Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 18 Source: WinMgmt

Source
Level
Description
Failed to CoGetClassObject for provider "<application name>". EXE has error in image (<error code>).
Comments
 
Application: CIMW32Ex Error: 0x800401F9 - no info
When this error message is seen on a Windows 2000 system it is usually the result of someone's attempt to uninstall, reinstall, or upgrade the WMI components. The typical scenario involves someone first deleting the WBEM registry key and SYSTEM32\WBEM folder, followed by an attempt to reinstall WMI via either SMS or the wbemsdk included with SMS. The result is a system with a build 698 registry structure, a 698 repository (and MOFs), and build 1085 binaries. You can confirm this corruption by viewing the WMI version number using the WMI control snap-in.

MyComputer -> Manage -> Services and Applications -> WMI Control ->Properties -> General

The "WMI Version" is listed in the dialog under the General tab. If the WMI Version  on Windows 2000 is anything other than "1085.0005" (i.e. 698.0014) you've got a corrupted WMI install.

Here is a rough outline of a plan that may work....
- Stop WMI (net stop winmgmt)
- Delete the WBEM registry key (HKLM\SOFTWARE \Microsoft\WBEM)
- Delete all of the contents of the "%systemroot%\system32\wbem" folder and all of
the contents of the subfolders (Repository, Logs, Mofs, etc). When you do this you
will notice that Windows 2000 SFP will restore most of the binaries (this is a good
thing).
- Export the WBEM registry key from an identically configured "working" system.
Import this data on the non-working system.
- Copy all of the contents of the "%systemroot%\system32\wbem" tree from an
identically configured "working" system to the non-working system.
- Delete all of the contents of the "%systemroot%\system32\wbem\repository" folder
on the non-working system again.
- Restart WMI (net start winmgmt)

If you're very lucky, the repository will automatically rebuild and you will be back in business. If it doesn't work, it's time to reinstall the OS from scratch.

WMI is a core component of Windows 2000. Any attempt to remove or reinstall WMI will corrupt the operating system. The only way to recover is to reinstall the operating system.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...