| View previous topic :: View next topic
|
| Author |
Message |
James Minard
Guest
|
 Posted: Wed Dec 17, 2008 5:06 pm Post subject: DCOM 10009 Server 2003 DC |
 |
|
|
The server's system log is recieving numerous DCOM 10009 events - DCOM was
unable to communicate with the computer <computername> using any of the
configured protocols. I created the EnableEELogging registry key in
HKLM\software\microsoft\ole and am receiving the following extended details.
I also changed the following permissions in the registry, which hasn't
stopped the messages from appearing: HEY_CLASSES_ROOT\CLSID (and all child
keys and values) Permissions Added: Authenticated users: Read access,
Network Service: full control.
0000: 3c 52 65 63 6f 72 64 23 <Record#
0008: 31 3a 20 43 6f 6d 70 75 1: Compu
0010: 74 65 72 3d 28 6e 75 6c ter=(nul
0018: 6c 29 3b 50 69 64 3d 37 l);Pid=7
0020: 35 36 3b 31 32 2f 31 37 56;12/17
0028: 2f 32 30 30 38 20 31 37 /2008 17
0030: 3a 33 31 3a 38 3a 35 33 :31:8:53
0038: 30 3b 53 74 61 74 75 73 0;Status
0040: 3d 31 37 32 32 3b 47 65 =1722;Ge
0048: 6e 63 6f 6d 70 3d 38 3b ncomp=8;
0050: 44 65 74 6c 6f 63 3d 33 Detloc=3
0058: 32 33 3b 46 6c 61 67 73 23;Flags
0060: 3d 30 3b 50 61 72 61 6d =0;Param
0068: 73 3d 30 3b 3e 3c 52 65 s=0;><Re
0070: 63 6f 72 64 23 32 3a 20 cord#2:
0078: 43 6f 6d 70 75 74 65 72 Computer
0080: 3d 28 6e 75 6c 6c 29 3b =(null);
0088: 50 69 64 3d 37 35 36 3b Pid=756;
0090: 31 32 2f 31 37 2f 32 30 12/17/20
0098: 30 38 20 31 37 3a 33 31 08 17:31
00a0: 3a 38 3a 35 33 30 3b 53 :8:530;S
00a8: 74 61 74 75 73 3d 31 32 tatus=12
00b0: 33 37 3b 47 65 6e 63 6f 37;Genco
00b8: 6d 70 3d 38 3b 44 65 74 mp=8;Det
00c0: 6c 6f 63 3d 33 31 33 3b loc=313;
00c8: 46 6c 61 67 73 3d 30 3b Flags=0;
00d0: 50 61 72 61 6d 73 3d 30 Params=0
00d8: 3b 3e 3c 52 65 63 6f 72 ;><Recor
00e0: 64 23 33 3a 20 43 6f 6d d#3: Com
00e8: 70 75 74 65 72 3d 28 6e puter=(n
00f0: 75 6c 6c 29 3b 50 69 64 ull);Pid
00f8: 3d 37 35 36 3b 31 32 2f =756;12/
0100: 31 37 2f 32 30 30 38 20 17/2008
0108: 31 37 3a 33 31 3a 38 3a 17:31:8:
0110: 35 33 30 3b 53 74 61 74 530;Stat
0118: 75 73 3d 31 30 30 36 30 us=10060
0120: 3b 47 65 6e 63 6f 6d 70 ;Gencomp
0128: 3d 38 3b 44 65 74 6c 6f =8;Detlo
0130: 63 3d 33 31 31 3b 46 6c c=311;Fl
0138: 61 67 73 3d 30 3b 50 61 ags=0;Pa
0140: 72 61 6d 73 3d 33 3b 7b rams=3;{
0148: 50 61 72 61 6d 23 30 3a Param#0:
0150: 31 33 35 7d 7b 50 61 72 135}{Par
0158: 61 6d 23 31 3a 30 78 30 am#1:0x0
0160: 7d 7b 50 61 72 61 6d 23 }{Param#
0168: 32 3a 30 78 30 7d 3e 3c 2:0x0}><
0170: 52 65 63 6f 72 64 23 34 Record#4
0178: 3a 20 43 6f 6d 70 75 74 : Comput
0180: 65 72 3d 28 6e 75 6c 6c er=(null
0188: 29 3b 50 69 64 3d 37 35 );Pid=75
0190: 36 3b 31 32 2f 31 37 2f 6;12/17/
0198: 32 30 30 38 20 31 37 3a 2008 17:
01a0: 33 31 3a 38 3a 35 33 30 31:8:530
01a8: 3b 53 74 61 74 75 73 3d ;Status=
01b0: 31 30 30 36 30 3b 47 65 10060;Ge
01b8: 6e 63 6f 6d 70 3d 38 3b ncomp=8;
01c0: 44 65 74 6c 6f 63 3d 33 Detloc=3
01c8: 31 38 3b 46 6c 61 67 73 18;Flags
01d0: 3d 30 3b 50 61 72 61 6d =0;Param
01d8: 73 3d 30 3b 3e s=0;>
This event has numerous times for 13 different computers names today alone.
