374E345956&0_0-{05901221-D566-11d1-B2F0-00A0C9062910}»; ResultCode = 80041032; PossibleCause = Unknown
    =

    Note that I did have external drives running, but they were properly removed (ejected) and then, before shutting down, they were switched/powered off, i.e. they didn’t exist anymore for Windows.

    Does anybody out there know how to handle this and what is causing this error?
    Any solutions?

    Thanks!

    =

Thema:

WMI activity even 5858 and no one seems to know how to fix it

  1. WMI activity even 5858 and no one seems to know how to fix it — Similar Threads — WMI activity 5858

  2. Does any one know how to fix this??

    in Windows 10 Gaming

    Does any one know how to fix this??: I’ve tried switching to Windows ten ,updating but still the same problem and when I check what version of direct x 12 my pc is running it says directx 12 but when I try switching to direct x 12 on games it does not work please help….

  3. Does any one know how to fix this??

    in Windows 10 Software and Apps

    Does any one know how to fix this??: I’ve tried switching to Windows ten ,updating but still the same problem and when I check what version of direct x 12 my pc is running it says directx 12 but when I try switching to direct x 12 on games it does not work please help….

  4. WMI seems to be broken or disabled.

    in Windows 10 Gaming

    WMI seems to be broken or disabled.: Hi. Running Windows 10 on an HP ZBook 17 G4. I was trying to download battle.net app. Went to their support and whittled it down to being an issue with WMI on my system. In MSInfo32 System Information, I get a «Can’t Collect Information». When I go to winmgmt.msc > WMI…

  5. WMI seems to be broken or disabled.

    in Windows 10 Software and Apps

    WMI seems to be broken or disabled.: Hi. Running Windows 10 on an HP ZBook 17 G4. I was trying to download battle.net app. Went to their support and whittled it down to being an issue with WMI on my system. In MSInfo32 System Information, I get a «Can’t Collect Information». When I go to winmgmt.msc > WMI…

  6. WMI seems to be broken or disabled.

    in Windows 10 Drivers and Hardware

    WMI seems to be broken or disabled.: Hi. Running Windows 10 on an HP ZBook 17 G4. I was trying to download battle.net app. Went to their support and whittled it down to being an issue with WMI on my system. In MSInfo32 System Information, I get a «Can’t Collect Information». When I go to winmgmt.msc > WMI…

  7. Repeated WMI Error 0x80041032 Event 5858 caused by swiservice.exe, cause «Unknown»

    in Windows 10 BSOD Crashes and Debugging

    Repeated WMI Error 0x80041032 Event 5858 caused by swiservice.exe, cause «Unknown»: Hi everyoneI came across this while looking into what’s gobbling up CPU power at startup. This is the output from Event Viewer > Applications and Service LogsMicrosoftWindowsWMI-ActivityOperational:Log Name: Microsoft-Windows-WMI-Activity/OperationalSource:…

  8. Repeated WMI Error 0x80041032 Event 5858 caused by swiservice.exe, cause «Unknown»

    in Windows 10 Software and Apps

    Repeated WMI Error 0x80041032 Event 5858 caused by swiservice.exe, cause «Unknown»: Hi everyoneI came across this while looking into what’s gobbling up CPU power at startup. This is the output from Event Viewer > Applications and Service LogsMicrosoftWindowsWMI-ActivityOperational:Log Name: Microsoft-Windows-WMI-Activity/OperationalSource:…

  9. WMI issue with event id 5858

    in Windows 10 BSOD Crashes and Debugging

    WMI issue with event id 5858: I have Windows 10. I have an issue with the CPU usage and it seems to be connected to WMI. It means that my fan is constantly running and the machine seems to be always doing something. I have done a bit of research and have identified that the error seems to be caused by…

  10. Windows not shutting down, caused by Event Error 5858 ? (WMI Activity)

    in Windows 10 Performance & Maintenance

    Windows not shutting down, caused by Event Error 5858 ? (WMI Activity): Regularly my pc does not shut down, it gets stuck on the blue screen with «Shutting Down»
    After a while I need to shut down the pc, using the power-button on the case.

    I already untagged «Turn on fast start-up (recommended)»
    under Control Panel->All Control Panel…

Users found this page by searching for:

  1. wmi-activity event 5858 0x80041013

    ,

  2. event id 5858 wmi-activity


Windows 10 Forums

Источник
title description ms.date author ms.author manager audience ms.topic ms.prod localization_priority ms.reviewer ms.custom ms.technology

WMI-Activity Event 5858 ResultCode 0x80041032

WMI-Activity Event ID 5858 is logged with ResultCode 0x80041032 when applications issue WMI queries.

05/16/2023

Deland-Han

delhan

dcscontentpm

ITPro

troubleshooting

windows-client

medium

kaushika, steved, cmyu, ssutari

sap:wmi, csstroubleshoot

windows-client-system-management-components

This article provides a resolution to solve the WMI-Activity event ID 5858 that’s logged with ResultCode = 0x80041032 in Windows Server 2012 R2.

Applies to:   Windows Server 2012 R2
Original KB number:   3124914

Symptoms

When using Windows Server 2012 R2 with applications that issue WMI queries using IWbemServices:ExecQuery, the administrator may observe the following event in Event Viewer:

Log Name:  Microsoft-Windows-WMI-Activity/Operational
Source:    WMI-Activity
Event ID:  5858
Level:     Error
Id = {guid}; ClientMachine = <computer>; User = <user>; ClientProcessId = <process ID>; Component = Unknown; Operation = Start IWbemServices::ExecQuery - <WMI namespace>: <Select Query Statement>; ResultCode = 0x80041032; PossibleCause = Unknown
where 0x80041032 indicates WBEM_E_CALL_CANCELLED.

[!NOTE]
This event can occur with many different ResultCode values. The problem described in this article only applies when ResultCode = 0x80041032 (WBEM_E_CALL_CANCELLED).

Cause

WMI-Activity Error 5858 with ResultCode = 0x80041032 (WBEM_E_CALL_CANCELLED) indicates that the WMI caller has successfully issued IWbemServices:ExecQuery, but has released the IWbemContext object before retrieving the full result set using the IEnumWbemClassObject::Next method. If the WMI service is still holding data for the client when the client terminates the link (by releasing the IWbemContext object), this event will be logged.

This error can happen if the WMI application calls IEnumWbemClassObject::Next with a timeout value (lTimeout) that is not long enough to retrieve the object being queried, and is not checking for a return code of WBEM_S_TIMEDOUT (0x40004) in order to issue the request again.

