DCOM event ID 10009 errors
|
From: yaro137 on 9 Mar 2010 13:19 I'm getting lots of DCOM was unable to communicate with the computer computer.DOMAIN.local using any of the configured protocols on a swinged SBS 2008 box. Checking the GUID of the DCOM points to oleres.dll. This happens on other SBS 2008 servers as well accompanied by some Kerberos errors saying The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server vista$. The target name used was RPCSS/computer.DOMAIN.local. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (DOMAIN.LOCAL) is different from the client domain (DOMAIN.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server. What do you make of it? No user complains but any idea what could this be? yaro
From: Ace Fekay [MVP-DS, MCT] on 9 Mar 2010 21:27 "yaro137" <yaro137(a)googlemail.com> wrote in message news:40785746-e62b-404a-97c5-5a799292d4cb(a)d27g2000yqf.googlegroups.com... > I'm getting lots of > > DCOM was unable to communicate with the computer > computer.DOMAIN.local using any of the configured protocols > > on a swinged SBS 2008 box. Checking the GUID of the DCOM points to > oleres.dll. This happens on other SBS 2008 servers as well accompanied > by some Kerberos errors saying > > The Kerberos client received a KRB_AP_ERR_MODIFIED error from the > server vista$. The target name used was RPCSS/computer.DOMAIN.local. > This indicates that the target server failed to decrypt the ticket > provided by the client. This can occur when the target server > principal name (SPN) is registered on an account other than the > account the target service is using. Please ensure that the target SPN > is registered on, and only registered on, the account used by the > server. This error can also happen when the target service is using a > different password for the target service account than what the > Kerberos Key Distribution Center (KDC) has for the target service > account. Please ensure that the service on the server and the KDC are > both updated to use the current password. If the server name is not > fully qualified, and the target domain (DOMAIN.LOCAL) is different > from the client domain (DOMAIN.LOCAL), check if there are identically > named server accounts in these two domains, or use the fully-qualified > name to identify the server. > > > What do you make of it? No user complains but any idea what could this > be? > yaro It could be any number of things. Maybe disjoining that workstation (assuming Vista$) and rejoining it. Have you seen this? If so,did you find it helpful? http://eventid.net/display.asp?eventid=10009&eventno=579&source=DCOM&phase=1 -- Ace This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution. Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP - Directory Services If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
From: yaro137 on 11 Mar 2010 06:02 On Mar 10, 2:27 am, "Ace Fekay [MVP-DS, MCT]" <ace...(a)mvps.RemoveThisPart.org> wrote: > "yaro137" <yaro...(a)googlemail.com> wrote in messagenews:40785746-e62b-404a-97c5-5a799292d4cb(a)d27g2000yqf.googlegroups.com... > > I'm getting lots of > > > DCOM was unable to communicate with the computer > > computer.DOMAIN.local using any of the configured protocols > > > on a swinged SBS 2008 box. Checking the GUID of the DCOM points to > > oleres.dll. This happens on other SBS 2008 servers as well accompanied > > by some Kerberos errors saying > > > The Kerberos client received a KRB_AP_ERR_MODIFIED error from the > > server vista$. The target name used was RPCSS/computer.DOMAIN.local. > > This indicates that the target server failed to decrypt the ticket > > provided by the client. This can occur when the target server > > principal name (SPN) is registered on an account other than the > > account the target service is using. Please ensure that the target SPN > > is registered on, and only registered on, the account used by the > > server. This error can also happen when the target service is using a > > different password for the target service account than what the > > Kerberos Key Distribution Center (KDC) has for the target service > > account. Please ensure that the service on the server and the KDC are > > both updated to use the current password. If the server name is not > > fully qualified, and the target domain (DOMAIN.LOCAL) is different > > from the client domain (DOMAIN.LOCAL), check if there are identically > > named server accounts in these two domains, or use the fully-qualified > > name to identify the server. > > > What do you make of it? No user complains but any idea what could this > > be? > > yaro > > It could be any number of things. Maybe disjoining that workstation (assuming Vista$) and rejoining it. > > Have you seen this? If so,did you find it helpful?http://eventid.net/display.asp?eventid=10009&eventno=579&source=DCOM&... > > -- > Ace > > This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. > > Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution. > > Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003 > Microsoft Certified Trainer > Microsoft MVP - Directory Services > > If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please checkhttp://support.microsoft.comfor regional support phone numbers. Yes, I've seen it and it doesn't help. It's not only one computer that's mentioned in this log but probably half of all of the computers on the network. I'm wandering now if it's not related to a firewall as the SBS console can't display all the info regarding the status of many of these computers. The server is set up to allow this traffic but some of the clients may not be. I'll have to checks that and then get back here. Thanks yaro
