Event Id | 12103 |
Source | WMI |
Description | The registry path () passed by a kernel mode driver is invalid. The driver device object is in the additional data. |
Event Information | "Troubleshooting Tips for Specific Problems 1. Run the Wmimofck.exe tool on the binary .mof file to check that the .mof format is correct for WMI. To do this, run the command wmimofck driver.bmf. %Windir%\System32\Wbem\Logs\Mofcomp.log will show any errors that occur when you try to add the binary .mof file into the schema. 2. The Windows 2000 event log might have a message indicating that the driver returned a badly formed WMIREGINFO data structure and thus could not be registered. 3. Check the registry path and MofResourceName returned by the driver in IRP_MN_REGINFO. 4. Check under the service key to verify that any MofImagePath value that might be specified is correct. 5. If using the binary .mof GUID, check that the driver receives an IRP that queries for the binary .mof data and that the IRP is completed successfully with the correct data and size. 6. Check %windir%\System32\Wbem\Logs\Wmiprov.log for errors. 7. Try to compile the .mof (not .bmf) file manually using Mofcomp. If your .mof file is named Driver.mof, then the command would be mofcomp -N:root/wmi driver.mof. See if any interesting error messages appear. 8. If Mofcomp succeeds and the .mof file is established in the schema, then most likely there is a problem with the WMIREGINFO data structure. A typical problem is that a class is derived from a base class that does not exist." |
Reference Links | INFO: Tips on WMI Driver Testing |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.