Jump to content

Here's how to Fix WMI Event ID 10, "InstanceModificationEven


Bilar Crais

Recommended Posts

I've successfully got rid of this one:

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Boot into safe mode. First, open services and stop the Windows Management Instrumentation Service. Take ownership of the folder or the contents of the folder "C:\Windows\System32\wbem\Repository." I've done this three times now on different installs and didn't have any issues after doing this, but I suggest you back up the folder to be certain. Delete the contents of the folder. Reboot. When you boot into Vista, you might notice a half dozen or so application errors...it's OK.

Reboot again, and Event ID 10 will be gone, along with the afore mentioned application errors.

Good luck, I'm not responsible for you hosing your system, & all that.

Edited by Bilar Crais
Link to comment
Share on other sites


Thx for the info.

I will see about automating that, IF it is safe to allow all admins access to that folder.

Darn....I'm sorry. I forgot something important. I should have written this out prior to posting, rather than just stream of conscious. After doing this, MS DTC Service may stop running; you will get this event, even after subsequent reboots:

Event 4691: The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d027)

and

Event 4427: Failed to initialize the needed name objects. Error Specifics: hr = 0x80004005, d:\rtm\com\complus\dtc\dtc\msdtcprx\src\dtcinit.cpp:571, CmdLine: C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}, Pid: 3060

This is the way you get rid of these:

At a command prompt, type the following command:

%WINDIR%\System32\msdtc.exe -uninstall

5. Start Registry Editor, and then remove the following registry keys if they exist: • HKEY_CLASSES_ROOT\CID

• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC

• HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC

• HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSDTC

• HKEY_LOCAL_MACHINE\Software\Microsoft\MSDTC

6. At a command prompt, type %WINDIR%\System32\msdtc.exe -install.

I guess it sounds complicated, but my event log is absolutely clean now - the only warning I'm getting now is the Kerberos thing. All audits are successful, and no application red or yellow blotches.

I just went through the motions myself, and indeed just now when I rebooted, no more events.

Edited by Bilar Crais
Link to comment
Share on other sites

Worked :D Thanks. One time windows did take ages to boot up and i mean ages! but it returns to normal once done and i didn't have to do the MSDTC stuff as i don't have it :)

P.S. Shame Microsoft don't release a fix for this :(

Edited by LegoLiam™
Link to comment
Share on other sites

  • 3 months later...

I've started to get it too, I've had 2 total system freezes this week on a _very_ clean v64u system (with sp1 and all windows updates except the language packs) which has been flawless for months.

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

I'll try the fixes above shortly, thanks. I hope MS get wind of this and look into it as I've seen a few posts about it, and the only thing on MS's site seems to be how to stop the error being added to the log rather than how to fix the actual problem http://support.microsoft.com/kb/950375/en-us/

Link to comment
Share on other sites

Boot into safe mode. First, open services and stop the Windows Management Instrumentation Service. Take ownership of the folder or the contents of the folder "C:\Windows\System32\wbem\Repository." I've done this three times now on different installs and didn't have any issues after doing this, but I suggest you back up the folder to be certain. Delete the contents of the folder. Reboot. When you boot into Vista, you might notice a half dozen or so application errors...it's OK.

Reboot again, and Event ID 10 will be gone, along with the afore mentioned application errors.

You can achieve this without rebooting or safe mode, and without altering any file or folder privileges by :

in service manager stop Windows Management Instrumentation Service, it will also stop it's dependencies Security Center, and IP Helper

in administrator elevated command prompt (left hit win key to open start menu search, type cmd then ctrl+left shift and press enter) use an admin accounts log in details :

this will start a cmd shell with full admin privileges. using that :

c:

cd \

md backupres

cd \

cd windows\system32\wbem\repository

move * c:\backupres

exit

service manager start first Windows Management Instrumentation Service and then Security Center, and IP Helper.

you may wish to use computer manager -> Services and Applications -> WMI Control

right click it, select properties, use the Backup and restore tab to create a repository backup to resolve this issue quicker if it happens again.

using this method I have not had any problems with MS DTC, though that may be entirely coincidental.

Link to comment
Share on other sites

  • 2 months later...

Hey all,

I am about to pull my thinning hair out!! I installed WinXP Pro two years ago on the machine I built and never looked back, never a problem until the last few months a couple BSOD's (first time since the initial installation). Thought I would catch up with the times, had some extra $$$, wanted to start using the PC as DVR, and needed more HD space so why not go Vista? Heard many good things. OMG!!! Vista has crashed more times than XP, NT, and 98 all rolled into one! My event log can be used in place of fireworks this coming July 4th!! Vista Ultimate 32-Bit was a clean install on one of the brand new Seagate HD's. XP Pro is on the old WD drive.

