Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 28 Source: WinMgmt

WinMgmt could not not initialise the core parts. This could be due to a badly installed version of WinMgmt, insufficient disk space or insufficient memory.
In my case just deleting the items in the repository folder did not fix the issue. To actually fix/reinstall WMI do the following:

- Stop Window Management Instrumentation
- Backup and delete the items in the %windir%\System32\wbem\repository folder
- Reboot

If problem persists continue below:
- Disable and Stop Windows Management Instrumentation in Services.
- Open a command prompt with administrator privledges
- Change directory  to %windir%\System32\wbem
- Run these two commands:

    for /f in ('dir /b *.dll') do regsvr32 /s %s
    for /f %s in ('dir /b *.mof') do mofcomp %s

This registers dll and recompiles the WMI mof files. If you get errors stop the WMI service and disable it. After all that run the following command:

    wmiprvse /regserver

Start the WMI service and make sure the start up type is set to Automatic.
If you have configured WMI to log to a custom directory such as "c:\temp\WBEM" and that directory is then removed, you may get this message. You may also see "path does not exist" or "file not found" when looking at the properties of WMI from a MMC snap in. Use Filemon to see if WMI may be trying to log to a nonexistent directory. If it is, create it, restart WMI and test. I recommend you leave the default logging dir (c:\windows\system32\wbem\logs), as it is unlikely it would ever be deleted.
As per Microsoft: "Windows Management Instrumentation (WMI) could not start. The startup process creates many Component Object Model (COM) objects, allocates memory, accesses registry keys, etc. A failure in any one of these steps can cause WMI not to start". See MSW2KDB for information on solving this problem.
I should also mention what caused this error for me. When I went to Start/Settings/Control Panel/System/Advanced (tab)/Settings (button) in the "Performance" section/Advanced (tab)/ and changed the Memory usage section FROM "Programs" TO "System cache".
Since the system will not save any settings and you're getting a bunch of popup Delyaed Write Transactions you have to boot into the regular Safe Mode (hit F8 when booting and select Safe Mode) so you can get into XP without all the warnings and change it back. After that, do what I listed above and you should be back to normal and no more errors.
To fix this problem you need to reinstall wmi into the registry.
Go to Start/Run/CMD and type in: "net stop winmgmt". Then delete the %windir&\system32\wbem\repository directory. Once done go back to Start/Run/CMD and type in: "net start winmgmt".
Then reinstall wmi into the registry: Go to Start/Run and type in: "CMD", then "Winmgmt/?" for information. Then run each of these hitting enter after each:

Could also indicate that windows has started in Safe Mode.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.