Patch My PC / Blog

Introduction to WBEMTEST

by | Feb 16, 2024 | Blog

What is WBEMtest?

WBEMtest is a Windows Management Instrumentation Tester tool built into all Windows NT based operating systems. It provides a graphical interface to WMI and its capable of performing the following tasks:

  • Enumerate, open, create, and delete WMI classes.
  • Enumerate, open, create, and delete WMI instances.
  • Query WMI data using a SQL like syntax (WQL).
  • Execute methods declared on instances or classes.
  • Remote access to WMI providers.

What is WMI? Without getting too far off the topic of this blog, Windows Management Instrumentation (WMI) is a Microsoft implementation of Web-Based Enterprise Management (WBEM). WBEM is an industry standard for accessing and managing information in an enterprise environment. WMI relies on Windows Remote Management (WinRM) or DCOM to create WMI connections. Having a working understanding of WMI in important to understand the function of WBEMtest. You can read more about WMI and its architecture here.

What are the WBEMtest use cases?

WBEMtest can be used in a wide variety of WMI interactions. Many modern applications, including Microsoft Endpoint Configuration Manager, rely on the Windows Management Instrumentation (WMI) for essential functions. WBEMtest can be a useful tool in the troubleshooting/debugging of those applications such as ensuring the health of the WMI provider/repository, validate correct access permissions on namespaces or instance data, and testing WMI connectivity. Other use cases include:

  • Querying application-specific namespaces to verify data stored within the repository.
  • Manually invoke application-specific methods declared on classes or instance data.
  • Test for or gather more detailed information for error messages emitted from the WMI provider.
  • Explore WMI namespaces to understand schemas defined by an application in the repository.
  • Build useful WMI queries.
  • Ensuring the Windows Management Instrumentation Windows Service is running on the local or remote computer.
  • Ensuring the correct firewall rules are enabled for remote WMI connection.

How to use WBEMtest?

Since WBEMtest is part of the Windows family of operating systems it can be started by simply typing ‘WEBMtest’ into the start menu or into Run. If a remote host is unavailable, you will receive an error message with specific details about the error. This is useful when trying to troubleshoot a potentially broken provider. In this example, we will use WBEMtest to execute a WQL query on a remote host in the rootcimv2 namespace.

  1. Type ‘wbemtest’ into the start menu to launch WBEMtest.
    You can also run wbemtest from the 'Run...' prompt or command line.
  2. Fill in the namespace field with the host and namespace and click ‘Connect…’ to connect to the local computer or remote host. Here you can optionally input user credentials.
    You can provide a remote host via UNC or specify no host at all to connect locally.
  3. All UI controls should become active. From here you can enumerate classes and instances, perform Create or Delete operations, query using WQL, execute methods, or invoke a number of other functions. Click on the ‘Query…’ button to enter a WMI query.
    The tester has successfully connected to the provider at the given namespace under the current user context.
  4. Run an example query from cimv2 to enumerate instance data and click ‘Apply’. The query syntax is WQL (Windows Management Instrumentation Query Language) and is very similar to SQL queries.
    Win32_ComputerSystem is a class defined in rootCIMv2 namespace.
    The WQL query returns 1 object.
    You'll see Win32_ComputerSystem class schema information as well as the instance data in this view.

The object editor is a powerful tool that allows you to edit the schema and instance data. It is a common window to see throughout WBEMtest. You’ll want to exercise caution here as making edits can potentially break applications which rely on it. Also note you can Add/Edit/Delete method declarations in a schema.

How can WBEMtest help troubleshoot Microsoft Endpoint Configuration Manager?

The cool thing with WBEMtest is that it can be used to troubleshoot, view, or execute on data that exists within the site server or its clients. Site server data will be housed in ROOTSMS or client data in ROOTccm. Using WBEMtest to verify connection to either of these WMI namespaces provides useful information during troubleshooting issues with a site server or client. I’ve frequently used WBEMtest to test WMI connectivity to a client using the site server account or the client installation account. I’ll go over a couple of examples of its usefulness in managing Configuration Manager clients.

