COM: Event Errors and Permissions

COM Header


 


COM: Event Errors and Permissions


 


Description: When troubleshooting DCOM failures, scoping the issue will help determine how to properly troubleshoot the issue. Narrowing down the scope and points of failure will help on finding the fastest path to a resolution. Below are a few common symptoms you may encounter related to COM\DCOM.


 


When using your computer, you may experience one or more of the following symptoms:


 



  • Your DCOM based applications might generate errors (Event ID: 10xxx Source: DCOM) in the System event log either repeatedly or sporadically.

  • Your DCOM based application might lose network connectivity to RPC (DCOM) and not be able to recover.

  • Internet Explorer or Explorer.exe might fail to function properly.

  • Server Management System (SMS) Client might fail querying remote client workstations.

  • Windows Management Instrumentation (WMI) might fail to be able to connect remotely or query data remotely.

 


 


 Scoping the Issue: DCOM specific questions:


 



  • Are there any errors in the event logs – Event ID: 10xxx Source: DCOM?

  • Are the end-users affected and Local/Domain Administrator accounts affected or just the end-user accounts? Check the NTFS permissions and/or registry permissions (DCOM).

  • Are there any network related errors? Is RPC (DCOM) working?

  • When did the issue start occurring?

  • What has changed?

  • Application update?

  • Hardware update/failure?

  • Driver update?

  • Antivirus definition update?

  • Security hotfix update ?

  • GPO modification?

  • How did you get notified about the problem? Did the end-users call the helpdesk?

  • Are all the client workstations and servers affected?

  • What OS and Service Pack are affected?


    • Windows NT 4.0 Wks/Srv/TS

    • Windows 2000 Pro/Srv

    • Windows XP Pro

    • Windows Server 2003

    • Windows Server 2008

    • Windows 7

    • Windows Server 2008 R2

  • Does the issue occur on machines in the same subnet or just on a LAN or WAN?

  • Can you ping the server when the issue occurs?

  • Can you open network shares when the issue occurs?

  • How frequently does the DCOM error occur?

  • Does the DCOM errors occur during any particular time of day, or does it occur when a certain application is run?

  • Are there any application specific errors on the screen?

  • How does the machine recover? Do you just wait? Or do you have to reboot the machine?

  


 


Data Gathering: When troubleshooting DCOM related errors, be aware that the issues could be related to permissions, network infrastructure, 3rd party or custom applications.


 



  • Collect MPSReports/MSDT

  • Collect Process Monitor logs – Process Monitor should be gathered on both the Server and as well as the clients that are having the issues.

  • Collect Network trace

  • Get a list of DCOM permissions

  • Export The HKEY_CLASSES_ROOT Key From The Problem Machine

 



 


Additional Resources:


 


244600 Default NTFS Permissions in Windows 2000


http://support.microsoft.com/default.aspx?kbid=244600


 


313222 How To Reset Security Settings Back to the Defaults


http://support.microsoft.com/default.aspx?kbid=313222