Considering we have about 200 computers on the network with pretty much the
same configurations and applications running, I'm not sure why I'm not
seeing all of the computers generating these events on the server. The
events started appearing on November 13th, which looks to correspond with
the following windows updates being installed on the PCs:
Security Update for Microsoft XML Core Services 4.0 Service Pack 2
(KB954430)
Security Update for Windows XP (KB955069)
Update for Microsoft Office Outlook 2003 Junk Email Filter (KB957832)
Security Update for Microsoft Office 2003 (KB951535)
Security Update for Windows XP (KB957097)
Security Update for Microsoft Office 2007 (KB951550)
Security Update for Microsoft XML Core Services 6.0 Service Pack 2
(KB954459)
Windows Malicious Software Removal Tool - November 2008 (KB890830)
Anyone else seeing this on their servers? The server runs a myriad of
services - AD, DNS, WINS, DHCP, WSUS, Exchange, IIS, Symantec AV, file and
print. Any help would be greatly appreciated.
James Minard
|
|
| Back to top |
|
 |
Guest
Guest
Posts
Location
|
| Posted: Wed Dec 17, 2008 5:06 pm Post subject: Google Ads |
|
|
|
|
|
| Back to top |
|
|
Thee Chicago Wolf
Guest
|
| Posted: Wed Dec 17, 2008 5:37 pm Post subject: Re: DCOM 10009 Server 2003 DC |
|
|
| Quote: | The server's system log is recieving numerous DCOM 10009 events - DCOM was
unable to communicate with the computer <computername> using any of the
configured protocols. I created the EnableEELogging registry key in
HKLM\software\microsoft\ole and am receiving the following extended details.
I also changed the following permissions in the registry, which hasn't
stopped the messages from appearing: HEY_CLASSES_ROOT\CLSID (and all child
keys and values) Permissions Added: Authenticated users: Read access,
Network Service: full control.
0000: 3c 52 65 63 6f 72 64 23 <Record#
0008: 31 3a 20 43 6f 6d 70 75 1: Compu
0010: 74 65 72 3d 28 6e 75 6c ter=(nul
0018: 6c 29 3b 50 69 64 3d 37 l);Pid=7
0020: 35 36 3b 31 32 2f 31 37 56;12/17
0028: 2f 32 30 30 38 20 31 37 /2008 17
0030: 3a 33 31 3a 38 3a 35 33 :31:8:53
0038: 30 3b 53 74 61 74 75 73 0;Status
0040: 3d 31 37 32 32 3b 47 65 =1722;Ge
0048: 6e 63 6f 6d 70 3d 38 3b ncomp=8;
0050: 44 65 74 6c 6f 63 3d 33 Detloc=3
0058: 32 33 3b 46 6c 61 67 73 23;Flags
0060: 3d 30 3b 50 61 72 61 6d =0;Param
0068: 73 3d 30 3b 3e 3c 52 65 s=0;><Re
0070: 63 6f 72 64 23 32 3a 20 cord#2:
0078: 43 6f 6d 70 75 74 65 72 Computer
0080: 3d 28 6e 75 6c 6c 29 3b =(null);
0088: 50 69 64 3d 37 35 36 3b Pid=756;
0090: 31 32 2f 31 37 2f 32 30 12/17/20
0098: 30 38 20 31 37 3a 33 31 08 17:31
00a0: 3a 38 3a 35 33 30 3b 53 :8:530;S
00a8: 74 61 74 75 73 3d 31 32 tatus=12
00b0: 33 37 3b 47 65 6e 63 6f 37;Genco
00b8: 6d 70 3d 38 3b 44 65 74 mp=8;Det
00c0: 6c 6f 63 3d 33 31 33 3b loc=313;
00c8: 46 6c 61 67 73 3d 30 3b Flags=0;
00d0: 50 61 72 61 6d 73 3d 30 Params=0
00d8: 3b 3e 3c 52 65 63 6f 72 ;><Recor
00e0: 64 23 33 3a 20 43 6f 6d d#3: Com
00e8: 70 75 74 65 72 3d 28 6e puter=(n
00f0: 75 6c 6c 29 3b 50 69 64 ull);Pid
00f8: 3d 37 35 36 3b 31 32 2f =756;12/
0100: 31 37 2f 32 30 30 38 20 17/2008
0108: 31 37 3a 33 31 3a 38 3a 17:31:8:
