FIM Troubleshooting: WMI Provider Load Failure

  • Article

Problem Statement / Overview

In our issue we were attempting to utilize the FIM WMI Namespace Provider ( root\MicrosoftIdentityIntegrationServer ) to execute some Windows PowerShell code.  In each instance, we received the error message “Provider Load Failure”.

 

WMI NAMESPACE ERROR
 

Provider Load Failure

 

In our troubleshooting, we utilized the tool WBEMTEST to test the FIM WMI Namespace Provider.  We received the same “Provider Load Failure” here as well.  We then utilized a troubleshooting tool known as Process Monitor ( Process Monitor Download ).  Process Monitor displayed some “ACCESS DENIED” results that were a bit concerning.

Process Monitor

  

10:35:29.7610369 AM wmiprvse.exe  2436  CreateFile  {{ FIM INSTALLATION LOCATION }}\Synchronization Service\Bin\mmswmi.dll  ACCESS DENIED 

Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a  File System 

WMI Provider Host  6.1.7601.17514 (win7sp1_rtm.101119-1850) NT AUTHORITY\NETWORK SERVICE 

00000000:000003e4  0  C:\Windows\system32\wbem\wmiprvse.exe -Embedding  2712  False  System  612

 

10:35:29.7807654 AM wmiprvse.exe  2436  CreateFile  {{ FIM INSTALLATION LOCATION }}\Synchronization Service\Bin\mmswmi.dll  ACCESS DENIED 

Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a  File System 

WMI Provider Host  6.1.7601.17514 (win7sp1_rtm.101119-1850) NT AUTHORITY\NETWORK SERVICE 

00000000:000003e4  0  C:\Windows\system32\wbem\wmiprvse.exe -Embedding  2712  False  System  612

  

 

Based on this information, we went to the {{ FIM INSTALLATION LOCATION }}\Synchronization Service and reviewed the security of the Bin folder.  Here we found the cause.  The bin folder contained only Administrators Group, and Users Group.  By default, it contains several other items.  However, to resolve the issue, we simply added the NETWORK SERVICE account and provided it with Full Control.

n  We tested with WBEMTEST.  Success!

n  We tested with PowerShell.  Success!

Cause

The Bin folder under {{ FIM INSTALLATION LOCATION }}\Synchronization Service had restricted permissions which did not include the NETWORK SERVICE account.

Resolution

Add the NETWORK SERVICE account and provide it FULL CONTROL to the Bin folder under {{ FIM INSTALLATION LOCATION }}\Synchronization Service.