Resolution

The WMI client application should be modified to issue calls to IEnumWbemClassObject::Next to retrieve the full result set, before releasing the IWbemContext object. If no objects are received, make sure that the timeout value (lTimeout) is greater than 0 and that WBEM_S_TIMEDOUT (0x40004) is not being returned.

More information

For more information, see:

  • IEnumWbemClassObject interface

    [!NOTE]
    The sample code included at the end of this page shows IEnumWbemClassObject::Next being called with a timeout value (lTimeout) of 0, and is not checking for the WBEM_S_TIMEDOUT error.

  • IWbemServices::ExecQuery method

  • IEnumWbemClassObject::Next method

Data collection

If you need assistance from Microsoft support, we recommend you collect the information by following the steps mentioned in Gather information by using TSSv2 for User Experience issues.

Источник
  • Remove From My Forums

  • Вопрос

  • Добрый день.

    Имеем:

    Windows 2012 Server Standart

    Роли — контроллер домена, AD DS, DNS, Hyper-V. Работает несколько виртуальных машин.

    Весь журнал завален ошибками 5858 WMI-Activity, примерно такого содержания:

    

    Имя журнала:   Microsoft-Windows-WMI-Activity/Operational
Источник:      Microsoft-Windows-WMI-Activity
Дата:          09.04.2013 6:58:27
Код события:   5858
Категория задачи:Отсутствует
Уровень:       Ошибка
Ключевые слова:
Пользователь:  СИСТЕМА
Компьютер:     SRV-MAIN.XXXX.XXXXXXXX.com
Описание:
Id = {E25A1B35-A874-4BC4-9514-069B77BE1942}; ClientMachine = SRV-MAIN; User = ; ClientProcessId = 1356; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - RootRsopUserS_1_5_21_2475379679_2976830835_2111589685_1105 : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown
Xml события:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WMI-Activity" Guid="{1418EF04-B0B4-4623-BF7E-D74AB47BBDAA}" />
    <EventID>5858</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2013-04-08T21:58:27.850773400Z" />
    <EventRecordID>35560</EventRecordID>
    <Correlation />
    <Execution ProcessID="1356" ThreadID="21972" />
    <Channel>Microsoft-Windows-WMI-Activity/Operational</Channel>
    <Computer>SRV-MAIN.XXXX.XXXXXXXX.com</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <UserData>
    <Operation_ClientFailure xmlns="http://manifests.microsoft.com/win/2006/windows/WMI">
      <Id>{E25A1B35-A874-4BC4-9514-069B77BE1942}</Id>
      <ClientMachine>SRV-MAIN</ClientMachine>
      <User>
      </User>
      <ClientProcessId>1356</ClientProcessId>
      <Component>Unknown</Component>
      <Operation>Start IWbemServices::DeleteInstance - RootRsopUserS_1_5_21_2475379679_2976830835_2111589685_1105 : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"</Operation>
      <ResultCode>0x80041002</ResultCode>
      <PossibleCause>Unknown</PossibleCause>
    </Operation_ClientFailure>
  </UserData>
</Event>

    

    Наверное не умею пользоваться поиском, но не получилось ни чего найти, кроме подобных ссылок, где ответов еще нет Event
    5858 from WMI-Activity :(

    Прошу помочь с этой проблемой. Куда копать, что смотреть.

    Заранее спасибо.

Ответы

  • Тема старая, но на всякий случай напишу: Данная ошибка проявляется при удалённом подключении к новым серверам MS Sever 2012 с устаревших версий клиентских операционных систем (Windows 7, XP). Это ругаются датчики классов WMI,
    и как таковые не несут в себе угрозу работе сервера. Рекомендовано их игнорировать. Ну или подключайтесь к серверам для работы в интерфейсе под windows 10 :) И то не факт, что таких ошибок не будет вовсе.

    • Помечено в качестве ответа

      3 ноября 2017 г. 8:34

Источник
  • Remove From My Forums

  • Вопрос

  • Добрый день.

    Имеем:

    Windows 2012 Server Standart

    Роли — контроллер домена, AD DS, DNS, Hyper-V. Работает несколько виртуальных машин.

    Весь журнал завален ошибками 5858 WMI-Activity, примерно такого содержания: 

    Имя журнала:   Microsoft-Windows-WMI-Activity/Operational
Источник:      Microsoft-Windows-WMI-Activity
Дата:          09.04.2013 6:58:27
Код события:   5858
Категория задачи:Отсутствует
Уровень:       Ошибка
Ключевые слова:
Пользователь:  СИСТЕМА
Компьютер:     SRV-MAIN.XXXX.XXXXXXXX.com
Описание:
Id = {E25A1B35-A874-4BC4-9514-069B77BE1942}; ClientMachine = SRV-MAIN; User = ; ClientProcessId = 1356; Component = Unknown; Operation = Start IWbemServices::DeleteInstance - RootRsopUserS_1_5_21_2475379679_2976830835_2111589685_1105 : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"; ResultCode = 0x80041002; PossibleCause = Unknown
Xml события:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WMI-Activity" Guid="{1418EF04-B0B4-4623-BF7E-D74AB47BBDAA}" />
    <EventID>5858</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2013-04-08T21:58:27.850773400Z" />
    <EventRecordID>35560</EventRecordID>
    <Correlation />
    <Execution ProcessID="1356" ThreadID="21972" />
    <Channel>Microsoft-Windows-WMI-Activity/Operational</Channel>
    <Computer>SRV-MAIN.XXXX.XXXXXXXX.com</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <UserData>
    <Operation_ClientFailure xmlns="http://manifests.microsoft.com/win/2006/windows/WMI">
      <Id>{E25A1B35-A874-4BC4-9514-069B77BE1942}</Id>
      <ClientMachine>SRV-MAIN</ClientMachine>
      <User>
      </User>
      <ClientProcessId>1356</ClientProcessId>
      <Component>Unknown</Component>
      <Operation>Start IWbemServices::DeleteInstance - RootRsopUserS_1_5_21_2475379679_2976830835_2111589685_1105 : RSOP_ExtensionStatus.extensionGuid="{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}"</Operation>
      <ResultCode>0x80041002</ResultCode>
      <PossibleCause>Unknown</PossibleCause>
    </Operation_ClientFailure>
  </UserData>
</Event>

    Наверное не умею пользоваться поиском, но не получилось ни чего найти, кроме подобных ссылок, где ответов еще нет Event
    5858 from WMI-Activity :(

    Прошу помочь с этой проблемой. Куда копать, что смотреть.

    Заранее спасибо.

Ответы

  • Тема старая, но на всякий случай напишу: Данная ошибка проявляется при удалённом подключении к новым серверам MS Sever 2012 с устаревших версий клиентских операционных систем (Windows 7, XP). Это ругаются датчики классов WMI,
    и как таковые не несут в себе угрозу работе сервера. Рекомендовано их игнорировать. Ну или подключайтесь к серверам для работы в интерфейсе под windows 10 :) И то не факт, что таких ошибок не будет вовсе.