0110: 35 33 30 3b 53 74 61 74 530;Stat
0118: 75 73 3d 31 30 30 36 30 us=10060
0120: 3b 47 65 6e 63 6f 6d 70 ;Gencomp
0128: 3d 38 3b 44 65 74 6c 6f =8;Detlo
0130: 63 3d 33 31 31 3b 46 6c c=311;Fl
0138: 61 67 73 3d 30 3b 50 61 ags=0;Pa
0140: 72 61 6d 73 3d 33 3b 7b rams=3;{
0148: 50 61 72 61 6d 23 30 3a Param#0:
0150: 31 33 35 7d 7b 50 61 72 135}{Par
0158: 61 6d 23 31 3a 30 78 30 am#1:0x0
0160: 7d 7b 50 61 72 61 6d 23 }{Param#
0168: 32 3a 30 78 30 7d 3e 3c 2:0x0}
0170: 52 65 63 6f 72 64 23 34 Record#4
0178: 3a 20 43 6f 6d 70 75 74 : Comput
0180: 65 72 3d 28 6e 75 6c 6c er=(null
0188: 29 3b 50 69 64 3d 37 35 );Pid=75
0190: 36 3b 31 32 2f 31 37 2f 6;12/17/
0198: 32 30 30 38 20 31 37 3a 2008 17:
01a0: 33 31 3a 38 3a 35 33 30 31:8:530
01a8: 3b 53 74 61 74 75 73 3d ;Status=
01b0: 31 30 30 36 30 3b 47 65 10060;Ge
01b8: 6e 63 6f 6d 70 3d 38 3b ncomp=8;
01c0: 44 65 74 6c 6f 63 3d 33 Detloc=3
01c8: 31 38 3b 46 6c 61 67 73 18;Flags
01d0: 3d 30 3b 50 61 72 61 6d =0;Param
01d8: 73 3d 30 3b 3e s=0;
This event has numerous times for 13 different computers names today alone.
Considering we have about 200 computers on the network with pretty much the
same configurations and applications running, I'm not sure why I'm not
seeing all of the computers generating these events on the server. The
events started appearing on November 13th, which looks to correspond with
the following windows updates being installed on the PCs:
Security Update for Microsoft XML Core Services 4.0 Service Pack 2
(KB954430)
Security Update for Windows XP (KB955069)
Update for Microsoft Office Outlook 2003 Junk Email Filter (KB957832)
Security Update for Microsoft Office 2003 (KB951535)
Security Update for Windows XP (KB957097)
Security Update for Microsoft Office 2007 (KB951550)
Security Update for Microsoft XML Core Services 6.0 Service Pack 2
(KB954459)
Windows Malicious Software Removal Tool - November 2008 (KB890830)
Anyone else seeing this on their servers? The server runs a myriad of
services - AD, DNS, WINS, DHCP, WSUS, Exchange, IIS, Symantec AV, file and
print. Any help would be greatly appreciated.
James Minard
|
See if some of the info here is of any use:
http://www.eventid.net/display.asp?eventid=10009&eventno=579&source=DCOM&phase=1
- Thee Chicago Wolf
|
|
| Back to top |
|
|
James Minard
Guest
|
| Posted: Wed Dec 17, 2008 5:47 pm Post subject: Re: DCOM 10009 Server 2003 DC |
|
|
I've been through those, and if one of the solutions is relevant, I'm not
seeing it. Thanks though.
James
"Thee Chicago Wolf" <.@.> wrote in message
news:3mhik4dgrr88nnopmoak3ovrvfsui6i5hm@4ax.com...
| Quote: | The server's system log is recieving numerous DCOM 10009 events - DCOM
was
unable to communicate with the computer <computername> using any of the
configured protocols. I created the EnableEELogging registry key in
HKLM\software\microsoft\ole and am receiving the following extended
details.
I also changed the following permissions in the registry, which hasn't
stopped the messages from appearing: HEY_CLASSES_ROOT\CLSID (and all child
keys and values) Permissions Added: Authenticated users: Read access,
Network Service: full control.