I booted up in safe mode, gave myself full control of the repository folder and everything in it and still cannot do anything to any of the files in there (I do not have permissions do delete and the file is in use if I try to cut and paste into a different folder). I cannot rename, delete, or cut the files or the folder.

I tried Yakumo's instructions... When I type cmd in the search box, left crtl+shif it just closes and nothing happens... If I use Run... the command prompt window opens but I do not know if it is an "administrator elevated command prompt ". If it is the correct command prompt I guess I do not understand the instructions.

Here is the administrator event list from my last boot up (except for the Outlook event - this started showing up after the last BSOD - yesterday morning. It now shows up every time I start Outlook)...

Warning 9/13/2008 10:19:25 PM Microsoft Office 12 Sessions 7003 None

Error 9/13/2008 10:05:55 PM Service Control Manager Eventlog Provider 7001 None

Error 9/13/2008 10:05:55 PM Service Control Manager Eventlog Provider 7022 None

Error 9/13/2008 10:05:45 PM WMI 10 None

Error 9/13/2008 10:04:23 PM HttpEvent 15016 None

Error 9/13/2008 10:04:14 PM volmgr 49 None

Error 9/13/2008 10:03:55 PM volmgr 49 None

Warning 9/13/2008 10:02:56 PM Winlogon 6000 None

Warning 9/13/2008 10:02:56 PM Winlogon 6000 None

Error 9/13/2008 10:02:26 PM DistributedCOM 10005 None

Error 9/13/2008 10:02:24 PM DistributedCOM 10005 None

Error 9/13/2008 10:02:24 PM DistributedCOM 10005 None

Error 9/13/2008 10:02:24 PM DistributedCOM 10005 None

Error 9/13/2008 10:02:24 PM DistributedCOM 10005 None

Error 9/13/2008 10:02:24 PM EventSystem 4609 Event System

Error 9/13/2008 10:02:14 PM DistributedCOM 10005 None

Warning 9/13/2008 10:02:14 PM Winlogon 6000 None

Error 9/13/2008 10:01:44 PM volmgr 49 None

Error 9/13/2008 10:01:39 PM volmgr 49 None

Warning 9/13/2008 10:01:55 PM PlugPlayManager 263 None

Error 9/13/2008 10:00:40 PM Eventlog 1108 Event processing

Warning 9/13/2008 10:00:40 PM Winlogon 6000 None

Warning 9/13/2008 10:00:39 PM Winlogon 6000 None

My goal was to try and get rid of them one at a time working my way to a clean event log but they seem to be growing instead of shrinking. Any help is greatly appreciated.

Not sure if this matters or not... I did not format the drive before the installation. I thought the drive would be formatted as part of the installation. I say this because it took quite a long time to format the other drive after I got Vista running, far longer than it did to install Vista on the new drive. I thought read somewhere that formatting the drive in XP then installing Vista on it might cause a problem.

Thanks,

Bill S

ASUS PB5 Delux wiFi AP solo, Core 2 Duo E6300 Conroe, 2 X Segate Barracuda 7200.11 500GB SATA, 1 X WD Caviar SE16 250GB SATA, 4GB Corsair RAM, Nvidia GeForce 7600GT, ATi TV Wonder HD650 PCI Express tuner card.

Link to comment
Share on other sites

Hey all,

I am about to pull my thinning hair out!! I installed WinXP Pro two years ago on the machine I built and never looked back, never a problem until the last few months a couple BSOD's (first time since the initial installation). Thought I would catch up with the times, had some extra $$$, wanted to start using the PC as DVR, and needed more HD space so why not go Vista? Heard many good things. OMG!!! Vista has crashed more times than XP, NT, and 98 all rolled into one! My event log can be used in place of fireworks this coming July 4th!! Vista Ultimate 32-Bit was a clean install on one of the brand new Seagate HD's. XP Pro is on the old WD drive.

I booted up in safe mode, gave myself full control of the repository folder and everything in it and still cannot do anything to any of the files in there (I do not have permissions do delete and the file is in use if I try to cut and paste into a different folder). I cannot rename, delete, or cut the files or the folder.

