Failed to get a class factory for CLSID on server localhost. Return code 80040154

-

running on xp: 

i have setup a permanent event consumer in wmi using commandlineeventconsumer.  using powerevents powershell module create classes.

http://powerevents.codeplex.com

the entire posh program follows , returns no errors.  have confirmed exact scenario works on environment win 7 x64 of developer of module.  this leads me think in security or setup.

  import-module powerevents;    $query = ("select * __instancecreationevent within 5 " + `  	"where targetinstance isa 'cim_datafile' " + `  	"and targetinstance.drive='c:' , targetinstance.path='\\scripts\\'");  	  $filter = new-wmieventfilter `  	-name "filemonitor" `  	-query $query;  	  $consumer = new-wmieventconsumer `  	-name "newfilecreated" `  	-consumertype commandline `  	-commandlinetemplate 'cmd.exe /c "c:\event.cmd"' `  	-verbose;         new-wmifiltertoconsumerbinding `  	-filter $filter `  	-consumer $consumer `  	-verbose;


have failures in key  wbem logs. news filter portion looks working issue "handshake" consumer perform action.

details

i have talked developer of module , verified module working on env.  issue seems in security/server setup.  classes being instantiated needed and the events is bring detected but there low issue.  going take different board since not related scripting.

for reference problem relevant error in wbem logs are

wbemess.log:

executing polling query 'select * cim_datafile (path = "\\scripts\\" , drive = "c:")' in namespace '//./root/cimv2'  (wed dec 14 20:40:33 2011.8118234) : polling query 'select * cim_datafile (path = "\\scripts\\" , drive = "c:")' done  (wed dec 14 20:40:33 2011.8118234) : failed class factory for clsid on server localhost.  return code 80040154  (wed dec 14 20:40:33 2011.8118234) : failed first attempt retrieve sink deliver event event consumer commandlineeventconsumer="newfilecreated" error code 80040154.  wmi reload , retry.  (wed dec 14 20:40:33 2011.8118234) : failed class factory for clsid on server localhost.  return code 80040154  (wed dec 14 20:40:33 2011.8118234) : failed second attempt deliver event event consumer commandlineeventconsumer="newfilecreated" error code 80040154.  event dropped for consumer.  (wed dec 14 20:40:33 2011.8118234) : dropping event destined for event consumer commandlineeventconsumer="newfilecreated" in namespace //./root/subscription  (wed dec 14 20:40:38 2011.8123250) : executing polling query 'select * cim_datafile (path = "\\scripts\\" , drive = "c:")' in namespace '//./root/cimv2'  (wed dec 14 20:40:38 2011.8123390) : polling query 'select * cim_datafile (path = "\\scripts\\" , drive = "c:")' done

wbemcore.log:

(wed dec 14 20:40:54 2011.8138703) : call cwbemnamespace::execquery     bstr queryformat = wql     bstr query = select * from cim_datafile (path = "\\scripts\\" , drive = "c:")     ienumwbemclassobject **penum = 0x24efe48  (wed dec 14 20:40:54 2011.8138703) : call cwbemnamespace::execqueryasync     bstr queryformat = wql     bstr query = select * from cim_datafile (path = "\\scripts\\" , drive = "c:")     iwbemobjectsink* phandler = 0x0  (wed dec 14 20:40:54 2011.8138703) : query engine request: querying dyn provider <select * from cim_datafile (drive = "c:" , path = "\\scripts\\")>  (wed dec 14 20:40:54 2011.8138703) : query engine actual: querying dyn provider <select * from cim_datafile (path = "\\scripts\\" , drive = "c:")>  (wed dec 14 20:40:54 2011.8138703) : query engine request: querying dyn provider <select * from cim_datafile (drive = "c:" , path = "\\scripts\\")>  (wed dec 14 20:40:54 2011.8138703) : query engine actual: querying dyn provider <select * from win32_shortcutfile (path = "\\scripts\\" , drive = "c:")>  (wed dec 14 20:40:54 2011.8138703) : query engine request: querying dyn provider <select * from cim_datafile (drive = "c:" , path = "\\scripts\\")>  (wed dec 14 20:40:54 2011.8138703) : query engine actual: querying dyn provider <select * from win32_codecfile (path = "\\scripts\\" , drive = "c:")>  (wed dec 14 20:40:54 2011.8138703) : query engine request: querying dyn provider <select * from cim_datafile (drive = "c:" , path = "\\scripts\\")>  (wed dec 14 20:40:54 2011.8138703) : query engine actual: querying dyn provider <select * from win32_nteventlogfile (path = "\\scripts\\" , drive = "c:")>  (wed dec 14 20:40:54 2011.8138703) : query engine request: querying dyn provider <select * from cim_datafile (drive = "c:" , path = "\\scripts\\")>  (wed dec 14 20:40:54 2011.8138703) : query engine actual: querying dyn provider <select * from win32_pagefile (path = "\\scripts\\" , drive = "c:")>  (wed dec 14 20:40:54 2011.8138828) : error 80041002 occured executing request for cancelprovasynccall for sink 030668f0  (wed dec 14 20:40:54 2011.8138828) : casyncreq_cancelprovasynccall call failed  (wed dec 14 20:40:54 2011.8138859) : error 80041002 occured executing request for cancelprovasynccall for sink 030668f0  (wed dec 14 20:40:54 2011.8138859) : casyncreq_cancelprovasynccall call failed  (wed dec 14 20:40:54 2011.8138890) : error 80041002 occured executing request for cancelprovasynccall for sink 030668f0  (wed dec 14 20:40:54 2011.8138890) : casyncreq_cancelprovasynccall call failed  (wed dec 14 20:40:54 2011.8138921) : error 80041002 occured executing request for cancelprovasynccall for sink 030668f0  (wed dec 14 20:40:54 2011.8138921) : casyncreq_cancelprovasynccall call failed  (wed dec 14 20:40:54 2011.8138953) : error 80041002 occured executing request for cancelprovasynccall for sink 030668f0  (wed dec 14 20:40:54 2011.8138953) : casyncreq_cancelprovasynccall call failed



 


 

i have additional information details in wmi on forum

http://social.technet.microsoft.com/forums/en/itcg/thread/72622438-226e-4a0a-8e81-f52446d6b3b6

 

any appreciated.

 

 

 

i took step , used native mofcomp perform same permanent event registration task automated in powerevents.  not knowing mof was reluctant easy once know syntax.  using mof events fired correctly.

comparing working instance classes (compiled mofcomp) against ones giving me trouble using powerevents discovered 1 key difference in machinename property of commandlineeventconsumer class.  powerevents sets property “localhost” while mof left empty.

 

when manually updated machinename property “empty” on object created powerevents events started firing correctly.

i imagine may have servers being on domain , module perhaps being tested on local setup…really not sure.

at rate culprit…

attached mof file if interested un creating permanent event

// set namespace root\subscription.  // commandlineeventconsumer compiled  // in root\subscription namespace.   #pragma namespace ("\\\\.\\root\\subscription")        // create instance of command line consumer  // , give alias $cmdlineconsumer    instance of commandlineeventconsumer $cmdlineconsumer  {  	name = "newfilecreated_mof";  	commandlinetemplate = "cmd.exe /c \"c:\\event.cmd\"";		  	runinteractively = false;  	workingdirectory = "c:\\windows\\temp";  };        // create instance of event filter  // , give alias $cmdlinefilter  // filter queries instance creation event  // instances of mycmdlineconsumer class    instance of __eventfilter $cmdlinefilter  {        name  = "filemonitor_mof";       eventnamespace = "root\\cimv2";       query = "select * __instancecreationevent within 10 "  	     "where targetinstance isa 'cim_datafile' "  	     "and targetinstance.path='\\\\scripts\\\\' "  	     "and targetinstance.drive='c:' ";       querylanguage = "wql";           };    // create instance of binding  // between filter , consumer instances.    instance of __filtertoconsumerbinding  {       consumer = $cmdlineconsumer;       filter = $cmdlinefilter;  };


 

 



Windows Server  >  Management



Comments

Post a Comment

Popular posts from this blog

Edit Group Policy

-
i have pc has power settings pushed out default domain policy in ad environment. of course on local machine "some settings managed system adminstrator". the machine temporarily no longer in contact domain controller (it's been physically moved , not on same network now) can't updated gpo settings. i believe if edit local group policy won't make difference because of group policy processing , precedence. since it's temporary away ad network, still want use settings of ad user. is there somewhere in registry stored can edit power plan manually until can sync domain? (i need prevent sleeping while plugged in - it's set 1 hour) thanks! allen crist i found site: http://gpsearch.azurewebsites.net/#7916 i able add policy to hkey_local_machine\software\policies\microsoft\power using specs found on site. looks solved issue. i'll report if didn't. thanks! allen crist ...
Read more

Hyper-V VM not reaching OS 'Logon' screen

-
i trying migrate vm vmware hyper-v. so far have done following (seemingly successfully): prepare vmware vm conversion hyper-v format (vhd) within vmware workstation 8.0 environment following steps guide: http://social.technet.microsoft.com/forums/en/winserverhyperv/thread/ef8c12f7-c45d-442e-9a30-c43cd87df3b3   (i.e. remove vm tools, add new ide hard disk…) use vmdk2vhd application convert individual vmdk files vhd ones create new vm in hyper-v exporting in 3 newly converted vhd files at point have checked settings , powered on vm in hyper-v find although windows begins load expected manages reach screen prior login screen saying either of following messages: “windows starting up…” “the active directory rebuilding indices… please wait” to knowledge, albeit limited in area, vm should present me login screen since appears in vmware. if start vm in safe mode can login not desired affect. below details of vm: operating system: windows server 2003 (enterprise edit...
Read more

DNS question...

-
i new setting dns server....my domain name expl. "domain.com"....i set "a" record in forward lookup for  www.domain.com itself...."server's local ip"....i've added no other zones , i seem able resolve names except own....www.domain.com.....also, do i put my isp's dns ip's....for external dns's server can't resolve?....forwarding or in nic setup?......i want setup in my dns server don't have include them on client side..... thanks mark     not put isp dsn server address in settings on nic dc or clients. should point local dns server on dc. set dns forward public dns, such isp. bill Windows Server  >  Network Infrastructure Servers
Read more