0000: 3c 52 65 63 6f 72 64 23 <Record#
0008: 31 3a 20 43 6f 6d 70 75 1: Compu
0010: 74 65 72 3d 28 6e 75 6c ter=(nul
0018: 6c 29 3b 50 69 64 3d 37 l);Pid=7
0020: 35 36 3b 31 32 2f 31 37 56;12/17
0028: 2f 32 30 30 38 20 31 37 /2008 17
0030: 3a 33 31 3a 38 3a 35 33 :31:8:53
0038: 30 3b 53 74 61 74 75 73 0;Status
0040: 3d 31 37 32 32 3b 47 65 =1722;Ge
0048: 6e 63 6f 6d 70 3d 38 3b ncomp=8;
0050: 44 65 74 6c 6f 63 3d 33 Detloc=3
0058: 32 33 3b 46 6c 61 67 73 23;Flags
0060: 3d 30 3b 50 61 72 61 6d =0;Param
0068: 73 3d 30 3b 3e 3c 52 65 s=0;><Re
0070: 63 6f 72 64 23 32 3a 20 cord#2:
0078: 43 6f 6d 70 75 74 65 72 Computer
0080: 3d 28 6e 75 6c 6c 29 3b =(null);
0088: 50 69 64 3d 37 35 36 3b Pid=756;
0090: 31 32 2f 31 37 2f 32 30 12/17/20
0098: 30 38 20 31 37 3a 33 31 08 17:31
00a0: 3a 38 3a 35 33 30 3b 53 :8:530;S
00a8: 74 61 74 75 73 3d 31 32 tatus=12
00b0: 33 37 3b 47 65 6e 63 6f 37;Genco
00b8: 6d 70 3d 38 3b 44 65 74 mp=8;Det
00c0: 6c 6f 63 3d 33 31 33 3b loc=313;
00c8: 46 6c 61 67 73 3d 30 3b Flags=0;
00d0: 50 61 72 61 6d 73 3d 30 Params=0
00d8: 3b 3e 3c 52 65 63 6f 72 ;><Recor
00e0: 64 23 33 3a 20 43 6f 6d d#3: Com
00e8: 70 75 74 65 72 3d 28 6e puter=(n
00f0: 75 6c 6c 29 3b 50 69 64 ull);Pid
00f8: 3d 37 35 36 3b 31 32 2f =756;12/
0100: 31 37 2f 32 30 30 38 20 17/2008
0108: 31 37 3a 33 31 3a 38 3a 17:31:8:
0110: 35 33 30 3b 53 74 61 74 530;Stat
0118: 75 73 3d 31 30 30 36 30 us=10060
0120: 3b 47 65 6e 63 6f 6d 70 ;Gencomp
0128: 3d 38 3b 44 65 74 6c 6f =8;Detlo
0130: 63 3d 33 31 31 3b 46 6c c=311;Fl
0138: 61 67 73 3d 30 3b 50 61 ags=0;Pa
0140: 72 61 6d 73 3d 33 3b 7b rams=3;{
0148: 50 61 72 61 6d 23 30 3a Param#0:
0150: 31 33 35 7d 7b 50 61 72 135}{Par
0158: 61 6d 23 31 3a 30 78 30 am#1:0x0
0160: 7d 7b 50 61 72 61 6d 23 }{Param#
0168: 32 3a 30 78 30 7d 3e 3c 2:0x0}
0170: 52 65 63 6f 72 64 23 34 Record#4
0178: 3a 20 43 6f 6d 70 75 74 : Comput
0180: 65 72 3d 28 6e 75 6c 6c er=(null
0188: 29 3b 50 69 64 3d 37 35 );Pid=75
0190: 36 3b 31 32 2f 31 37 2f 6;12/17/
0198: 32 30 30 38 20 31 37 3a 2008 17:
01a0: 33 31 3a 38 3a 35 33 30 31:8:530
01a8: 3b 53 74 61 74 75 73 3d ;Status=
01b0: 31 30 30 36 30 3b 47 65 10060;Ge
01b8: 6e 63 6f 6d 70 3d 38 3b ncomp=8;
01c0: 44 65 74 6c 6f 63 3d 33 Detloc=3
01c8: 31 38 3b 46 6c 61 67 73 18;Flags
01d0: 3d 30 3b 50 61 72 61 6d =0;Param
01d8: 73 3d 30 3b 3e s=0;
This event has numerous times for 13 different computers names today
alone.
Considering we have about 200 computers on the network with pretty much
the
same configurations and applications running, I'm not sure why I'm not
seeing all of the computers generating these events on the server. The
events started appearing on November 13th, which looks to correspond with
the following windows updates being installed on the PCs:
Security Update for Microsoft XML Core Services 4.0 Service Pack 2
(KB954430)
Security Update for Windows XP (KB955069)
Update for Microsoft Office Outlook 2003 Junk Email Filter (KB957832)
Security Update for Microsoft Office 2003 (KB951535)
Security Update for Windows XP (KB957097)
Security Update for Microsoft Office 2007 (KB951550)
Security Update for Microsoft XML Core Services 6.0 Service Pack 2
(KB954459)
Windows Malicious Software Removal Tool - November 2008 (KB890830)
Anyone else seeing this on their servers? The server runs a myriad of
services - AD, DNS, WINS, DHCP, WSUS, Exchange, IIS, Symantec AV, file and
print. Any help would be greatly appreciated.
James Minard
See if some of the info here is of any use:
http://www.eventid.net/display.asp?eventid=10009&eventno=579&source=DCOM&phase=1
- Thee Chicago Wolf |
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Topic Links: syslog
Powered by phpBB © 2001, 2005 phpBB Group
|
Windows-Expert.com Forum Index
•
FAQ
•
Search