    • Помечено в качестве ответа

      3 ноября 2017 г. 8:34

title description ms.date author ms.author manager audience ms.topic ms.prod localization_priority ms.reviewer ms.custom ms.technology

WMI-Activity Event 5858 ResultCode 0x80041032

WMI-Activity Event ID 5858 is logged with ResultCode 0x80041032 when applications issue WMI queries.

09/08/2020

Deland-Han

delhan

dcscontentpm

ITPro

troubleshooting

windows-client

medium

kaushika, steved, cmyu, ssutari

sap:wmi, csstroubleshoot

windows-client-system-management-components

This article provides a resolution to solve the WMI-Activity event ID 5858 that’s logged with ResultCode = 0x80041032 in Windows Server 2012 R2.

Applies to:   Windows Server 2012 R2
Original KB number:   3124914

Symptoms

When using Windows Server 2012 R2 with applications that issue WMI queries using IWbemServices:ExecQuery, the administrator may observe the following event in Event Viewer:

Log Name:  Microsoft-Windows-WMI-Activity/Operational
Source:    WMI-Activity
Event ID:  5858
Level:     Error
Id = {guid}; ClientMachine = <computer>; User = <user>; ClientProcessId = <process ID>; Component = Unknown; Operation = Start IWbemServices::ExecQuery - <WMI namespace>: <Select Query Statement>; ResultCode = 0x80041032; PossibleCause = Unknown
where 0x80041032 indicates WBEM_E_CALL_CANCELLED.

[!NOTE]
This event can occur with many different ResultCode values. The problem described in this article only applies when ResultCode = 0x80041032 (WBEM_E_CALL_CANCELLED).

Cause

WMI-Activity Error 5858 with ResultCode = 0x80041032 (WBEM_E_CALL_CANCELLED) indicates that the WMI caller has successfully issued IWbemServices:ExecQuery, but has released the IWbemContext object before retrieving the full result set using the IEnumWbemClassObject::Next method. If the WMI service is still holding data for the client when the client terminates the link (by releasing the IWbemContext object), this event will be logged.

This error can happen if the WMI application calls IEnumWbemClassObject::Next with a timeout value (lTimeout) that is not long enough to retrieve the object being queried, and is not checking for a return code of WBEM_S_TIMEDOUT (0x40004) in order to issue the request again.

Resolution

The WMI client application should be modified to issue calls to IEnumWbemClassObject::Next to retrieve the full result set, before releasing the IWbemContext object. If no objects are received, make sure that the timeout value (lTimeout) is greater than 0 and that WBEM_S_TIMEDOUT (0x40004) is not being returned.

More information

For more information, see:

  • IEnumWbemClassObject interface

    [!NOTE]
    The sample code included at the end of this page shows IEnumWbemClassObject::Next being called with a timeout value (lTimeout) of 0, and is not checking for the WBEM_S_TIMEDOUT error.

  • IWbemServices::ExecQuery method

  • IEnumWbemClassObject::Next method

Good morning,

This question is a copy of
the one, asked on the Microsoft community. I’ve been advised to copy this question here. Hereby my question:

On a customer’s system, I’ve installed a program, which launches quite some WMI queries, for determining the status of the machine.

Regularly those WMI queries are failing, and in event logs, there are lots of errors (event ID 5858), hereby a typical example (I’ve obfuscated computer name, customer name and GUID for security reasons):

Log Name:      Microsoft-Windows-WMI-Activity/Operational
Source:        Microsoft-Windows-WMI-Activity
Date:          1/04/2019 14:54:06
Event ID:      5858
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      Computer_Name.Customer.intra
Description:
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = Computer_Name; User = NT AUTHORITYSYSTEM; ClientProcessId = 6968; Component = Unknown; Operation = Start IWbemServices::ExecQuery — rootccmpolicymachine : select * from InventoryAction where InventoryActionID=»{00000000-0000-0000-0000-000000000001}»;
ResultCode = 0x80041032; PossibleCause = Unknown
Event Xml:
<Event xmlns=»http://schemas.microsoft.com/win/2004/08/events/event»>
  <System>
    <Provider Name=»Microsoft-Windows-WMI-Activity» Guid=»{……..-….-….-….-…………}» />
    <EventID>5858</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime=»2019-04-01T12:54:06.515593700Z» />
    <EventRecordID>570075</EventRecordID>
    <Correlation />
    <Execution ProcessID=»1736″ ThreadID=»30436″ />
    <Channel>Microsoft-Windows-WMI-Activity/Operational</Channel>
    <Computer>Computer_Name.Customer.intra</Computer>
    <Security UserID=»S-1-5-18″ />
  </System>
  <UserData>
    <Operation_ClientFailure xmlns=»http://manifests.microsoft.com/win/2006/windows/WMI»>
      <Id>{00000000-0000-0000-0000-000000000000}</Id>
      <ClientMachine>Computer_Name</ClientMachine>
      <User>NT AUTHORITYSYSTEM</User>
      <ClientProcessId>6968</ClientProcessId>
      <Component>Unknown</Component>
      <Operation>Start IWbemServices::ExecQuery — rootccmpolicymachine : select * from InventoryAction where InventoryActionID=»{00000000-0000-0000-0000-000000000001}»</Operation>
      <ResultCode>0x80041032</ResultCode>
      <PossibleCause>Unknown</PossibleCause>
    </Operation_ClientFailure>
  </UserData>
</Event>

There are 210 such events, the different «ResultCode» values are shown here:

Amount of occurences ResultCode
1 0x80041033
1 0x800706BE
2 0x80041017
6 0x80070422
14 0x80041001
18 0x80041010
42 0x80041002
44 0x80041032
82 0x8004101D

The customer has Windows Server 2016.

