Re: DCOM 10009 errors on SBS2008 with NAS

Yes I have already read thru that but that pertains to Windows based clients
only and not SAMBA clients, which a lot of NAS are based. Besides, there
were no DCOM 10009 errors on the old SBS2003 machine......

"Susan Bradley" wrote:

mlai wrote:
I have just migrated from SBS2003 to SBS2008. Everything looks ok. Except
the two NAS (Synology DS207+) that I have on the network. Actually, even
they work fine with the upgraded SBS2008 Domain. However, on the SBS2008
box, I get a cluster of DCOM10009 errors every 30 mins or so pointing to
communication issues with the 2 NAS boxes. However, other operations
(authentications from the NAS) are fine and the users can use the domain
credentials on the boxes.

So, what can I do to resolve the DCOM 10009 errors on the SBS2008 machine?
DCOM Event 10009
Problem: The DCOM event id 10009 will occur when a client workstation
has a miss-configured firewall or other issues affecting its network
communications within the domain, for example if the workstation is not
managed by an SBS GPO. In this scenario, the DCOM event 10009 will
happen repeatedly, potentially hundreds per day.
Resolution: To attempt to resolve configuration issues with the firewall
try the following:

· Make sure to allow remote management exception. Depending on your
firewall solution this might be implemented or might require opening
several ports. Unfortunately, this means opening common ports like
TCP/135, TCP/139 but also a range of dynamic ports that cannot easily be
defined and start at 1025, check with your firewall manufacturer for
proper ways of allowing dynamic RPC traffic.
· If using OneCare on the SBS client machines, make sure you are using
the Small Business version of Windows Live OneCare. The Small Business
version has a default set of firewall port exceptions as required by SBS
to monitor the client workstations.
· If the workstation is on a different subnet than the SBS server and it
is running Windows XP SP2 or higher, the firewall exceptions provided by
the SBS group policies will not properly allow the required
connectivity. You should edit the Client XP GPO and change the scope of
the rules to allow subnet + the internal IP of the server. Follow the
extra steps below to properly monitor XP SP2 (or higher) machines
running in the SBS domain on different subnets than the SBS server, and
prevent the DCOM 10009 errors if that is the case.

1. Open GPMC.MSC from Start-Run
2. Accept the UAC prompt
3. Expand Forest: Domain.local, Domains, Domain.local and select Group
Policy Objects. (Replace Domain.local with your domain)
4. Select the Windows SBS Client – Windows XP Policy and then use right
click on your mouse and select edit
5. Expand Computer Configuration, Policies, Administrative Templates,
Network, Network Connections, Windows Firewall, Domain Profile
6. Find the IP Address of the server: Open a command prompt window
(cmd.exe) from the Start menu. In the command prompt window type
IPConfig and press return. Make note of the IPv4 address listed.
7. Double click on: Windows Firewall: “Allow inbound file and printer
sharing exception”
a. in the text box labeled “Allow unsolicited incoming messages from
these IP addresses”, add the IP (IPv4) of the server, so if the IP of
the server is 192.168.1.2, it would end up reading: localsubnet,192.168.1.2
b. Click Ok
8. Repeat Steps 6.a and 6.b for the following rules:
Windows Firewall: Allow inbound remote administration exception
Windows Firewall: Allow inbound remote desktop exceptions

http://blogs.technet.com/sbs/archive/2008/08/26/known-post-installation-event-errors-in-sbs-2008-and-how-to-resolve-them.aspx

.

Relevant Pages

  • Re: SBS VPN setup?
    ... And I'm reviewing if I need to do client notifications at that point. ... You purchase 2k3 PREMIUM and that comes with ISA to handle the firewall duties. ... SBS plugs into a switch with the other computers and the switch is plugged into a firewall appliance with 2-nics. ... To compare apples to apples, let us assume there is a network setup as I outlined above...and the firewall appliance is an ISA server, such as those available from Celestix. ...
    (microsoft.public.windows.server.sbs)
  • RE: Fax console GPO
    ... configure the clients' firewall by SBS GPO to allow Fax Console traffic. ... First, please try to directly disable Windows Firewall on one workstation, ... Firewall'' on SBS to configure the firewall on client. ...
    (microsoft.public.windows.server.sbs)
  • Re: Printers disappearing
    ... Computer (client) as the end user wasn't familiar with that. ... When the printer is listed in directory, using AddPrinter wizard, network, ... Suggestion 1: The SBS Way: ... printer published in Active Directory to client computers running Windows ...
    (microsoft.public.windows.server.sbs)
  • Re: Fax service is not working
    ... Les Connor [SBS MVP] ... If you see my thread on "Cumulative Security Update for Internet Explorer 7 for Windows Server 2003, it was the Microsoft advice to run the FixIt which caused this problem. ... Integration\Windows Small Business Server 2003\Logs''. ... to assign fax client to the Windows Vista client: ...
    (microsoft.public.windows.server.sbs)
  • RE: File Sharing from Client to SBS2003 Problem
    ... I installed the patchs and when I disable the Windows firewall, ... access the files and printers from the Server. ... Logon and logoff your client and test your issue again. ...
    (microsoft.public.windows.server.sbs)
Loading