Re: DCOM 10009 errors on SBS2008 with NAS
- From: Susan Bradley <sbradcpa@xxxxxxxxxxx>
- Date: Fri, 12 Dec 2008 14:59:36 -0800
Let me rephrase,Was that OU under the MyBusiness\Computers OU?
mlai wrote:
The NAS OU was NEVER in SBSComputers to begin with..
"Susan Bradley" wrote:
As a test did you merely move the unit out of the SBSComputers OU?
mlai wrote:I have created a rule on the server to allow all outgoing and incoming ports to/from the NAS IP. And the error still happens.
The fix seems to be marking the computer account for the NAS as an NT4 computer. I have deleted the NAS computer acount from the AD. Recreated the computer account but this time, marking the computer as Pre-Windows 2000 computer. Seems that the DS207+ still operates fine with AD logons and no more DCOM 10009 errors since the change in the event log of the SBS2008 machine.
"Susan Bradley" wrote:
That SBS box now has a firewall that you can't disable. A specific route needs to be built between that NAS and the SBS box.
1. fire up a sniffer and see exactly what traffic is going between the NAS and the server.
2. Build a firewall rule to match the traffic that is going between the two.
mlai wrote:Susan,
This really doesn't make sense to me. The article is talking about openning ports on the client machines (and applying GP) to allow remote management. For one thing, there is no firewall on the NAS to begin with. Second, the NAS is not running windows and thus will not be able to process remote management requests anyway.
What difference will this make?
"Susan Bradley" wrote:
Try this, make a specific GP rule that allows the ports to that NAS unit.
SAMBA is still file and printer sharing.
mlai wrote:Yes. As I mentioned, this will work on a windows based machine but not samba based NAS.....
"Susan Bradley" wrote:
mlai wrote:Yes I have already read thru that but that pertains to Windows based clients only and not SAMBA clients, which a lot of NAS are based. Besides, there were no DCOM 10009 errors on the old SBS2003 machine......And this is SBS 2008 where the firewall is different.
"Susan Bradley" wrote:
mlai wrote:I have just migrated from SBS2003 to SBS2008. Everything looks ok. Except the two NAS (Synology DS207+) that I have on the network. Actually, even they work fine with the upgraded SBS2008 Domain. However, on the SBS2008 box, I get a cluster of DCOM10009 errors every 30 mins or so pointing to communication issues with the 2 NAS boxes. However, other operations (authentications from the NAS) are fine and the users can use the domain credentials on the boxes.DCOM Event 10009
So, what can I do to resolve the DCOM 10009 errors on the SBS2008 machine?
Problem: The DCOM event id 10009 will occur when a client workstation has a miss-configured firewall or other issues affecting its network communications within the domain, for example if the workstation is not managed by an SBS GPO. In this scenario, the DCOM event 10009 will happen repeatedly, potentially hundreds per day.
Resolution: To attempt to resolve configuration issues with the firewall try the following:
· Make sure to allow remote management exception. Depending on your firewall solution this might be implemented or might require opening several ports. Unfortunately, this means opening common ports like TCP/135, TCP/139 but also a range of dynamic ports that cannot easily be defined and start at 1025, check with your firewall manufacturer for proper ways of allowing dynamic RPC traffic.
· If using OneCare on the SBS client machines, make sure you are using the Small Business version of Windows Live OneCare. The Small Business version has a default set of firewall port exceptions as required by SBS to monitor the client workstations.
· If the workstation is on a different subnet than the SBS server and it is running Windows XP SP2 or higher, the firewall exceptions provided by the SBS group policies will not properly allow the required connectivity. You should edit the Client XP GPO and change the scope of the rules to allow subnet + the internal IP of the server. Follow the extra steps below to properly monitor XP SP2 (or higher) machines running in the SBS domain on different subnets than the SBS server, and prevent the DCOM 10009 errors if that is the case.
1. Open GPMC.MSC from Start-Run
2. Accept the UAC prompt
3. Expand Forest: Domain.local, Domains, Domain.local and select Group Policy Objects. (Replace Domain.local with your domain)
4. Select the Windows SBS Client – Windows XP Policy and then use right click on your mouse and select edit
5. Expand Computer Configuration, Policies, Administrative Templates, Network, Network Connections, Windows Firewall, Domain Profile
6. Find the IP Address of the server: Open a command prompt window (cmd.exe) from the Start menu. In the command prompt window type IPConfig and press return. Make note of the IPv4 address listed.
7. Double click on: Windows Firewall: “Allow inbound file and printer sharing exception”
a. in the text box labeled “Allow unsolicited incoming messages from these IP addresses”, add the IP (IPv4) of the server, so if the IP of the server is 192.168.1.2, it would end up reading: localsubnet,192.168.1.2
b. Click Ok
8. Repeat Steps 6.a and 6.b for the following rules:
Windows Firewall: Allow inbound remote administration exception
Windows Firewall: Allow inbound remote desktop exceptions
http://blogs.technet.com/sbs/archive/2008/08/26/known-post-installation-event-errors-in-sbs-2008-and-how-to-resolve-them.aspx
It's the same issue per my read.
- References:
- Re: DCOM 10009 errors on SBS2008 with NAS
- From: mlai
- Re: DCOM 10009 errors on SBS2008 with NAS
- From: Susan Bradley
- Re: DCOM 10009 errors on SBS2008 with NAS
- From: mlai
- Re: DCOM 10009 errors on SBS2008 with NAS
- Prev by Date: Re: Blackberry & Exchange
- Next by Date: Re: Windows SBS 2003 Server Service Stopping
- Previous by thread: Re: DCOM 10009 errors on SBS2008 with NAS
- Next by thread: WSUS 3.0 update
- Index(es):
Relevant Pages
|