Why are those error logs appearing and what can I do in order to avoid them? (Windows update, patch installation (which one?), …)

For your information, my program(s) is/are launching lots of WMI queries, some of them quite complicated, like this one:

SELECT Handle,Name,PageFileUsage,WorkingSetSize,VirtualSize,CommandLine FROM Win32_Process WHERE CommandLine IS NOT NULL AND (ProcessId=6968 or ProcessId=3796 or ProcessId=1120 or ProcessId=3056 or ProcessId=6620 or ProcessId=7520 or ProcessId=28980 or ProcessId=29328 or ProcessId=9012 or ProcessId=7588 or ProcessId=7212 or ProcessId=7744 or ProcessId=7300 or ProcessId=7380 or ProcessId=7416 or ProcessId=9936 or ProcessId=10000 or ProcessId=10068 or ProcessId=10136 or ProcessId=9824 or ProcessId=10808 or ProcessId=10868 or ProcessId=10928 or ProcessId=10996 or ProcessId=10768 or ProcessId=8724 or ProcessId=7136 or ProcessId=8756 or ProcessId=2752 or ProcessId=12984 or ProcessId=10988 or ProcessId=9312 or ProcessId=7308 or ProcessId=7752 or ProcessId=4 or ProcessId=2864 or ProcessId=1684 or ProcessId=2872 or ProcessId=3080 or ProcessId=5452 or ProcessId=6288 or ProcessId=5668 or ProcessId=7628 or ProcessId=38504 or ProcessId=6236 or ProcessId=34356 or ProcessId=3940 or ProcessId=5996 or ProcessId=3068 or ProcessId=3076 or ProcessId=8940 or ProcessId=2688 or ProcessId=3048 or ProcessId=2392 or ProcessId=912 or ProcessId=824 or ProcessId=12252 or ProcessId=2664 or ProcessId=30376 or ProcessId=1128 or ProcessId=2880 or ProcessId=108 or ProcessId=4472 or ProcessId=2960 or ProcessId=2912 or ProcessId=116 or ProcessId=712 or ProcessId=10672 or ProcessId=2284 or ProcessId=1748 or ProcessId=2056 or ProcessId=2572 or ProcessId=2580 or ProcessId=2588 or ProcessId=2760 or ProcessId=2768 or ProcessId=2844 or ProcessId=136 or ProcessId=1212 or ProcessId=1220 or ProcessId=1300 or ProcessId=1328 or ProcessId=1336 or ProcessId=1400 or ProcessId=1568 or ProcessId=1736 or ProcessId=816 or ProcessId=1600 or ProcessId=2640 or ProcessId=37004 or ProcessId=936 or ProcessId=968 or ProcessId=3648)

Thanks in advance

Dominique

  • Edited by

    Wednesday, April 3, 2019 10:31 AM

  • Moved by
    cloris_sun
    Monday, April 8, 2019 9:50 AM

Good morning,

This question is a copy of
the one, asked on the Microsoft community. I’ve been advised to copy this question here. Hereby my question:

On a customer’s system, I’ve installed a program, which launches quite some WMI queries, for determining the status of the machine.

Regularly those WMI queries are failing, and in event logs, there are lots of errors (event ID 5858), hereby a typical example (I’ve obfuscated computer name, customer name and GUID for security reasons):

Log Name:      Microsoft-Windows-WMI-Activity/Operational
Source:        Microsoft-Windows-WMI-Activity
Date:          1/04/2019 14:54:06
Event ID:      5858
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      Computer_Name.Customer.intra
Description:
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = Computer_Name; User = NT AUTHORITYSYSTEM; ClientProcessId = 6968; Component = Unknown; Operation = Start IWbemServices::ExecQuery — rootccmpolicymachine : select * from InventoryAction where InventoryActionID=»{00000000-0000-0000-0000-000000000001}»;
ResultCode = 0x80041032; PossibleCause = Unknown
Event Xml:
<Event xmlns=»http://schemas.microsoft.com/win/2004/08/events/event»>
  <System>
    <Provider Name=»Microsoft-Windows-WMI-Activity» Guid=»{……..-….-….-….-…………}» />
    <EventID>5858</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime=»2019-04-01T12:54:06.515593700Z» />
    <EventRecordID>570075</EventRecordID>
    <Correlation />
    <Execution ProcessID=»1736″ ThreadID=»30436″ />
    <Channel>Microsoft-Windows-WMI-Activity/Operational</Channel>
    <Computer>Computer_Name.Customer.intra</Computer>
    <Security UserID=»S-1-5-18″ />
  </System>
  <UserData>
    <Operation_ClientFailure xmlns=»http://manifests.microsoft.com/win/2006/windows/WMI»>
      <Id>{00000000-0000-0000-0000-000000000000}</Id>
      <ClientMachine>Computer_Name</ClientMachine>
      <User>NT AUTHORITYSYSTEM</User>
      <ClientProcessId>6968</ClientProcessId>
      <Component>Unknown</Component>
      <Operation>Start IWbemServices::ExecQuery — rootccmpolicymachine : select * from InventoryAction where InventoryActionID=»{00000000-0000-0000-0000-000000000001}»</Operation>
      <ResultCode>0x80041032</ResultCode>
      <PossibleCause>Unknown</PossibleCause>
    </Operation_ClientFailure>
  </UserData>
</Event>

There are 210 such events, the different «ResultCode» values are shown here:

Amount of occurences ResultCode
1 0x80041033
1 0x800706BE
2 0x80041017
6 0x80070422
14 0x80041001
18 0x80041010
42 0x80041002
44 0x80041032
82 0x8004101D

The customer has Windows Server 2016.

Why are those error logs appearing and what can I do in order to avoid them? (Windows update, patch installation (which one?), …)

For your information, my program(s) is/are launching lots of WMI queries, some of them quite complicated, like this one:

SELECT Handle,Name,PageFileUsage,WorkingSetSize,VirtualSize,CommandLine FROM Win32_Process WHERE CommandLine IS NOT NULL AND (ProcessId=6968 or ProcessId=3796 or ProcessId=1120 or ProcessId=3056 or ProcessId=6620 or ProcessId=7520 or ProcessId=28980 or ProcessId=29328 or ProcessId=9012 or ProcessId=7588 or ProcessId=7212 or ProcessId=7744 or ProcessId=7300 or ProcessId=7380 or ProcessId=7416 or ProcessId=9936 or ProcessId=10000 or ProcessId=10068 or ProcessId=10136 or ProcessId=9824 or ProcessId=10808 or ProcessId=10868 or ProcessId=10928 or ProcessId=10996 or ProcessId=10768 or ProcessId=8724 or ProcessId=7136 or ProcessId=8756 or ProcessId=2752 or ProcessId=12984 or ProcessId=10988 or ProcessId=9312 or ProcessId=7308 or ProcessId=7752 or ProcessId=4 or ProcessId=2864 or ProcessId=1684 or ProcessId=2872 or ProcessId=3080 or ProcessId=5452 or ProcessId=6288 or ProcessId=5668 or ProcessId=7628 or ProcessId=38504 or ProcessId=6236 or ProcessId=34356 or ProcessId=3940 or ProcessId=5996 or ProcessId=3068 or ProcessId=3076 or ProcessId=8940 or ProcessId=2688 or ProcessId=3048 or ProcessId=2392 or ProcessId=912 or ProcessId=824 or ProcessId=12252 or ProcessId=2664 or ProcessId=30376 or ProcessId=1128 or ProcessId=2880 or ProcessId=108 or ProcessId=4472 or ProcessId=2960 or ProcessId=2912 or ProcessId=116 or ProcessId=712 or ProcessId=10672 or ProcessId=2284 or ProcessId=1748 or ProcessId=2056 or ProcessId=2572 or ProcessId=2580 or ProcessId=2588 or ProcessId=2760 or ProcessId=2768 or ProcessId=2844 or ProcessId=136 or ProcessId=1212 or ProcessId=1220 or ProcessId=1300 or ProcessId=1328 or ProcessId=1336 or ProcessId=1400 or ProcessId=1568 or ProcessId=1736 or ProcessId=816 or ProcessId=1600 or ProcessId=2640 or ProcessId=37004 or ProcessId=936 or ProcessId=968 or ProcessId=3648)

