I have a brand-new machine that we just installed Windows Server 2008 Enterprise on about two months ago. In the event log, I am seeing thousands of EventID 1035 logged. This is MsiInstaller reconfiguring about a dozen products over and over, looping about every half-hour.
Has anyone seen this? As a beginning, I did a general web search, and most solutions revolved around Dell System Center or Google toolbar being installed as the culprit.
We have neither of those products installed.
Thanks for your help,
Dale
Best Answer
I can confirm the problem is triggered by WMI queries to the Win32_Product class. But as documented in this other question below, you cannot use the Win32reg_AddRemovePrograms if you don't have SCCM/SMS installed and even if you do would have to use Win32reg_AddRemovePrograms64 to get a list of 64bit programs
https://stackoverflow.com/questions/2416278/64bit-equivalent-class-for-a-wmi-class-win32reg-addremoveprograms
None of this was documented before as a bad thing, actually as the proper way to do it. I think the choice by Microsoft to do a repair check at the same time as responding to the query is just bad design. A query should never cause changes to a system, that should be a different "function" (WMI method). A sensible design could have included a periodic check into their "system maintenance" featrure of the newer operating systems, because that's also configurable and makes sense to users/administrators.
Anyway this was an old server, actually about to be decommissioned (Windows 2003 64bit). But it did happen on all of our servers for many years (that was a major hit to performance now it's confirmed). So I'll have to check again on the newer 2008 R2 servers to see if this will be an ongoing production issue or not.
But what I really wonder is how the heck I can explain to teams of packagers and support engineers that they must not use that WMI query/API. We've got hundred of scripts and tools written by lots of different people for 1000s of packages. There's no way it'll ever happen. So this behaviour should be fixed as a critical design fault by MS if it's still occurring in 2008 R2 and other supported OS versions. We'll certainly escalate it if it's still the case!