I got the following error everyday at 7AM Event Type: Error Event Source: Application Error Event Category: (100) Event ID: 1000 Date: 7/5/2011 Time: 7:10:02 AM User: N/A Computer: FS1 Description: Faulting application wmiprvse.exe, version 5.2.3790.4455, faulting module ntdll.dll, version 5.2.3790.4789, fault address 0x0002b3fb. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 41 70 70 6c 69 63 61 74 Applicat 0008: 69 6f 6e 20 46 61 69 6c ion Fail 0010: 75 72 65 20 20 77 6d 69 ure wmi 0018: 70 72 76 73 65 2e 65 78 prvse.ex 0020: 65 20 35 2e 32 2e 33 37 e 5.2.37 0028: 39 30 2e 34 34 35 35 20 90.4455 0030: 69 6e 20 6e 74 64 6c 6c in ntdll 0038: 2e 64 6c 6c 20 35 2e 32 .dll 5.2 0040: 2e 33 37 39 30 2e 34 37 .3790.47 0048: 38 39 20 61 74 20 6f 66 89 at of 0050: 66 73 65 74 20 30 30 30 fset 000 0058: 32 62 33 66 62 2b3fb Can anyone tell me what the the wrong is?

seems you have some wmi script running on the server collecting the data or it might be a monitoring application thats running a script running on the time. Check your task schedules and disable the wmi service for a while and see checkhttp://www.virmansec.com/blogs/skhairuddin

Have a look to that: http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows+Operating+System&ProdVer=5.2&EvtID=1000&EvtSrc=Application+Error&LCID=1033 As I see the faulty application is wmiprvse.exe. More here: http://www.neuber.com/taskmanager/process/wmiprvse.exe.html If this is a 2003 server, try this hotfix: http://support.microsoft.com/kb/914831 This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator

You can check this similar post. Thanks

Thanks for reply! I will try your suggestion.

Oh! I am using Win Server 2003 SP2.

Sorry! All the suggestions that I got is not work.

Can anyone help me?

Check this link. You can search the Eventid 1000 and Event Source Application Error. Thanks

Tell us what applications you have got installed on the server and also please see this kb http://support.microsoft.com/kb/981314 Again I will as do you have any monitoring tools on the network ?http://www.virmansec.com/blogs/skhairuddin

Hi Syed, There is no scheduled task will be run on the time. I don't see any monitoring tools for network installed.

Can you run WMIDiag and see if it reports anything interesting? http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=7684

Hi Craiq, I did the diaganotic and found this: 26538 12:35:44 (0) ** DCOM security warning(s) detected: .................................................................................. 0. 26539 12:35:44 (0) ** DCOM security error(s) detected: .................................................................................... 0. 26540 12:35:44 (0) ** WMI security warning(s) detected: ................................................................................... 0. 26541 12:35:44 (0) ** WMI security error(s) detected: ..................................................................................... 5. 26542 12:35:44 (0) ** 26543 12:35:44 (0) ** Overall DCOM security status: ....................................................................................... OK. 26544 12:35:44 (1) !! ERROR: Overall WMI security status: ................................................................................. ERROR! 26545 12:35:44 (0) ** - Started at 'Root' -------------------------------------------------------------------------------------------------------------- 26546 12:35:44 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 54. But I don't know what I should do with this.

try this Use the following command to detect and repair a corrupted WMI Repository: rundll32 wbemupgd, RepairWMISetup Re-registering the WMI components The .DLL and .EXE files used by WMI are located in %windir%\system32\wbem. You might need to re-register all the .DLL and .EXE files in this directory. If you are running a 64-bit system you might also need to check for .DLLs and .EXE files in %windir%\sysWOW64\wbem. To re-register the WMI components, run the following commands at the command prompt: cd /d %windir%\system32\wbem for %i in (*.dll) do RegSvr32 -s %i for %i in (*.exe) do %i /RegServe http://www.virmansec.com/blogs/skhairuddin

Hi Syed, After I uninstall ws-management, the event disappear. But I found another problem. I got the following events: Failed to load MOF C:\WINDOWS\SYSTEM32\INETSRV\W3CORE.MFL while recovering repository file. Failed to load MOF C:\WINDOWS\SYSTEM32\INETSRV\W3DT.MFL while recovering repository file. Failed to load MOF C:\WINDOWS\SYSTEM32\INETSRV\W3ISAPI.MFL while recovering repository file. Failed to load MOF C:\WINDOWS\SYSTEM32\INETSRV\IISADMIN.MFL while recovering repository file. Failed to load MOF C:\WINDOWS\SYSTEM32\INETSRV\ASP.MFL while recovering repository file.

Hi, Please also try the following steps: Reset Repository =========== 1. Click “Start” button, type “cmd” (without the quote) in the search box. 2. On the program results list, right click the “cmd.exe” and choose “Run as administrator”. 3. In the command window, type the following commands and press Enter, one by one. Net Stop Winmgmt CD /D %Windir%\system32\wbem Ren Repository Repository.old Net Start Winmgmt 4. Restart the computer. Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, Please also try the following steps: Reset Repository =========== 1. Click “Start” button, type “cmd” (without the quote) in the search box. 2. On the program results list, right click the “cmd.exe” and choose “Run as administrator”. 3. In the command window, type the following commands and press Enter, one by one. Net Stop Winmgmt CD /D %Windir%\system32\wbem Ren Repository Repository.old Net Start Winmgmt 4. Restart the computer. Regards, Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Hi, The last error seems to be solved. Thanks! But I found the original problem that about wmiprvse.exe & ntdll.dll still exists. Can anyone help?