Thanks in advance

Dominique

  • Edited by

    Wednesday, April 3, 2019 10:31 AM

  • Moved by
    cloris_sun
    Monday, April 8, 2019 9:50 AM


Posted by DDoc 2013-12-10T18:07:47Z

I have a Windows 2012 R2 server that I periodically get several of the below (or similar) messages.  Any idea what the issue might be?

Id = {BF062B92-ECEA-46B8-A09F-7E6D6F430BAA}; ClientMachine = ELM; User = ; ClientProcessId = 712; Component = Unknown; Operation = Start IWbemServices::DeleteInstance — RootRsopUserS_1_5_21_719535676_533339174_944726268_1292 : RSOP_ExtensionStatus.extensionGuid=»{0E28E245-9368-4853-AD84-6DA3BA35BB75}»; ResultCode = 0x80041002; PossibleCause = Unknown
 

User: Doug Dockter

1 Reply

  • Author Mike Welch

lock

This topic has been locked by an administrator and is no longer open for commenting.

To continue this discussion, please ask a new question.

Read these next…

  • Curated WINDOWS 10 "glitch" - file explorer

    WINDOWS 10 «glitch» — file explorer

    Windows

    Hi.I have been experiencing a black line (glitch) on my file explorer which comes for milliseconds then it goes away. See screen grab. Is there anyone who has experienced such and how were they able to solve it?Thank you.

  • Curated Are you updating workstations to Windows 11?

    Are you updating workstations to Windows 11?

    Windows

    Has anyone started updating workstations on a AD domain to Windows 11? what type of issues are you facing?What is the user reaction been?Thanks!

  • Curated Snap! -- Psyche Probe, DIY Gene Editing, RaiBo, AI handwriting, Metric Pirates

    Snap! — Psyche Probe, DIY Gene Editing, RaiBo, AI handwriting, Metric Pirates

    Spiceworks Originals

    Your daily dose of tech news, in brief.

    Welcome to the Snap!

    Flashback: January 27, 1880: Thomas Edison receives patent for the Electric Lamp. (Read more HERE.)

    Bonus Flashback: January 27, 1967: Apollo 1 Tragedy (Read more HERE.)

    You …

  • Curated NEC Inmail Email doesn't Change

    NEC Inmail Email doesn’t Change

    Collaboration

    Hey Everyone,Recently a client of mine wanted to change the email to their QA extension to her email as to help keep voicemails consolidated instead of spread out among different emails. Normally this wouldn’t be a huge deal. Logged in to to Webpro, hoppe…

  • Curated I inherited some really cool equipment. I just have no clue how to use it!

    I inherited some really cool equipment. I just have no clue how to use it!

    Hardware

    So I’ve got some switches, and some servers. The switches seem pretty straight forward, plug in packet go zoom, but I have no clue how these servers work. They’re headless rack servers. I know there must be a way to get some kind of UI going with a monito…

Windows 10: WMI activity even 5858 and no one seems to know how to fix it

Discus and support WMI activity even 5858 and no one seems to know how to fix it in Windows 10 Network and Sharing to solve the problem; I have been receiving these errors for a very long time on windows 10. My event viewer for the service WMI is completely full of 5858 errors. The only…
Discussion in ‘Windows 10 Network and Sharing’ started by JumpierElf91, Aug 26, 2021.

  1. WMI activity even 5858 and no one seems to know how to fix it

    I have been receiving these errors for a very long time on windows 10. My event viewer for the service WMI is completely full of 5858 errors. The only fix i haven’t tried is one that no one seems to be able to help me do.https://docs.microsoft.com/de-DE/troubleshoot/windows-client/system-management-components/wmi-activity-event-5858-logged-with-resultcode-0x80041032it explains that I should do the following.The WMI client application should be modified to IEnumWbemClassObject::Nextissue calls to get the full result set before the IWbemContext object is released. If no objec

    :)

  2. WMI Activity generates event ID 5858 every 15 seconds

    WMI Activity generates event ID 5858 every 15 seconds
    Errors Are related to Intel CIntelWLANEvent, win32_perfformatteddata_perfdisk_physicaldisk CurrentDiskQueueLength, BIOSEvent

    Ran dism Sfc Chkdsk all without error.

    Turned off WMI performance adapter Service and the errors ceased

    At one point it had reconfigured all my apps

    I have created a wmi activity evtx file
    Error 11/15/2017 2:18:52 PM WMI-Activity 5858 None

    Windows 10 home Fall creators edition Dell 5567

    [Moved from: Windows / Windows 10 / Windows settings]

  3. WMI events 5858 on a Windows Server 2016, what to do?

    Thanks for your quick reply.

    As suggested I created a copy of this question on Technet forum: Technet
    copy

  4. WMI activity even 5858 and no one seems to know how to fix it

    Windows not shutting down, caused by Event Error 5858 ? (WMI Activity)

    Regularly my pc does not shut down, it gets stuck on the blue screen with «Shutting Down»
    After a while I need to shut down the pc, using the power-button on the case.

    I already untagged «Turn on fast start-up (recommended)»
    under Control Panel->All Control Panel Items->Power Options->System Settings under ‘Shut-down settings»

    Regretfully that did not solve the issue.

    I checked the event log between me initiating shutdown (event 1074) and rebooting.

    There are quite a number of entries reading like this:

    Event : 5858
    Source : Microsoft-Windows-WMI-Activity
    Description:
    Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = DESKTOP-JFFLEA5; User = NT AUTHORITYSYSTEM; ClientProcessId = 2908; Component = Unknown; Operation = Start IWbemServices::ExecQuery — rootwmi : select * from WDMClassesOfDriver where ClassName = «MSStorageDriver_ClassErrorLogEntry»; ResultCode = 80041032; PossibleCause Unknown

    Event : 5858
    Source : Microsoft-Windows-WMI-Activity
    Description:
    Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = DESKTOP-JFFLEA5; User = NT AUTHORITYSYSTEM; ClientProcessId = 2908; Component = Unknown; Operation = Start IWbemServices::ExecQuery — rootwmi : select * from WMIBinaryMofResource where Name = «USBSTORDisk&Ven_WD&Prod_My_Book_1230&Rev_106557583231443934374E345956&0_0-{05901221-D566-11d1-B2F0-00A0C9062910}»; ResultCode = 80041032; PossibleCause = Unknown
    =

    Note that I did have external drives running, but they were properly removed (ejected) and then, before shutting down, they were switched/powered off, i.e. they didn’t exist anymore for Windows.

    Does anybody out there know how to handle this and what is causing this error?
    Any solutions?

    Thanks!

    =

Thema:

WMI activity even 5858 and no one seems to know how to fix it

  1. WMI activity even 5858 and no one seems to know how to fix it — Similar Threads — WMI activity 5858

  2. Repeated WMI Error 0x80041032 Event 5858 caused by swiservice.exe, cause «Unknown»

    in Windows 10 BSOD Crashes and Debugging

    Repeated WMI Error 0x80041032 Event 5858 caused by swiservice.exe, cause «Unknown»: Hi everyoneI came across this while looking into what’s gobbling up CPU power at startup. This is the output from Event Viewer > Applications and Service LogsMicrosoftWindowsWMI-ActivityOperational:Log Name: Microsoft-Windows-WMI-Activity/OperationalSource:…

  3. Repeated WMI Error 0x80041032 Event 5858 caused by swiservice.exe, cause «Unknown»

    in Windows 10 Gaming

    Repeated WMI Error 0x80041032 Event 5858 caused by swiservice.exe, cause «Unknown»: Hi everyoneI came across this while looking into what’s gobbling up CPU power at startup. This is the output from Event Viewer > Applications and Service LogsMicrosoftWindowsWMI-ActivityOperational:Log Name: Microsoft-Windows-WMI-Activity/OperationalSource:…

  4. Repeated WMI Error 0x80041032 Event 5858 caused by swiservice.exe, cause «Unknown»

    in Windows 10 Software and Apps

    Repeated WMI Error 0x80041032 Event 5858 caused by swiservice.exe, cause «Unknown»: Hi everyoneI came across this while looking into what’s gobbling up CPU power at startup. This is the output from Event Viewer > Applications and Service LogsMicrosoftWindowsWMI-ActivityOperational:Log Name: Microsoft-Windows-WMI-Activity/OperationalSource:…

  5. Anyone know how to fix this?

    in Windows 10 Ask Insider

    Anyone know how to fix this?: Since my computer updated to Windows 10 Version 2004 it’s been virtually impossible to play games. Constant black screen crashes on multiple games and even basic stuff like watching Youtube. Been looking around for how to fix this but haven’t found anything and I’m not…

  6. Anyone know how to fix this?

    in Windows 10 Ask Insider

    Anyone know how to fix this?: [ATTACH] submitted by /u/Antron_edition
    [link] [comments]

    Anyone know how to fix this?
    by u/Antron_edition in Windows10

  7. WMI issue with event id 5858

    in Windows 10 BSOD Crashes and Debugging

    WMI issue with event id 5858: I have Windows 10. I have an issue with the CPU usage and it seems to be connected to WMI. It means that my fan is constantly running and the machine seems to be always doing something. I have done a bit of research and have identified that the error seems to be caused by…

  8. WMI-Activity Error

    in Windows 10 Customization

    WMI-Activity Error: Hiya, I was having trouble with WMI Provider Host, I googled it and did actually manage to find a thread on here linked below:…

  9. WMI activity ERROR

    in Windows 10 Network and Sharing

    WMI activity ERROR: How can I fix the WMI error in Window 10?

    https://answers.microsoft.com/en-us/windows/forum/all/wmi-activity-error/bd3ec1d0-89a6-48a1-9346-0f54a811fbd0

  10. Windows not shutting down, caused by Event Error 5858 ? (WMI Activity)

    in Windows 10 Performance & Maintenance

    Windows not shutting down, caused by Event Error 5858 ? (WMI Activity): Regularly my pc does not shut down, it gets stuck on the blue screen with «Shutting Down»
    After a while I need to shut down the pc, using the power-button on the case.

    I already untagged «Turn on fast start-up (recommended)»
    under Control Panel->All Control Panel…

Users found this page by searching for:

  1. wmi-activity event 5858 0x80041013

    ,

  2. event id 5858 wmi-activity

Любой бывалый Windows-админ периодически сталкивается с проблемами в работе службы WMI (Windows Management Instrumentation) и ее компонентах. Наличие проблем в подсистеме WMI является критичным с точки зрения нормального функционирования Windows, поэтому администратору необходимо проверить и восстановить работоспособность WMI. В этой статье мы опишем простую методику диагностирования и устранения неполадок службы WMI в Windows.

О наличии проблем с WMI может свидетельствовать широкий спектр ошибок:

  • Ошибки обработки WMI запросов в системных журналах и логах приложений (
    0x80041002 - WBEM_E_NOT_FOUND
    ,
    WMI: Not Found
    ,
    0x80041010 WBEM_E_INVALID_CLASS
    );
  • Ошибки обработки GPO, связанные на WMI ( некорректная работа wmi фильтров групповых политик, и пр.);
  • WMI запросы выполняются очень медленно;
  • Ошибки при установке или работе агентов SCCM/SCOM;
  • Ошибки в работе скриптов (vbs или PowerShell), использующих пространство имен WMI (скрипты с Get-WmiObject и т.д.).

Содержание:

  • Диагностика проблем с WMI
  • Исправление WMI репозитория, перерегистрация библиотек, перекомпиляция MOF файлов
  • Сброс и пересоздание WMI репозитория (хранилища)

В первую очередь нужно проверить служба Windows Management Instrumentation (Winmgmt) установлена в Windows и запущена. Вы можете проверить состояние службы в консоли services.msc или с помощью PowerShell:

Get-Service Winmgmt | Select DisplayName,Status,ServiceName

служба Windows Management Instrumentation (Winmgmt) работает

Если служба Winmgmt запущена, вы можете проверить работоспособность WMI, обратившись к ней с помощью простого WMI-запроса. Вы можете выполнить wmi запрос из командной строки или из PowerShell. Например, следующая команда выведет список установленных в Windows программ:

wmic product get name,version

Простейшая PowerShell команда для получения информации о версии и билда Windows 10 через WMI может выглядеть так:

get-wmiobject Win32_OperatingSystem

powershell проверка работы wmi командой get-wmiobject

Как вы видите, служба WMI ответила на запрос корректно. Если при выполнении такого WMI-запроса Windows возвращает ошибку, скорее всего сервиса WMI работает некорректно, поврежден WMI репозиторий или есть какие-то другие проблемы.

