Announcement

Collapse
No announcement yet.

Tons of DCOM errors

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Tons of DCOM errors

    Since it's becoming extensively annoying does anyone know what to do with all those DCOM errors showing up in the logs after server migration. Is this something that's related to the Swing methodology or is something that just happens on SBS and you have to live with it?

  • #2
    Re: Tons of DCOM errors

    Could you give us a clue
    a) which SBS version?
    b) what you swung from?
    c) Actual event number and text?
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Tons of DCOM errors

      Sorry, I just assumed it's typical since I see that on all the migrated servers. So SBS2003 to SBS 2008/2010
      Event ID 10009

      DCOM was unable to communicate with the computer workstation_name.domain.local using any of the configured protocols.

      This occurs pretty much every second.
      Hopefully someone knows of a fix that can be applied thrugh GPOs or PS rather than to each individual workstation manually.

      Comment


      • #4
        Re: Tons of DCOM errors

        It's a DNS issue usually, have a look at this thread.
        BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
        sigpic
        Cruachan's Blog

        Comment


        • #5
          Re: Tons of DCOM errors

          Old DNS entries could be the issue.

          Another thing to check is your firewall GPO for workstations. If you have one, temporarily disable it, and create a new one from the SBS 2008 Group Policy Console. If you do not, set one up with firewall off for Domain computers.

          Your Hardware Firewall should be sufficient.

          Bad firewall policies are often linked to this event after migration

          EDIT: Quickly looked up the event on bing, and found this which you could look at. Similar to my suggestion http://support.microsoft.com/kb/957713
          Last edited by Dutch; 26th September 2012, 23:24.

          Comment


          • #6
            Re: Tons of DCOM errors

            Originally posted by Dutch View Post
            Another thing to check is your firewall GPO for workstations. If you have one, temporarily disable it, and create a new one from the SBS 2008 Group Policy Console. If you do not, set one up with firewall off for Domain computers.

            Your Hardware Firewall should be sufficient.

            Bad firewall policies are often linked to this event after migration
            Can't say I agree with this, the default SBS policies setup firewall exceptions for the client computers, and I would never advocate turning off the Windows Firewall on all client PCs. The article you link to does not suggest turning the policy off or disabling the firewall, but does suggest checking that the remote management exception is in place. It also explicitly states that the default policies contain the required exceptions.
            BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
            sigpic
            Cruachan's Blog

            Comment


            • #7
              Re: Tons of DCOM errors

              Half way agree with you. 50/50 on it. I did mention it was similar. Not identical.
              Creating exceptions would achieve the same after a bit more work

              Guess it depends how you prefer to handle firewall security.
              You could leave your workstation Firewall turned on for domain PC's, even though your hardware firewall does that exact job already if you set it up right.

              There might be specific reasons as to why one would perhaps want to manage a firewall locally on systems as well, but that all varies per site and preference.
              In my view it creates a administrative overhead. I rather manage it from a single point, rather than two.

              If you do not have a proper hardware firewall solution such as for example a Cisco ASA, than by all means leave the local FW enabled, and check the exception rules yes.
              But as per your suggestion, he should check DNS first and clean it up. After that if problem persists he could check his Firewall Exceptions if that is what he prefers.

              Comment


              • #8
                Re: Tons of DCOM errors

                Sorry for late replay but was on some out of office job and had no chance to get on the Internet too much. I set up scavenging on the server and run Scavenge Now. Will check again tomorrow to see if anything's changed. Thanks for your help

                Comment


                • #9
                  Re: Tons of DCOM errors

                  Originally posted by Dutch View Post
                  Half way agree with you. 50/50 on it. I did mention it was similar. Not identical.
                  Creating exceptions would achieve the same after a bit more work

                  Guess it depends how you prefer to handle firewall security.
                  You could leave your workstation Firewall turned on for domain PC's, even though your hardware firewall does that exact job already if you set it up right.

                  There might be specific reasons as to why one would perhaps want to manage a firewall locally on systems as well, but that all varies per site and preference.
                  In my view it creates a administrative overhead. I rather manage it from a single point, rather than two.

                  If you do not have a proper hardware firewall solution such as for example a Cisco ASA, than by all means leave the local FW enabled, and check the exception rules yes.
                  But as per your suggestion, he should check DNS first and clean it up. After that if problem persists he could check his Firewall Exceptions if that is what he prefers.
                  There is no work in creating exceptions, as the default GPOs do it for you, so no administrative overhead at all. Edge firewall and client firewall are IMO not the same thing and one is not a substitute for the other. How do you deal with laptops that travel for example?
                  BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
                  sigpic
                  Cruachan's Blog

                  Comment


                  • #10
                    Re: Tons of DCOM errors

                    So far so good. I cannot see any new DCOMs! Thanks a lot

                    Comment


                    • #11
                      Re: Tons of DCOM errors

                      Originally posted by cruachan View Post
                      There is no work in creating exceptions, as the default GPOs do it for you, so no administrative overhead at all. Edge firewall and client firewall are IMO not the same thing and one is not a substitute for the other. How do you deal with laptops that travel for example?
                      I won't go into it too much, as it would change the subject of the post. But as stated I disable domain PC firewalls only, not domain laptops and other mobile devices which would utilize the "Public" or "Private" profile when connected to a different LAN. We utilize many applications both Windows, as well as Mac & Unix related.
                      The ports blocked by default in Windows often impact other products, as Windows will not add the rules by default for alternate apps.

                      Perhaps to explain more clearly. Anything behind the firewall on the domain, which does not connect to any outside source, or leave the workplace, should be sufficiently protected by a single hardware firewall. Henceforth PC's in the "Workstation" or "Server" OU's, will have their firewall disabled.
                      Anything in the "Mobile (aka Laptops etc) OU, will have their Private & Public Firewalls enabled.

                      EDIT: I guess that that latter bit would still create the overhead I mentioned, as one would still need to add exceptions for some web enabled apps, so I can see the point of just setting the firewall for all systems. Than again, there might be programs running from the server's that could be potentially impacted)

                      To get back on topic, good to hear the DCOM issues are resolved. Was it the DNS as cruachan also suspected yaro127? Might be handy for future readers to know the solution
                      Last edited by Dutch; 4th October 2012, 20:09.

                      Comment

                      Working...
                      X