Fixed an issue where the Win32_Environment WMI class was requested by multiple requestors on a computer running Windows 7 or Windows Server 2008 R2. When this problem occurs, you will receive the error code “0X80041001 (WBEM_E_FAILED)”.
When the Win32_Environment class is queried, the structure of each user-defined structure is loaded into the HKEY_USERS registry key and the user-specific environment properties are read. The downloaded registry hive can be unloaded by any user with the required permissions, unless the user still has a key for the open hive subkey. In this situation, the loading and unloading processes are protected by the critical section. However, opening the key in the hive is not secure. Therefore, a hive loaded with one line can be unloaded with another line. This problem occurs in this situation.
A general error occurs during a remote request because the profile of the user making the request cannot be properly parsed on the remote system. Some installation packages are installed by default for each user, others do not need it. If your user account has been authorized during any of these installations and you try to request Win32_Product remotely, you will most likely see a General Failure error. This is more common in some environments than others, especially if the person managing the desktops is the same person who provided or created the desktop “ image ” for them, as their profile is more likely to have records of installation “per user”. contains “.
The solution to this problem for Windows XP and Windows Server 2003 is to run the request on behalf of a user account whose workstations do not yet have the software installed. For example, create a user account that is specifically used for software inventory or other administrative activities, and then use that account to run queries. NEVER use this account to install software on monitored systems.
Apply the official Microsoft patch
A supported hotfix is available from Microsoft. This hotfix does not replace previously released hotfixes.
To apply this hotfix, you must be using one of the following operating systems:
- Windows 7 Service Pack 1 (SP1)
- Windows Server 2008 R2 Service Pack 1 (SP1)
To completely rebuild the WMI repository, follow these steps:
- Disable and stop the Winmgmt service.
- Delete or rename C: \ Windows \ System32 \ wbem \ repository.
- Activate and start the winmgmt service.
- Open a command prompt as administrator.
- At the command prompt, navigate to C: \ Windows \ System32 \ wbem \
- Run the command for / f% s in (‘dir / b * .mof’) do mofcomp% s. It will take about a minute.
- Run the command for / f% s in (‘dir / b en-us \ *. Mfl’) do mofcomp en-us \% s
Test WMI connection using WBEMTest
The connector service uses WMI to connect to domain controllers and collect events. If permissions are not set for these connections, the Control Panel may display “Access Denied” errors. To manually check your WMI connectivity, follow these steps:
This test should be run on the computer where the connector is installed. To run a test:
- Click Start> Run> WBEMTest> OK.
- Click Connect.
- Select the domain controller that is experiencing the problem or that was sent by support for testing. It must be a different computer than the one you are running this test on.
- Enter the IP address you want to connect to in the following format. DO NOT use the hostname.
- \ 192.168.10.1 \ root \ cimv2
- Please note that WBEMTest must run on the same computer where the connector is installed. In this step, you will connect to the remote domain controller.
- Use the OpenDNS_Connector user and password in the Credentials section.
- Note. To run this test directly on a domain controller, use root \ cimv2 as the namespace and clear the username and password fields.
- Click Connect.
- Click Request Notification.
- Paste the following content into the white text box:
- SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA ‘Win32_NTLogEvent’ and TargetInstance.LogFile = ‘Security’ AND (TargetInstance.EventCode = 528 OR TargetInstance.EventCode = 540 OR TargetInstance.EventCode = 540 OR TargetInstance.EventCode = 46Or TargetInstance.Event. TargetInstance.EventCode = 4624 OU. TargetInstance.EventCode = 4634 OR TargetInstance.EventCode = 4768 OR TargetInstance.EventCode = 4769)
- Click Apply.
- Access is denied. Is there an error here? Make sure the event log reader group has access to the event logs using our help article here.
- If everything is working fine, you should see objects as shown in the following screenshot. Otherwise, you do not have WMI permissions or are having trouble connecting to the remote server.