I tried Yakumo's instructions... When I type cmd in the search box, left crtl+shif it just closes and nothing happens... If I use Run... the command prompt window opens but I do not know if it is an "administrator elevated command prompt ". If it is the correct command prompt I guess I do not understand the instructions.

Here is the administrator event list from my last boot up (except for the Outlook event - this started showing up after the last BSOD - yesterday morning. It now shows up every time I start Outlook)...

Warning 9/13/2008 10:19:25 PM Microsoft Office 12 Sessions 7003 None

Error 9/13/2008 10:05:55 PM Service Control Manager Eventlog Provider 7001 None

Error 9/13/2008 10:05:55 PM Service Control Manager Eventlog Provider 7022 None

Error 9/13/2008 10:05:45 PM WMI 10 None

Error 9/13/2008 10:04:23 PM HttpEvent 15016 None

Error 9/13/2008 10:04:14 PM volmgr 49 None

Error 9/13/2008 10:03:55 PM volmgr 49 None

Warning 9/13/2008 10:02:56 PM Winlogon 6000 None

Warning 9/13/2008 10:02:56 PM Winlogon 6000 None

Error 9/13/2008 10:02:26 PM DistributedCOM 10005 None

Error 9/13/2008 10:02:24 PM DistributedCOM 10005 None

Error 9/13/2008 10:02:24 PM DistributedCOM 10005 None

Error 9/13/2008 10:02:24 PM DistributedCOM 10005 None

Error 9/13/2008 10:02:24 PM DistributedCOM 10005 None

Error 9/13/2008 10:02:24 PM EventSystem 4609 Event System

Error 9/13/2008 10:02:14 PM DistributedCOM 10005 None

Warning 9/13/2008 10:02:14 PM Winlogon 6000 None

Error 9/13/2008 10:01:44 PM volmgr 49 None

Error 9/13/2008 10:01:39 PM volmgr 49 None

Warning 9/13/2008 10:01:55 PM PlugPlayManager 263 None

Error 9/13/2008 10:00:40 PM Eventlog 1108 Event processing

Warning 9/13/2008 10:00:40 PM Winlogon 6000 None

Warning 9/13/2008 10:00:39 PM Winlogon 6000 None

My goal was to try and get rid of them one at a time working my way to a clean event log but they seem to be growing instead of shrinking. Any help is greatly appreciated.

Not sure if this matters or not... I did not format the drive before the installation. I thought the drive would be formatted as part of the installation. I say this because it took quite a long time to format the other drive after I got Vista running, far longer than it did to install Vista on the new drive. I thought read somewhere that formatting the drive in XP then installing Vista on it might cause a problem.

Thanks,

Bill S

ASUS PB5 Delux wiFi AP solo, Core 2 Duo E6300 Conroe, 2 X Segate Barracuda 7200.11 500GB SATA, 1 X WD Caviar SE16 250GB SATA, 4GB Corsair RAM, Nvidia GeForce 7600GT, ATi TV Wonder HD650 PCI Express tuner card.

Hey Midas001,

I had some difficulty understanding how to get the administrator prompt so I had to do some more digging. The way the above guy described it is confusing.

Here's how:

Push the Windows key (between Ctrl and Alt)

Type the 3 letters cmd (you should automatically be typing in the search field now) but DO NOT push enter yet

Hold down Shift and Ctrl and keep them held down

Now press Enter

The way you'll know that you have the right prompt is that the path should be Windows\system32 instead of Users\(name of your computer).

It's really weird how this whole freeze thing works, I have to admit this quickfix is annoying but it becomes like second nature once you get used to it. I have to do this little ritual each time I log on so I don't get freezes. I have yet to find a permanent solution. Hope this helps.

Link to comment
Share on other sites

  • 2 weeks later...

Hey Jwheels,

Thanks very, very much for the reply. I have now determined that it is one of the Seagate HDD's. I installed Vista on the other drive and have not had a problem in 6 days. When I try to follow your instructions it still does not work. I was able to navigate to the windows\system32 directory so I assume I can follow the steps and start cleaning up my event list. I guess I am logged in a an adminstrator.

I do have a more pressing priority right now and that is getting the dual boot stopped so I can RMA the bad HDD. Newegg was cool about going past the 30 day return policy. So in short I needed the adminstrative command prompt anyway to access the boot configuration data. I already have the RMA for both drives but hate to return a good drive and then have to re-install everything yet again.

UPDATE: Navigating to the folder does nothing so I did a little research. This is by far the easiest way to launch the elevated command prompt:

http://www.petri.co.il/vista_command_prompt.htm

Take care all!!!

