Many warning messages for PolicyAgentInstanceProvider are logged when you install the System Center 2012 Configuration Manager client

Symptoms
When you install Microsoft System Center 2012 Configuration Manager client, you may find that many warning messages for PolicyAgentInstanceProvider are logged in the Application log. Those messages resemble the following:
Log Name: Application
Source: Microsoft-Windows-WMI
Date: datetime
Event ID: 63
Task Category: None
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: computer_name
Description:
A provider, PolicyAgentInstanceProvider, has been registered in the Windows Management Instrumentation namespace root\ccm\Policy\S_1_5_21_1979764342_3823638770_2321459288_500 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
<EventID Qualifiers="32768">63</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="datetime" />
<EventRecordID>1470</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>computer_name</Computer>
<Security UserID="UserID" />
</System>
<EventData>
<Data>PolicyAgentInstanceProvider</Data>
<Data>root\ccm\Policy\S_1_5_21_1979764342_3823638770_2321459288_500</Data>
</EventData>
</Event>
Cause
These warning messages are expected. They occur because Configuration Manager is not included in the Windows Management Instrumentation (WMI) exclusion list of providers that can run under the local system account at the time of installation.
More information
These warning messages are expected during the installation of Configuration Manager client and can be safely ignored. PolicyAgentInstanceProvider is registered as safe with WMI during installation so the warning messages should stop being logged as soon as the setup program is finished.

If the warning messages continue to be logged after the installation of Configuration Manager client is complete, it may be because the Configuration Manager Client Retry Task in Scheduled Tasks was not removed after the successful install. If you continue to experience these warning messages after the Configuration Manager client is successfully installed, deleting or disabling this task in Scheduled Task will stops the numerous WMI warning messages from being generated.


Properties

Article ID: 2688239 - Last Review: 07/06/2015 21:48:00 - Revision: 4.0

Microsoft System Center 2012 Configuration Manager, Microsoft System Center 2012 Configuration Manager Service Pack 1, Microsoft System Center 2012 Configuration Manager Service Pack 2, Microsoft System Center 2012 R2 Configuration Manager, Microsoft System Center 2012 R2 Configuration Manager Service Pack 1

  • kbtshoot kbprb kbexpertiseinter kbsurveynew KB2688239
Feedback