Known post installation event errors in SBS 2008 (and how to resolve them)

[Today's post comes to us courtesy of Lora McCambridge and Damian Leibaschoff]

SBS 2008 has been released to manufacturing (RTM), and if you haven't installed yet, you most likely will soon. As with previous versions of SBS, the complex interactions with partner products and configurations in use can lead to some noise in the event logs. We know of a few issues that you will see and we want to share information on how to resolve them or take action to prevent them. We are focusing on errors that will appear in a frequent enough ratio that they will be noticed right away, we are not going to be discussing one time events that can happen on shutdown, startup or right after the setup has been completed that will not affect any functionality and should not repeat themselves during normal operations.

  • DCOM Event 10016

Problem: You install Microsoft Windows SharePoint Services 3.0. When you view the System log after Windows SharePoint Services 3.0 is successfully installed, you see the event ID 10016 error message logged one or more times.

Type: Error
Source: DCOM
Category: None
Event ID: 10016
Description:
The application-specific permissions settings do not grant Local Activation permission for the COM Server application with CLSID {CLSID} to the user DomainNameUserName SID {SID}. This security permission can be modified using the Component Services administration tool

Resolution : The solution in this article will work for Windows Small Business Server 2008: https://support.microsoft.com/kb/920783

  • MSExchange Search Event 4625

Problem: Failed Security audits in the Security log- there is a problem in Microsoft.Exchange.Search.ExSearch.exe where an event id 4625 will be reported every few minutes.
Resolution: This should be fixed in the Exchange RU4 release which is currently targeted to be released in September of 2008. It can be ignored otherwise.

  • DCOM Event 10009

Problem: The DCOM event id 10009 will occur when a client workstation has a miss-configured firewall or other issues affecting its network communications within the domain, for example if the workstation is not managed by an SBS GPO. In this scenario, the DCOM event 10009 will happen repeatedly, potentially hundreds per day.
Resolution: To attempt to resolve configuration issues with the firewall try the following:

· Make sure to allow remote management exception. Depending on your firewall solution this might be implemented or might require opening several ports. Unfortunately, this means opening common ports like TCP/135, TCP/139 but also a range of dynamic ports that cannot easily be defined and start at 1025, check with your firewall manufacturer for proper ways of allowing dynamic RPC traffic.
· If using OneCare on the SBS client machines, make sure you are using the Small Business version of Windows Live OneCare. The Small Business version has a default set of firewall port exceptions as required by SBS to monitor the client workstations.
· If the workstation is on a different subnet than the SBS server and it is running Windows XP SP2 or higher, the firewall exceptions provided by the SBS group policies will not properly allow the required connectivity. You should edit the Client XP GPO and change the scope of the rules to allow subnet + the internal IP of the server. Follow the extra steps below to properly monitor XP SP2 (or higher) machines running in the SBS domain on different subnets than the SBS server, and prevent the DCOM 10009 errors if that is the case.

1. Open GPMC.MSC from Start-Run
2. Accept the UAC prompt
3. Expand Forest: Domain.local, Domains, Domain.local and select Group Policy Objects. (Replace Domain.local with your domain)
4. Select the Windows SBS Client – Windows XP Policy and then use right click on your mouse and select edit
5. Expand Computer Configuration, Policies, Administrative Templates, Network, Network Connections, Windows Firewall, Domain Profile
6. Find the IP Address of the server: Open a command prompt window (cmd.exe) from the Start menu. In the command prompt window type IPConfig and press return. Make note of the IPv4 address listed.
7. Double click on: Windows Firewall: “Allow inbound file and printer sharing exception”
a. in the text box labeled “Allow unsolicited incoming messages from these IP addresses”, add the IP (IPv4) of the server, so if the IP of the server is 192.168.1.2, it would end up reading: localsubnet,192.168.1.2
b. Click Ok
8. Repeat Steps 6.a and 6.b for the following rules:
Windows Firewall: Allow inbound remote administration exception
Windows Firewall: Allow inbound remote desktop exceptions