Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
WinMgmt could not not initialise the core parts. This could be due to a badly installed version of WinMgmt, insufficient disk space or insufficient memory.
|English: Request a translation of the event description in plain English.|
In my case just deleting the items in the repository folder did not fix the issue. To actually fix/reinstall WMI do the following:
- Stop Window Management Instrumentation
- Backup and delete the items in the %windir%\System32\wbem\repository folder
If problem persists continue below:
- Disable and Stop Windows Management Instrumentation in Services.
- Open a command prompt with administrator privledges
- Change directory to %windir%\System32\wbem
- Run these two commands:
for /f in ('dir /b *.dll') do regsvr32 /s %s
for /f %s in ('dir /b *.mof') do mofcomp %s
This registers dll and recompiles the WMI mof files. If you get errors stop the WMI service and disable it. After all that run the following command:
Start the WMI service and make sure the start up type is set to Automatic.
If you have configured WMI to log to a custom directory such as "c:\temp\WBEM" and that directory is then removed, you may get this message. You may also see "path does not exist" or "file not found" when looking at the properties of WMI from a MMC snap in. Use Filemon to see if WMI may be trying to log to a nonexistent directory. If it is, create it, restart WMI and test. I recommend you leave the default logging dir (c:\windows\system32\wbem\logs), as it is unlikely it would ever be deleted.
As per Microsoft: "Windows Management Instrumentation (WMI) could not start. The startup process creates many Component Object Model (COM) objects, allocates memory, accesses registry keys, etc. A failure in any one of these steps can cause WMI not to start". See MSW2KDB for information on solving this problem.
I should also mention what caused this error for me. When I went to Start/Settings/Control Panel/System/Advanced (tab)/Settings (button) in the "Performance" section/Advanced (tab)/ and changed the Memory usage section FROM "Programs" TO "System cache".
Since the system will not save any settings and you're getting a bunch of popup Delyaed Write Transactions you have to boot into the regular Safe Mode (hit F8 when booting and select Safe Mode) so you can get into XP without all the warnings and change it back. After that, do what I listed above and you should be back to normal and no more errors.
To fix this problem you need to reinstall wmi into the registry.
Go to Start/Run/CMD and type in: "net stop winmgmt". Then delete the %windir&\system32\wbem\repository directory. Once done go back to Start/Run/CMD and type in: "net start winmgmt".
Then reinstall wmi into the registry: Go to Start/Run and type in: "CMD", then "Winmgmt/?" for information. Then run each of these hitting enter after each:
Could also indicate that windows has started in Safe Mode.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated