28 Apr 2011

Troubleshooting WMI probe and Script related problems (part 2)



This part applies for Windows 2003 managed servers.
I would remind you that we are investigating the following types of alerts:







- Workflow Runtime: Failed to run a WMI query
Object enumeration failed
Query: 'SELECT xx FROM xx WHERE Name =xx
HRESULT: 0x800xxxxx
- Script or Executable Failed to run
- WMI Probe Module Failed Execution
- Failed to run a WMI query
- Failed to run a process or script
- Backward Compatibility Script Error

Let's take a look on action that we can perform to investigate the cause of alerts.

- investigate the OpsMgr event log on the agent

Check log for Warning/Critical events to see if a lot of workflows are failing due to this issue

- check if WMI is responsive

run WBEMTEST
connect to "root\cimv2"
hit “query” and execute a “select * from win32_operatingsystem” to see if it returns results, or an error
also you can run a query for a namespace that is mentioned in alert(for example root\MicrosoftDNS)

Basing on this information you can make a decision on possible causes.

Most common fixes:

1.  Apply KB933061  This resolves a LOT of issues on the Windows 2003 OS with WMI.  This should be one of your first steps.

2.  Registry modification for WMI buffer thresholds (see below)
“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Low Threshold On Events (B)" to 35000000 (default is 10000000)
”HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\High Threshold On Events (B)" to 70000000 (default is 20000000)
The registry modification to WMI buffers increases the amount of objects that WMI can hold before injecting sleep delays to the WMI service.
3.  Apply KB955360  This updates the Windows Scripting Host (cscript) to version 5.7.  This resolves script timeouts, and scripts consuming a LOT of CPU during execution, and problems with multiple scripts running at the same time.

Making these three modifications should resolve the majority of systemic issues out there, unless WMI is completely corrupt/unresponsive and needs repair.  Sometimes, rebooting a server, or bouncing WMI will temporarily resolve these issues as well, if you cannot apply the fixes immediately.

This post was created basing on information form Kevin Holman's blog.
Tags: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)