RE: DCOM error...
- From: v-yanniw@xxxxxxxxxxxxxxxxxxxx ("Jenny wu [MSFT]")
- Date: Mon, 12 Dec 2005 12:08:34 GMT
Hi,
Thanks for your update!
I am sorry for the delayed response due to weekend. Please understand that
the newsgroups are staffed weekdays by Microsoft Support professionals to
answer your systems and applications questions. Your understanding is
greatly appreciated!
First, may I know have you applied SP1 on the Windows Server 2003 DC? If
yes, please check the following:
Windows Server 2003 SP1 introduces enhanced default security settings for
the DCOM protocol. Specifically, SP1 introduces more precise rights that
give an administrator independent control over local and remote permissions
for launching, activating, and accessing COM servers.
Windows Server 2003 SP1 introduces enhanced default security settings for
the DCOM protocol. Specifically, SP1 introduces more precise rights that
give an administrator independent control over local and remote permissions
for launching, activating, and accessing COM servers.
As the Windows Server 2003 Certificate Services provides enrollment and
administration services by using the DCOM protocol, I suspect that it may
be the cause of the problem.
Suggestions:
=============
1. Please check to ensure that a new security group, CERTSVC_DCOM_ACCESS,
has been created after applied the SP1.
2. Please add the "Domain Users", "Domain Computers", "Domain Controllers"
groups to the new CERTSVC_DCOM_ACCESS security group.
3. If possible, please backup the other Windows Server 2003 DC (without
SP1), and then apply Service Pack 1 on it as well.
4. Then, we can have Certificate Services update the DCOM security settings
by running the following commands:
certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG
net stop certsvc
net start certsvc
Please check if the problem has been fixed.
I look forward to your reply. Also, if you have any questions or concerns,
please do not hesitate to let me know. I am happy to help. :-)
Have a nice day!
Sincerely,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>Thread-Topic: DCOM error...
>thread-index: AcX+QOqY6NeaRdvWQ6CBElf04+gQHA==
>X-WBNR-Posting-Host: 61.94.152.164
>From: "=?Utf-8?B?RGhvdw==?=" <Dhow@xxxxxxxxxxxxxxxxxxxxxxxxx>
>References: <2AE6D9A3-3073-4A2C-99C9-2520FCB91521@xxxxxxxxxxxxx>
<oj##eTj#FHA.3152@xxxxxxxxxxxxxxxxxxxxx>
<C1160FDA-97FC-43E3-93C2-3ED158EB06F8@xxxxxxxxxxxxx>
<uC#WSy$#FHA.3764@xxxxxxxxxxxxxxxxxxxxx>
>Subject: RE: DCOM error...
>Date: Sun, 11 Dec 2005 02:52:01 -0800
>Lines: 29
>Message-ID: <B69C54D0-C6D8-44AB-BF58-9884BB844C2A@xxxxxxxxxxxxx>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:229327
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>Dear Jenny,
>
>It seemed the DCOM error kept coming back again... it's more obvious
>whenever I restarted the server.
>Plus I've recognized that there's an user account in SBS 2003 which reside
>at Security Groups, the user name is: CERTSVC_DCOM_ACCESS...
>Perhaps you can help me again?
>Thanks!
>
>""Jenny wu [MSFT]"" wrote:
>
>> Hi,
>>
>> I have researched your issue for some time, the solution should can
resolve
>> your issue. Just to test and let me know the result.
>>
>> The problem may be caused by some application that changed Windows
default
>> permissions settings, especially some third party Anti-virus
applications.
>> You can monitor your server for a long time to see if the issue would
>> happen again. Based on my experienced, it will not happen over and over.
>>
>> I am happy to be assistance of you and please let me know if you have
>> further question on the issue-)!
>>
>> Have a nice day!
>>
>> Sincerely,
>>
>> Jenny Wu
>
.
- References:
- RE: DCOM error...
- From: "Jenny wu [MSFT]"
- RE: DCOM error...
- From: "Jenny wu [MSFT]"
- RE: DCOM error...
- Prev by Date: Re: Join existing TS to SBS 2003
- Next by Date: RE: smarthosts and fwding outgoing mail to isp mail server
- Previous by thread: RE: DCOM error...
- Next by thread: RE: DCOM error...
- Index(es):
Relevant Pages
|