From: Ace Fekay [MVP-DS, MCT] on 11 Mar 2010 11:47 > On Mar 10, 2:27�am, "Ace Fekay [MVP-DS, MCT]" > <ace...(a)mvps.RemoveThisPart.org> wrote: >> "yaro137" <yaro...(a)googlemail.com> wrote in >> messagenews:40785746-e62b-404a-97c5-5a799292d4cb(a)d27g2000yqf.googlegroups.com... >>> I'm getting lots of >> >>> DCOM was unable to communicate with the computer >>> computer.DOMAIN.local using any of the configured protocols >>> on a swinged SBS 2008 box. Checking the GUID of the DCOM points to >>> oleres.dll. This happens on other SBS 2008 servers as well accompanied >>> by some Kerberos errors saying >> >>> The Kerberos client received a KRB_AP_ERR_MODIFIED error from the >>> server vista$. The target name used was RPCSS/computer.DOMAIN.local. >>> This indicates that the target server failed to decrypt the ticket >>> provided by the client. This can occur when the target server >>> principal name (SPN) is registered on an account other than the >>> account the target service is using. Please ensure that the target SPN >>> is registered on, and only registered on, the account used by the >>> server. This error can also happen when the target service is using a >>> different password for the target service account than what the >>> Kerberos Key Distribution Center (KDC) has for the target service >>> account. Please ensure that the service on the server and the KDC are >>> both updated to use the current password. If the server name is not >>> fully qualified, and the target domain (DOMAIN.LOCAL) is different >>> from the client domain (DOMAIN.LOCAL), check if there are identically >>> named server accounts in these two domains, or use the fully-qualified >>> name to identify the server. >> >>> What do you make of it? No user complains but any idea what could this >>> be? >>> yaro >> >> It could be any number of things. Maybe disjoining that workstation >> (assuming Vista$) and rejoining it. >> >> Have you seen this? If so,did you find it >> helpful?http://eventid.net/display.asp?eventid=10009&eventno=579&source=DCOM&... >> >> -- >> Ace >> >> This posting is provided "AS-IS" with no warranties or guarantees and >> confers no rights. >> >> Please reply back to the newsgroup or forum for collaboration benefit among >> responding engineers, and to help others benefit from your resolution. >> >> Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & >> MCSA 2003/2000, MCSA Messaging 2003 Microsoft Certified Trainer >> Microsoft MVP - Directory Services >> >> If you feel this is an urgent issue and require immediate assistance, please >> contact Microsoft PSS directly. Please checkhttp://support.microsoft.comfor >> regional support phone numbers. > > Yes, I've seen it and it doesn't help. It's not only one computer > that's mentioned in this log but probably half of all of the computers > on the network. I'm wandering now if it's not related to a firewall as > the SBS console can't display all the info > regarding the status of many of these computers. The server is set up > to allow this traffic but some of the clients may not be. I'll have to > checks that and then get back here. Thanks > yaro Ok, sounds good. Check the Windows firewall, or any third party security app installed. Ace -- Ace This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution. Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP - Directory Services If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
From: "Robbin Meng [MSFT]" on 11 Mar 2010 22:45 Hi yaro, Thanks for your post and Ace's input. The error that you mentioned in the "Symptoms" section is frequently a network communications error. The following are possible causes of this error: o Name resolution errors are occurring. o All TCP ports on the server are being used. o TCP port collisions are occurring. To troubleshoot DCOM 10009 errors, use the following methods. Method 1: Verify that name resolution is working correctly The activation page for a COM+ proxy application contains a Remote Server Name (RSN) property. The RSN property can be an IP address, a Fully Qualified Domain Name (FQDN), or a NetBIOS name. To troubleshoot this issue, use the ping command to test connectivity to the remote server by using the IP address, the FQDN, and the NetBIOS name. Method 2: Verify TCP port usage When a client makes DCOM calls to a COM+ server application, each connection may use a different TCP port. Therefore, all TCP ports on the server may be used. When this condition occurs, the server cannot accept additional connections. For more information about how to determine TCP port usage when you troubleshoot TCP/IP connectivity issues, click the following article numbers to view the articles in the Microsoft Knowledge Base: KB832919 New features and functionality in PortQry version 2.0 KB301512 Many TCP connections are established for COM+ proxy/stub Method 3: Verify basic network connectivity to troubleshoot TCP collision issues For more information about how use basic network troubleshooting to resolve TCP collision errors, click the following article number to view the article in the Knowledge Base: KB325487 How to troubleshoot network connectivity problems More information about Event 10009 in SBS 2008 server: "Windows SBS 2008 Known Post Installation Event Errors" http://support.microsoft.com/kb/957713 Hope this helps. Best regards, Robbin Meng(MSFT) Microsoft Online Newsgroup Support ================================================================== Please post your SBS 2008 related questions to the SBS newsgroup on Connect website: https://connect.microsoft.com/sbs08/community/discussion/richui/default.aspx Please post your EBS related questions to the EBS newsgroup on Connect website: https://connect.microsoft.com/ebs08/community/discussion/richui/default.aspx If you want to use a newsreader other than a web forum to access these newsgroups, please refer to the following blog to apply NNTP password and configure a newsreader: http://msmvps.com/blogs/bradley/archive/2008/11/02/signing-up-for-the-sbs-2008-newsgroups.aspx ================================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue. ================================================================== This posting is provided "AS IS" with no warranties, and confers no rights. ==================================================================
|
Next
|
Last
Pages: 1 2 Prev: an error occurred while configuring a component Next: 4125 RWW Not working Properly |