ошибка Failed to initialize all required WMI classes

В моем случае, например, при открытии свойств WMI Control в консоли управления компьютером (compmgmt.msc) появлялась надпись:

Failed to initialize all required WMI classes
Win32_Processor. WMI: Invalid namespace
Win32_WMISetting. WMI: Invalid namespace
Win32_OperationSystem. WMI: Invalid namespace

Ранее для диагностики WMI существовала официальная утилита от Microsoft – WMIDiag.vbs (Microsoft WMI Diagnosis). WMIdiag это vbs скрипт, который проверяет различные подсистемы WMI и записывает собранную информацию в лог файлы (по умолчанию логи находятся в каталоге %TEMP% — C:USERS%USERNAME%APPDATALOCALTEMP). Получившийся отчет состоит из файлов, имена которых начинаются с WMIDIAG-V2.2 и включает в себя следующие типы фалов:

  • .log файлы содержат подробный отчет об активности и работе утилиты WMIDiag;
  • .txt файлы содержат итоговые отчеты о найденных ошибках, на которые стоит обратить внимание;
  • В .csv файлах содержится информация, нужная для долгосрочного анализа работы подсистемы WMI.

скрипт для исправления ошибок WMI WMIDiag.vbs

Совет. В 64 битных версиях Windows wmidiag нужно запускать так:

c:windowsSystem32cscript.exe wmidiag.vbs

в противном случае появится ошибка:

WMIDiag must be run from native 64-bit environment. It is not supported in Wow64.

WMIDiag It is not supported in Wow64

После окончания работы утилиты WMIDiag администратор должен изучить полученные файлы логов, проанализировать и попытаться исправить найденные ошибки.

К сожалению, последняя версия WMIDiag 2.2 корректно работает только с версиями до Windows 8.1/Windows Server 2012 R2. На данный момент Microsoft даже удалила ссылку на загрузку WMIDiag из Download Center. Но при желании, этот скрипт можно найти в сети.

WMIDiag может дать подробную информацию по исправлению частных ошибок в WMI, но в большинстве случаев процесс это довольно трудоемкий и стоит потраченного времени только при решении инцидентов в критичных системах (как правило, на продуктивных серверах). Для массового сегмента рабочих станций пользователей сбросить и пересоздатьWMI репозиторий в Windows.

Исправление WMI репозитория, перерегистрация библиотек, перекомпиляция MOF файлов

В Windows 10/Windows Server 2016 вы можете проверить целостность репозитория WMI с помощью команды:

winmgmt /verifyrepository

winmgmt-verifyrepository - проверка состояния репозитория wmi

Если команда возвращает, что база данных WMI находится в неконсистентном состоянии (INCONSISTENT или WMI repository verification failed), стоит попробовать выполнить “мягкое” исправление ошибок репозитория:

Winmgmt /salvagerepository 

WMI repository has been salvaged.

Данная команда выполняет проверку согласованности хранилища WMI и при обнаружении несогласованности перестраивает базу данных WMI.

Перезапустите службу WMI:

net stop Winmgmt
net start Winmgmt

Если стандартный способ исправления ошибок в WMI не помог, попробуйте следующий скрипт. Данный скрипт представляет собой ”мягкий” вариант восстановления службы WMI на компьютере (выполняется перерегистрация dll библиотек и службы WMI, перекомпилируются mof файлы). Данная процедура является безопасной и ее выполнение не должно привести к каким-либо новым проблемам с системой.

sc config winmgmt start= disabled
net stop winmgmt
cd %windir%system32wbem
for /f %s in ('dir /b *.dll') do regsvr32 /s %s
wmiprvse /regserver
sc config winmgmt start= auto
net start winmgmt
for /f %s in ('dir /b *.mof') do mofcomp %s
for /f %s in ('dir /b *.mfl') do mofcomp %s

На 64 битной версии Windows эти действия нужно также выполнить для каталога SysWOW64. Замените третью строку на

cd %windir%SysWOW64wbem

bat скрипт для перерегистрации компонентов wmi

Указанные команды можно выполнить путем простой вставки в окно командой строки, либо сохранить код в bat файле wmi_soft_repair.bat и запустить его с правами администратора. После окончания работы скрипта, перезагрузите Windows и проверьте работу WMI.

Сброс и пересоздание WMI репозитория (хранилища)

Если вам не помогли мягкие способ восстановления WMI, рассмотренные выше, придется перейти к более “жесткому” способу восстановления работоспособности службы WMI, заключающегося в пересоздании хранилищаWMI.

WMI репозиторий (хранилище) находится в каталоге
%windir%System32WbemRepository
и представляет собой базу данных, в которой содержится информация о метаданных и определениях WMI классов. В некоторых случаях WMI репозиторий может содержать статическую информацию классов. При повреждении репозитория WMI, в работе службы Windows Management Instrumentation (Winmgmt) могут наблюдаться ошибки вплоть до полной невозможности ее запустить.

Если вы подозреваете, что репозиторий WMI поврежден, имейте в виду, что его пересоздание — это последняя шаг, к которому нужно прибегнуть только тогда, когда другие операции не помогают реанимировать WMI.

Следующая команда выполнит сброс базы данных WMI к исходному состоянию (как после чистой установки Windows). Используйте эту команду для выполнения hard reset репозитория WMI, если параметре salvagerepository не исправил проблему:

Winmgmt /resetrepository

Совет. На практике бывают случаи, когда пересоздание хранилища WMI приводит к проблемам со сторонним софтом. Это связано с тем, что все записи в базе WMI обнуляются (до состояния чистой системы). Такие программы скорее всего, придется переустанавливать в режиме восстановления.

Если обе команды (
Winmgmt /salvagerepository
и
Winmgmt /resetrepository
) не восстановили консистентное состояние базы WMI, попробуйте выполнить “жесткое” пересоздание базы WMI вручную таким скриптом:

sc config winmgmt start= disabled
net stop winmgmt
cd %windir%system32wbem
winmgmt /resetrepository
winmgmt /resyncperf
if exist Repos_bakup rd Repos_bakup /s /q
rename Repository Repos_bakup
regsvr32 /s %systemroot%system32scecli.dll
regsvr32 /s %systemroot%system32userenv.dll
for /f %s in ('dir /b *.dll') do regsvr32 /s %s
for /f %s in ('dir /b *.mof') do mofcomp %s
for /f %s in ('dir /b *.mfl') do mofcomp %s
sc config winmgmt start= auto
net start winmgmt
wmiprvse /regserver

сброс и восстановление хранилища wmi в windows 10

На 64 битной версии Windows нужно также перерегистрировать dll/exe и перекомпилировать mof файлы в каталоге %windir%sysWOW64wbem.