UPDATE II: Better yet - Start > All Programs > Accessories > Right click Command Prompt > Run as Administrator

Edited by midas001
Link to comment
Share on other sites

Hey all,

I am about to pull my thinning hair out!! I installed WinXP Pro two years ago on the machine I built and never looked back, never a problem until the last few months a couple BSOD's (first time since the initial installation). Thought I would catch up with the times, had some extra $$$, wanted to start using the PC as DVR, and needed more HD space so why not go Vista? Heard many good things. OMG!!! Vista has crashed more times than XP, NT, and 98 all rolled into one! My event log can be used in place of fireworks this coming July 4th!! Vista Ultimate 32-Bit was a clean install on one of the brand new Seagate HD's. XP Pro is on the old WD drive.

I booted up in safe mode, gave myself full control of the repository folder and everything in it and still cannot do anything to any of the files in there (I do not have permissions do delete and the file is in use if I try to cut and paste into a different folder). I cannot rename, delete, or cut the files or the folder.

I tried Yakumo's instructions... When I type cmd in the search box, left crtl+shif it just closes and nothing happens... If I use Run... the command prompt window opens but I do not know if it is an "administrator elevated command prompt ". If it is the correct command prompt I guess I do not understand the instructions.

Here is the administrator event list from my last boot up (except for the Outlook event - this started showing up after the last BSOD - yesterday morning. It now shows up every time I start Outlook)...

Warning 9/13/2008 10:19:25 PM Microsoft Office 12 Sessions 7003 None

Error 9/13/2008 10:05:55 PM Service Control Manager Eventlog Provider 7001 None

Error 9/13/2008 10:05:55 PM Service Control Manager Eventlog Provider 7022 None

Error 9/13/2008 10:05:45 PM WMI 10 None

Error 9/13/2008 10:04:23 PM HttpEvent 15016 None

Error 9/13/2008 10:04:14 PM volmgr 49 None

Error 9/13/2008 10:03:55 PM volmgr 49 None

Warning 9/13/2008 10:02:56 PM Winlogon 6000 None

Warning 9/13/2008 10:02:56 PM Winlogon 6000 None

Error 9/13/2008 10:02:26 PM DistributedCOM 10005 None

Error 9/13/2008 10:02:24 PM DistributedCOM 10005 None

Error 9/13/2008 10:02:24 PM DistributedCOM 10005 None

Error 9/13/2008 10:02:24 PM DistributedCOM 10005 None

Error 9/13/2008 10:02:24 PM DistributedCOM 10005 None

Error 9/13/2008 10:02:24 PM EventSystem 4609 Event System

Error 9/13/2008 10:02:14 PM DistributedCOM 10005 None

Warning 9/13/2008 10:02:14 PM Winlogon 6000 None

Error 9/13/2008 10:01:44 PM volmgr 49 None

Error 9/13/2008 10:01:39 PM volmgr 49 None

Warning 9/13/2008 10:01:55 PM PlugPlayManager 263 None

Error 9/13/2008 10:00:40 PM Eventlog 1108 Event processing

Warning 9/13/2008 10:00:40 PM Winlogon 6000 None

Warning 9/13/2008 10:00:39 PM Winlogon 6000 None

My goal was to try and get rid of them one at a time working my way to a clean event log but they seem to be growing instead of shrinking. Any help is greatly appreciated.

Not sure if this matters or not... I did not format the drive before the installation. I thought the drive would be formatted as part of the installation. I say this because it took quite a long time to format the other drive after I got Vista running, far longer than it did to install Vista on the new drive. I thought read somewhere that formatting the drive in XP then installing Vista on it might cause a problem.

Thanks,

Bill S

ASUS PB5 Delux wiFi AP solo, Core 2 Duo E6300 Conroe, 2 X Segate Barracuda 7200.11 500GB SATA, 1 X WD Caviar SE16 250GB SATA, 4GB Corsair RAM, Nvidia GeForce 7600GT, ATi TV Wonder HD650 PCI Express tuner card.

Hey Midas001,

I had some difficulty understanding how to get the administrator prompt so I had to do some more digging. The way the above guy described it is confusing.

Here's how:

Push the Windows key (between Ctrl and Alt)

Type the 3 letters cmd (you should automatically be typing in the search field now) but DO NOT push enter yet

Hold down Shift and Ctrl and keep them held down

Now press Enter

The way you'll know that you have the right prompt is that the path should be Windows\system32 instead of Users\(name of your computer).

