Event filter with query "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND
TargetInstance.LoadPercentage > 99" could not be reactivated in
namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be
delivered through this filter until the problem is corrected.
------------------------
Cause
This problem occurs if the WMI filter is accessed without sufficient permissions.
Solution
To resolve this problem, run a script to stop the Event ID 10 messages. To run this script, follow these steps:
- In a text editor, such as Notepad, create a new text document named Test.vbs.
- Paste the following code into Test.vbs:
strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" _ & strComputer & "\root\subscription") Set obj1 = objWMIService.Get("__EventFilter.Name='BVTFilter'") set obj2set = obj1.Associators_("__FilterToConsumerBinding") set obj3set = obj1.References_("__FilterToConsumerBinding") For each obj2 in obj2set WScript.echo "Deleting the object" WScript.echo obj2.GetObjectText_ obj2.Delete_ next For each obj3 in obj3set WScript.echo "Deleting the object" WScript.echo obj3.GetObjectText_ obj3.Delete_ next WScript.echo "Deleting the object" WScript.echo obj1.GetObjectText_ obj1.Delete_
- After you run this script,
the Event ID 10 messages stop appearing in the Application log.
However, you have to manually clear any previous Event ID 10 messages.
Note Make sure that you only delete the appropriate Event ID 10 messages. There may be other pertinent Event ID 10 messages that you do not want to delete.
2545227 Event ID 10 is logged in the Application log after you install Service Pack 1 for Windows 7 or Windows Server 2008 R2
Boot into safe mode.
First, open services and stop the Windows Management Instrumentation Service.
Take ownership of the folder or the contents of the folder
"C:\Windows\System32\wbem\Repository." I've done this three times now
on different installs and didn't have any issues after doing this, but I
suggest you back up the folder to be certain. Delete the contents of
the folder. Reboot. When you boot into Vista, you might notice a half
dozen or so application errors...it's OK.
Reboot again, and Event ID 10 will be gone, along with the afore mentioned application errors.
After doing this, MS DTC Service may stop running;
you will get this event, even after subsequent reboots:
Event 4691: The run-time environment was unable to initialize for
transactions required to support transactional components. Make sure
that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d027)
and
Event 4427: Failed to initialize the needed name objects. Error
Specifics: hr = 0x80004005,
d:\rtm\com\complus\dtc\dtc\msdtcprx\src\dtcinit.cpp:571, CmdLine:
C:\Windows\system32\dllhost.exe
/Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}, Pid: 3060
This is the way you get rid of these:
At a command prompt , type the following command:
%WINDIR%\System32\msdtc.exe -uninstall
5. Start Registry Editor, and then remove the following registry keys if they exist: • HKEY_CLASSES_ROOT\CID
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC
• HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC
• HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSDTC
• HKEY_LOCAL_MACHINE\Software\Microsoft\MSDTC
6. At a command prompt, type %WINDIR%\System32\msdtc.exe -install.
I guess it sounds complicated, but my event log is absolutely clean now -
the only warning I'm getting now is the Kerberos thing. All audits
are successful, and no application red or yellow blotches.
No more events.
No comments:
Post a Comment