Данный скрипт полностью пересоздает хранилище WMI (старый репозиторий сохраняется в каталог Repos_bakup). После окончания работы скрипта нужно перезагрузить Windows. Затем протестируйте работу службы WMI простым запросом.

Проверьте состояние WMI репозитория. Если ошибки исправлены, команда
winmgmt /verifyrepository
должна вернуть:

WMI repository is consistent

WMI repository is consistent

В этой статье мы собрали основные способы, позволяющие продиагностировать и устранить неполадки службы и репозитория WMI.

Источник

Good morning,

This question is a copy of
the one, asked on the Microsoft community. I’ve been advised to copy this question here. Hereby my question:

On a customer’s system, I’ve installed a program, which launches quite some WMI queries, for determining the status of the machine.

Regularly those WMI queries are failing, and in event logs, there are lots of errors (event ID 5858), hereby a typical example (I’ve obfuscated computer name, customer name and GUID for security reasons):

Log Name:      Microsoft-Windows-WMI-Activity/Operational
Source:        Microsoft-Windows-WMI-Activity
Date:          1/04/2019 14:54:06
Event ID:      5858
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      Computer_Name.Customer.intra
Description:
Id = {00000000-0000-0000-0000-000000000000}; ClientMachine = Computer_Name; User = NT AUTHORITYSYSTEM; ClientProcessId = 6968; Component = Unknown; Operation = Start IWbemServices::ExecQuery — rootccmpolicymachine : select * from InventoryAction where InventoryActionID=»{00000000-0000-0000-0000-000000000001}»;
ResultCode = 0x80041032; PossibleCause = Unknown
Event Xml:
<Event xmlns=»http://schemas.microsoft.com/win/2004/08/events/event»>
  <System>
    <Provider Name=»Microsoft-Windows-WMI-Activity» Guid=»{……..-….-….-….-…………}» />
    <EventID>5858</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime=»2019-04-01T12:54:06.515593700Z» />
    <EventRecordID>570075</EventRecordID>
    <Correlation />
    <Execution ProcessID=»1736″ ThreadID=»30436″ />
    <Channel>Microsoft-Windows-WMI-Activity/Operational</Channel>
    <Computer>Computer_Name.Customer.intra</Computer>
    <Security UserID=»S-1-5-18″ />
  </System>
  <UserData>
    <Operation_ClientFailure xmlns=»http://manifests.microsoft.com/win/2006/windows/WMI»>
      <Id>{00000000-0000-0000-0000-000000000000}</Id>
      <ClientMachine>Computer_Name</ClientMachine>
      <User>NT AUTHORITYSYSTEM</User>
      <ClientProcessId>6968</ClientProcessId>
      <Component>Unknown</Component>
      <Operation>Start IWbemServices::ExecQuery — rootccmpolicymachine : select * from InventoryAction where InventoryActionID=»{00000000-0000-0000-0000-000000000001}»</Operation>
      <ResultCode>0x80041032</ResultCode>
      <PossibleCause>Unknown</PossibleCause>
    </Operation_ClientFailure>
  </UserData>
</Event>

There are 210 such events, the different «ResultCode» values are shown here:

Amount of occurences ResultCode
1 0x80041033
1 0x800706BE
2 0x80041017
6 0x80070422
14 0x80041001
18 0x80041010
42 0x80041002
44 0x80041032
82 0x8004101D

The customer has Windows Server 2016.

Why are those error logs appearing and what can I do in order to avoid them? (Windows update, patch installation (which one?), …)

For your information, my program(s) is/are launching lots of WMI queries, some of them quite complicated, like this one:

SELECT Handle,Name,PageFileUsage,WorkingSetSize,VirtualSize,CommandLine FROM Win32_Process WHERE CommandLine IS NOT NULL AND (ProcessId=6968 or ProcessId=3796 or ProcessId=1120 or ProcessId=3056 or ProcessId=6620 or ProcessId=7520 or ProcessId=28980 or ProcessId=29328 or ProcessId=9012 or ProcessId=7588 or ProcessId=7212 or ProcessId=7744 or ProcessId=7300 or ProcessId=7380 or ProcessId=7416 or ProcessId=9936 or ProcessId=10000 or ProcessId=10068 or ProcessId=10136 or ProcessId=9824 or ProcessId=10808 or ProcessId=10868 or ProcessId=10928 or ProcessId=10996 or ProcessId=10768 or ProcessId=8724 or ProcessId=7136 or ProcessId=8756 or ProcessId=2752 or ProcessId=12984 or ProcessId=10988 or ProcessId=9312 or ProcessId=7308 or ProcessId=7752 or ProcessId=4 or ProcessId=2864 or ProcessId=1684 or ProcessId=2872 or ProcessId=3080 or ProcessId=5452 or ProcessId=6288 or ProcessId=5668 or ProcessId=7628 or ProcessId=38504 or ProcessId=6236 or ProcessId=34356 or ProcessId=3940 or ProcessId=5996 or ProcessId=3068 or ProcessId=3076 or ProcessId=8940 or ProcessId=2688 or ProcessId=3048 or ProcessId=2392 or ProcessId=912 or ProcessId=824 or ProcessId=12252 or ProcessId=2664 or ProcessId=30376 or ProcessId=1128 or ProcessId=2880 or ProcessId=108 or ProcessId=4472 or ProcessId=2960 or ProcessId=2912 or ProcessId=116 or ProcessId=712 or ProcessId=10672 or ProcessId=2284 or ProcessId=1748 or ProcessId=2056 or ProcessId=2572 or ProcessId=2580 or ProcessId=2588 or ProcessId=2760 or ProcessId=2768 or ProcessId=2844 or ProcessId=136 or ProcessId=1212 or ProcessId=1220 or ProcessId=1300 or ProcessId=1328 or ProcessId=1336 or ProcessId=1400 or ProcessId=1568 or ProcessId=1736 or ProcessId=816 or ProcessId=1600 or ProcessId=2640 or ProcessId=37004 or ProcessId=936 or ProcessId=968 or ProcessId=3648)

Thanks in advance

Dominique

  • Edited by

    Wednesday, April 3, 2019 10:31 AM

  • Moved by
    cloris_sun
    Monday, April 8, 2019 9:50 AM

Источник

Понравилась статья? Поделить с друзьями:
  • Wmf presto 1400 ошибка 167
  • Wmail exe ошибка при запуске
  • Wm f510stl ww dexp ошибки
  • Wlf 20170 ce сброс ошибки
  • Wlan autoconfig windows 10 ошибка