Hi all,
Sometime ago a customer of mine had some problems in his x64 machine when running WMI queries in Powershell.
Take for instance the following query:
"
Get-WMIObject Win32_LogicalDisk
It failed with the following error:
Get-WmiObject : The type initializer for 'System.Management.MTAHelper' threw an exception.
At line:1 char:14
+ Get-WMIObject <<<< Win32_LogicalDisk
+ CategoryInfo : NotSpecified: (:) [Get-WmiObject], TypeInitializationException
+ FullyQualifiedErrorId : System.TypeInitializationException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
But doing the same query with WBEMTest.exe worked just fine.
So I debugged PowerShell.exe with Windbg.exe and its SOS extension (at the end, Powershell is just another .NET process), and saw the following internal exceptions and errors when the issue happened:
0:003> !pe
Exception object: 0000000002dfb820
Exception type: System.TypeInitializationException
Message: The type initializer for 'System.Management.MTAHelper' threw an exception.
InnerException: System.BadImageFormatException, use !PrintException 0000000002dfb520 to see more
StackTrace (generated):
<none>
StackTraceString: <none>
HResult: 80131534
0:003> !pe 0000000002dfb520
Exception object: 0000000002dfb520
Exception type: System.BadImageFormatException
Message: Retrieving the COM class factory for component with CLSID {A8F03BE3-EDB7-4972-821F-AF6F8EA34884} failed due to the following error: 800700c1.
InnerException: <none>
SP IP Function
000000001C34D310 000006424EAFCEA4 System.Management.MTAHelper..cctor()
HResult: 800700c1
0:003> !error 800700c1
Error code: (HRESULT) 0x800700c1 (2147942593) - %1 is not a valid Win32 application.
I looked for "{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}" in the Registry of my own Windows 7 environment, and it corresponds to:
InprocServer32>2.0.50727 : C:\Windows\system32\mscoree.dll
ProgID : WMINet_Utils.WmiSecurityHelper.1
Server : WMINet_Utils.dll
VersionIndependentProgID: WMINet_Utils.WmiSecurityHelper
So somehow we failed to load mscoree.dll into PowerShell process. (Note: if you want to know more about .NET debugging with Windbg, please check this out.)
To continue troubleshooting this, we got some Process Monitor logs from problematic machine to see how PowerShell was loading mscoree.dll.
In those logs we could see how Powershell successfully loads mscoree.dll from here first:
35 21124 powershell.exe Load Image 10:32:49,0969791 C:\WINDOWS\system32\mscoree.dll SUCCESS Image Base: 0x6427ee50000, Image Size: 0x66000 Domain\user
And then it tries to load it again from here:
3312 21124 powershell.exe RegQueryValue 10:33:33,9734478 HKCR\CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\InprocServer32\(Default) SUCCESS Type: REG_SZ, Length: 64, Data: C:\WINDOWS\SysWOW64\mscoree.dll Domain\user
But fails, as we cannot see a "Load Image" record in the logs just after that.
So I went to HKCR\CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\InprocServer32\(Default) in my x64 environment, and saw the following path: C:\Windows\system32\mscoree.dll.
Customer changed the C:\WINDOWS\SysWOW64\mscoree.dll path he found in there to the right one, and he didn't get the error again.
I hope this helps.
Regards,
Alex (Alejandro Campos Magencio)
Thank you for posting this. It helped us solve a problem a customer had.
Do you know what causes the registry entry to be set to the wrong path? I suspect it has to do with one of the Dotnet Framework updates as our customer started having trouble just after installing a pile of security patches.
Sorry, I have no idea why that registry key gets corrupted...
Alex, it appears I have a similar problem. Perhaps you can help?
connect.microsoft.com/.../wmi-service-cannot-be-started-when-installing-sql-server-denali-ctp3
Check this out
blogs.msdn.com/.../a-com-server-application-may-stop-working-on-windows-server-2008.aspx