Problem Statement / Overview

In our issue we were attempting to utilize the FIM WMI Namespace Provider ( root\MicrosoftIdentityIntegrationServer ) to execute some Windows PowerShell code.  In each instance, we received the error message “Provider Load Failure”.

WMI NAMESPACE ERROR
Provider Load Failure
 
In our troubleshooting, we utilized the tool WBEMTEST to test the FIM WMI Namespace Provider.  We received the same “Provider Load Failure” here as well.  We then utilized a troubleshooting tool known as Process Monitor ( Process Monitor Download ).  Process Monitor displayed some “ACCESS DENIED” results that were a bit concerning.

Process Monitor
10:35:29.7610369 AM wmiprvse.exe  2436    CreateFile        {{ FIM INSTALLATION LOCATION }}\Synchronization Service\Bin\mmswmi.dll       ACCESS DENIED       
Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a       File System     
WMI Provider Host    6.1.7601.17514 (win7sp1_rtm.101119-1850) NT AUTHORITY\NETWORK SERVICE           
00000000:000003e4   0          C:\Windows\system32\wbem\wmiprvse.exe -Embedding  2712    False            System                        612
 
10:35:29.7807654 AM wmiprvse.exe  2436    CreateFile        {{ FIM INSTALLATION LOCATION }}\Synchronization Service\Bin\mmswmi.dll       ACCESS DENIED       
Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a       File System     
WMI Provider Host    6.1.7601.17514 (win7sp1_rtm.101119-1850) NT AUTHORITY\NETWORK SERVICE           
00000000:000003e4   0          C:\Windows\system32\wbem\wmiprvse.exe -Embedding  2712    False            System                        612
 

Based on this information, we went to the {{ FIM INSTALLATION LOCATION }}\Synchronization Service and reviewed the security of the Bin folder.  Here we found the cause.  The bin folder contained only Administrators Group, and Users Group.  By default, it contains several other items.  However, to resolve the issue, we simply added the NETWORK SERVICE account and provided it with Full Control.

n  We tested with WBEMTEST.  Success!

n  We tested with PowerShell.  Success!

Cause

The Bin folder under {{ FIM INSTALLATION LOCATION }}\Synchronization Service had restricted permissions which did not include the NETWORK SERVICE account.

Resolution

Add the NETWORK SERVICE account and provide it FULL CONTROL to the Bin folder under {{ FIM INSTALLATION LOCATION }}\Synchronization Service.