Win OS – Error – “Certificate for local system with Thumbprint is about to expire or already expired”

Background

Want to quickly deal with a MS Windows Error.

The error is logged in the Event Viewer and it reads :-

Certificate for local system with Thumbprint is about to expire or already expired.

Event Viewer

Windows Logs

Application

List

List Events
Image

autoEnrollment.20190702.0802PM

Tabulate
  1. Log Name :- Application
  2. Source :- CertificateServicesClient-AutoEnrollment
  3. Event ID :- 64

Trouble Shooting

PowerShell

Outline

  1. Issue Directory command against local machine’s certificate repository
    • Specifically check machine, not services nor user
  2. Return Sorted By
    • Display the following fields
      • Subject
      • Thumbprint
      • Expire Date

 

Code


Set-StrictMode -Version Latest

Write-Host

Write-host "Certificates in Local Machine Store"
Write-host "==================================="

dir cert:\LocalMachine\my | Sort-Object NotAfter | Foreach-Object `
	{

		$log = "{0}" -f $_.subject;
		Write-host $log

		$log = "`tThumprint :- {0}" -f $_.thumbprint;
		Write-host $log

		$log = "`tExpiry Date :- {0}" -f $_.NotAfter;
		Write-host $log

		Write-host
		#Write-Host

	}

Output

listCertsMachine.20190702.0829PM.PNG

Expiration

We can see that one of our certificates expired at 5 AM this morning.

Event Viewer – Error – “MMC cannot open the file C:\Windows\system32\eventvwr.msc”

Background

On one of our MS Windows Systems, I  have been Unable to use Event Viewer.

Error

Error Image

MMCCannotOpenTheFile.PNG

Error Text

MMC cannot open the file C:\Windows\system32\eventvwr.msc.

Remediation

Outline

  1. Launch Microsoft Management Console ( MMC.exe) shell
    • mmc.exe
  2. In new empty shell
    • Add Event Viewer SnapIn
      • From the “Available snap-ins”
        • Select “Event Viewer”
      • Click Add Button
      • SnapIn should appear under “Selected Snapins”
    • Save Console
      • Save Console under a new name
  3. Launch new MMC Console
  4. Once happy
    • Once happy, return to MMC and overwrite original Event Viewer

Image

New Empty Shell

Console.MMC.01.PNG

Select Computer

Console.MMC.03.SelectComputer.20190425.0153PM.PNG

Add or Remove Snap-ins

Console.MMC.02.AddAndRemove.20190425.0152PM.PNG

Save SnapIn

Save SnapIn – Save As – 01

OSDesktop.Windows.System32.saveAs.20190425.0256PM

Save SnapIn – Save As – 02

OSDesktop.Windows.System32.saveAs.20190425.0258PM.PNG

WMI – Reporting Services Configuration Manager – Event Viewer

Background

When troubleshooting Reporting Services Configuration Manager WMI calls it can be useful to see whether WMI activities are occurring.

 

TroubleShooting

Event Viewer

Enable Log

WMI calls are logable in the Event Viewer.

But, they are not logged by default.

To enable logging please follow the steps listed below:

Obtaining WMI Events Through Event Viewer
Link

  1. Open Event Viewer. On the View menu, click Show Analytic and Debug Logs
  2. Locate the Trace channel log for WMI under Applications and Service Logs | Microsoft | Windows | WMI Activity
  3. Right-click the Trace log and select Log Properties. Click the Enable Logging check box to start the WMI event tracing
  4. WMI events appear in the event window for WMI-Activity. Double-click an event in the list to see the detailed information. You can view an event in XML View or in Friendly View format.

Logged Events

Tabulate

# Event
1 GroupOperationId = 159602; OperationId = 159602; Operation = IWbemServices::Connect; ClientMachine = QADB; User = dadeniji.adeniji; ClientProcessId = 5024; NamespaceName = \\QA\root\Microsoft\SqlServer\ReportServer
2 GroupOperationId = 159603; OperationId = 159604; Operation = Start IWbemServices::CreateInstanceEnum – __NAMESPACE; ClientMachine = QADB; User = daniel.adeniji; ClientProcessId = 5024; NamespaceName = \\.\root\Microsoft\SqlServer\ReportServer
3 GroupOperationId = 159605; OperationId = 159605; Operation = IWbemServices::Connect; ClientMachine = QADB; User = daniel.adeniji; ClientProcessId = 5024; NamespaceName = \\QADB\root\Microsoft\SqlServer\ReportServer\RS_DATACAP\v12\Admin
4 GroupOperationId = 159606; OperationId = 159607; Operation = Start IWbemServices::CreateInstanceEnum – MSReportServer_ConfigurationSetting; ClientMachine = QADB; User = daniel.adeniji; ClientProcessId = 5024; NamespaceName = \\.\root\Microsoft\SqlServer\ReportServer\RS_DATACAP\v12\Admin
5 ProviderInfo for GroupOperationId = 159606; Operation = Provider::CreateInstanceEnum – MSReportServer_ConfigurationSetting; ProviderName = ReportingServicesWMIProvider; ProviderGuid = {0A0B6A3E-DAA2-4ED9-A603-B1C4ED9515FF}; Path = C:\Program Files (x86)\Microsoft SQL Server\120\Shared\reportingserviceswmiprovider.dll

 

Explanation

  1. Event #1 :- IWebServices Create Instance Enum
    • NamespaceName :- \\QA\root\Microsoft\SqlServer\ReportServer
  2. Event #2 :- IWebServices Create Instance Enum
    • NamespaceName :- \\.\root\Microsoft\SqlServer\ReportServer
  3. Event #3 :- IWebServices Connect
    • NamespaceName :- \\.\root\Microsoft\SqlServer\ReportServer\RS_DATACAP\v12\Admin
  4. Event #4 :- IWebServices Instance Enumerate
    • NamespaceName :- \\.\root\Microsoft\SqlServer\ReportServer\RS_DATACAP\v12\Admin
  5. Event #5 :- Com Object Instantiated
    • COM Object ID :- 0A0B6A3E-DAA2-4ED9-A603-B1C4ED9515FF
    • COM File :- C:\Program Files (x86)\Microsoft SQL Server\120\Shared\reportingserviceswmiprovider.dll

 

Summary

From logging WMI Calls we are able to see the inner workings of the WMI Provider class and IWbemServices interface.

In the case of Sql Server Reporting Services (SSRS) it is an version specific dll ( C:\Program Files (x86)\Microsoft SQL Server\120\Shared\reportingserviceswmiprovider.dll ).