Example 1 – Get a list of deployed applications

Suppose you’ve deployed a new application, and you suspect a client has not received the advertisement for some reason. You can use WBEMtest to connect to the remote computer to verify if CCM client has received the new deployment.

  1. Use the steps above to connect to the remote machine under the ‘rootCCMClientSDK’ namespace.
    WBEM is connected locally to the rootCCMClientSDK namespace
  2. Next, we will want to enumerate instances of the class CCM_Application. Click on the ‘Enum Instances…’ button and enter CCM_Application as the superclass name.
    Click on the 'Enum Instances...' button and enter CCM_Application as the superclass name
  3. In this example there are two applications that are deployed to this machine. They show up as separate instances of the CCM_Application class. You can double-click an instance to bring up the application deployment metadata via the object editor.
    Two applications are deployed to this client.

If an application is missing from this list which you know you have deployed to this client, then we know a potential problem may exist. The client may have simply not yet invoked an application deployment evaluation cycle, the client may be unhealthy, or another underlying problem may exist. Alternately, if you wish to perform some action on an application deployment, there are a number of methods attached to CCM_Application which can be invoked.

Methods to install, repair, or uninstall an application deployment exists on CCM_Application.

Example 2 – Run a CCM client action

So now you’ve determined the first step would be to force refresh the machine policy and run an application deployment policy. While it is true you can do this on a client from the Configuration Manager console, we want to invoke it from WMI using WBEMtest! All the actions that exist within the CCM client ‘Actions’ tab are backed by a corresponding WMI method on the SMS_Client class instance. There are also several more actions that can be invoked outside of what is available in the CCM client ‘Actions’ tab or the context menu in Configuration Manager.

  1. Connect to a client with WBEMtest using the steps above. Connect to the ‘rootccm’ namespace.
    WBEMtest connected to 'rootccm' on localhost.
  2. Click on ‘Execute Method..’, enter in the class name ‘SMS_Client’ and click ‘OK’.
    Click on 'Execute Method..', enter in the class name 'SMS_Client' and click 'OK'
  3. A number of methods are selectable and executable from the drop-down list. Select EvaluateMachinePolicy and click ‘Execute’.
    Select EvaluateMachinePolicy and click Execute!
    Machine policy evaluation executed successfully.
    The most versatile method available in ‘SMS_Client’ is the ;riggerSchedule; method. It will allow you to invoke a number of client actions by passing a ScheduleId to the method as a parameter. A full list of ScheduleIds is available here. As an example, we will invoke an Application Deployment evaluation.
  4. Select the ‘TriggerSchedule’ method on SMS_Client. This method requires parameters.
    'Edit In Paramters...' and 'Clear In Parameters' light up because this method accepts parameters.
  5. Click on ‘Edit In Parameters…” to open the object editor. Find ‘sScheduleId’ property and click the ‘Edit Property’ button.
    'sScheduleId' is the name of the parameter 'TriggerSchedule' accepts.  Refer to MS documentation.
  6. Click the ‘Not NULL’ radio button and enter in the appropriate ScheduleId then click ‘Save Property’. This will take you back to the Object editor. Click the ‘Save Object’ button to save the parameter set.
    The parameter requires the curly braces around the GUID or the method execution will fail.
  7. Click the ‘Execute’ button on the ‘Execute Method’ window.
    Click the 'Execute' button on the 'Execute Method' window

Summary

Hopefully this demonstrates how WBEMtest is a useful tool for troubleshooting, querying data, validating data, and executing actions. Best of all: it is built into every recent Microsoft operating system. For those who run Microsoft Endpoint Configuration Manager sites, this tool is highly valuable to troubleshoot or interact with site servers, components, and clients. There are many Configuration Manager actions/data that is exposed through WMI and tools to interact with it become invaluable to a Systems Administrator.

View Full SCUP Catalog