It's really weird how this whole freeze thing works, I have to admit this quickfix is annoying but it becomes like second nature once you get used to it. I have to do this little ritual each time I log on so I don't get freezes. I have yet to find a permanent solution. Hope this helps.

K I have the same problem. I did the cmmand prompt thing exactly how it says, but my computer keeps freezing up after a while of use. Every time.

Edited by wakeupcall
Link to comment
Share on other sites

Ultimate 32 bit

Thanks for the tip.

I deleted the folder contents from another OS (after backup), rebooted, original error gone, 3 additional errors created. 3 reboots later the additional errors cleared up, didn't have to do anything else.

Edited by glatzfront
Link to comment
Share on other sites

  • 2 months later...
Guest pinkbits

I've been receiving the error aswell and the fix works to sort it out.

Unfortunately a side-effect of implementing this fix is that it is stopping my Nvidia Control Panel from running. So I am unable to use SLI or change any detailed monitor settings.

I've tested this by:

1) created a system restore point

2) stopped WMI

3) Took ownership of the files and backed them up to another location

4) restarted WMI and the other services

5) Tested Nvidia control panel

I also tested the control panel after a reboot.

Once I proved to myself that the control panel wasn't going to work, I reversed the fix, replacing the original files (haven't changed the permissions tho) and the control panel is working again.

Any ideas on how to eliminate the ID 10 without taking the Nvidia control panel as collateral damage too?

Thanks,

Pinkbits.

EDIT

It's been irritating me so I decided to make a batch file to easily switch between the nvidia control panel and the stable system.


@ECHO OFF
:START

::Ensure backup folder exists, if not, create it.
IF NOT EXIST c:\windows\system32\wbem\repository\backup\. MD c:\windows\system32\wbem\repository\backup

:STOPSERVICES
::Stop services so that file manipulation may take place
NET STOP "SBSD Security Center Service"
NET STOP "ForceWare Intelligent Application Manager (IAM)"
NET STOP "Forceware IP service"
NET STOP "IP Helper"
NET STOP "Security Center"
NET STOP "Windows Management Instrumentation"

::Check whether the fix is currently implemented or if the Nvidia control panel is enabled
::and switch the state to the opposite of the current.
IF EXIST c:\windows\system32\wbem\repository\nvcpl.txt GOTO FIX
IF EXIST c:\windows\system32\wbem\repository\fix.txt GOTO NVCPL
GOTO FIX

:NVCPL
::Set the files so that the Nvidia Control Panel may be used
IF EXIST c:\windows\system32\wbem\repository\fix.txt DEL c:\windows\system32\wbem\repository\fix.txt
COPY c:\windows\system32\wbem\repository\backup\*.* c:\windows\system32\wbem\repository\
ECHO "NVIDIA CONTROL PANEL ENABLED" > c:\windows\system32\wbem\repository\nvcpl.txt
GOTO STARTSERVICES

:FIX
::Set the files so that the system is stable
IF EXIST c:\windows\system32\wbem\repository\nvcpl.txt DEL c:\windows\system32\wbem\repository\nvcpl.txt
MOVe c:\windows\system32\wbem\repository\*.* c:\windows\system32\wbem\repository\backup\
ECHO "FIX IMPLEMENTED" > c:\windows\system32\wbem\repository\fix.txt

GOTO STARTSERVICES

:STARTSERVICES
::Start the services again after file manipulation has taken place
NET START "Windows Management Instrumentation"
NET START "ForceWare Intelligent Application Manager (IAM)"
NET START "Forceware IP service"
NET START "IP Helper"
NET START "Security Center"
NET START "SBSD Security Center Service"

I'm not going to be answering id10T questions about the .bat

Save the text as a .bat file (e.g. NVCPL.bat) and then right click, run as administrator and follow the prompts.

For the first time running, it will implement the fix (backup the files and delete). You're going to have to change the file permissions yourself. I could code it, but it requires installation of subinacl and that's too much effort for a quick and dirty.

Edited by pinkbits
Link to comment
Share on other sites

Hi, I think Ican figure out how to make this work, I'm only 16 though. Since I'm from Sweden, I don't really get what you mean with

"Take ownership of the folder or the contents of the folder "C:\Windows\System32\wbem\Repository."

Do you mean delete it or..? Would be very kind if you could explain, my computer keeps shutting down at least 3 times / day caused by this problem =(

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...