Where is my WMI?
Date: 2011-05-03 11:27:43
I had a user call and state their computer was behaving badly. I went over to visit. The computer (Windows 7 x64 with SP1) was popping up notifications when it shouldn't. It was demanding an encryption token when it shouldn't. It was doing some strange things. It was acting like it didn't have to follow the rules.
I tried to update Group Policy on the machine by running gpupdate /force. I opened the Event Viewer and reviewed the many Group Policy errors. I ran a gpresult -v and piped it out to a text file. I opened up the results text file and all the Group Policies that had WMI Filters were denied. Why weren't my GPOs with a WMI Filter applying? Grr... I opened up the System Information window with the MSINFO32 command and here is what I saw in the System Summary: "Can't collect information. Cannot access the Windows Management Instrumentation software. Windows Management files may be moved or missing."
Well, that isn't very good. I ran a System File Check with sfc /scannow (from an administrator elevated command prompt). I copied the CBS.log file to my Temp folder and reviewed the findings. I ran MSINFO32 again. It looked like SFC didn't work. I tried to verify the WMI Repository with winmgmt /verifyrepository %windir%\system32\wbem. Everything checked fine. I tried to salvage the repository with a /salvagerepository %windir%\system32\wbem. And I tried a few more things, all with no luck.
I finally bit the bullet and decided to rebuild the repository. I stopped the Windows Management Service with the command: net stop winmgmt. I was prompted to OK the stopping of additional services, which I did. I opened up Windows Explorer and navigated to C:\Windows\System32\WBEM. I checked to make sure the WMI service was stopped by running net stop winmgmt again. Apparently it hadn't stopped. I renamed the repository folder to repository.old. Then I started the WMI service back up with net start winmgmt. The repository folder was recreated.
I opened MSINFO32 again, it took a little while, but I saw all the correct computer information. I ran gpupdate /force and when prompted, I rebooted the computer. I ran a few more checks, and everything looked fine.