Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Event Id 1004 dcom help needed

Posted on 2006-11-20
13
Medium Priority
?
1,479 Views
Last Modified: 2012-08-13
I am getting the following error in the logs every 15 seconds approximately

DCOM got error "Logon failure: unknown user name or bad password. " and was unable to logon domain/user in order to run the server:

It is a windows 2000 box with exchange 2003

I have tried http://support.microsoft.com/kb/255770 with no luck any suggestions?
0
Comment
Question by:GRV001
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
13 Comments
 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 17984466
Try running Synciwam.vbs from \Inetpub\AdminScripts directory.
0
 
LVL 1

Author Comment

by:GRV001
ID: 17984978
I did that with no results
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 17989593
What DCOM Server is it trying to run, does it mention?
0
10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

 
LVL 1

Author Comment

by:GRV001
ID: 17990654
the only reference of a server is itself in the event
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 17990928
Is it referenced as a CLSID ? Looks something like this?
{00000107-0000-0010-8000-00AA006D2EA4}

You can do a search in the registry under this key

HKEY_CLASSES_ROOT\CLSID

for the CLSID in the error, and get the value for it...Look at the subkey InprocServer32, and you will see a path under the Default Value......

This might help us pinpoint where the problem is.....
0
 
LVL 1

Author Comment

by:GRV001
ID: 17991163
Ok I a little confused

the spot i can find reference to this within the registry is

hkey_current_user/software/Microsoft/Internet explorer/explorer bars

there is a string in there with a value of 1 called 888FC943-CB7D-43E7-BB64-905342B0D34D
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 17991294
888FC943-CB7D-43E7-BB64-905342B0D34D

is referenced in that DCOM error in the log, right?
0
 
LVL 1

Author Comment

by:GRV001
ID: 17991390
Yes
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 17991622

Ok, this is a kinda an "out in left field' idea....Obviously there is a DCOM server thats trying to authenticate to something....Obviously using cached credentials that are outdated, or as an anonymous user(domains dont like 'anonymous' anything.....)

I would try and download ShellExView, and see if you can search on that CLSID, from the top it has a little magnifying glass that you click on and copy '888FC943-CB7D-43E7-BB64-905342B0D34D' into it (no qoutes). Then if it gets a hit, make note of what it is....Were kinda curious to see what this little bugger is.....If you get a successful hit on it, you can safely right click it and select Disable.

ShellExView - Shell Extension Manager For Windows
http://www.nirsoft.net/utils/shexview.html
0
 
LVL 66

Accepted Solution

by:
johnb6767 earned 1200 total points
ID: 17991687
Ok, did some more research, and it might be a COM+ Object.....

Do you use the MailbasketMD program?

If so, go to Control Panel>Component Services>Com+ Applications>MailbasketMD and configure a new password for it....

Same exact issue here....
http://64.233.187.104/search?q=cache:1as4pdn1a3oJ:forums.techarena.in/showthread.php%3Ft%3D592399+888FC943-CB7D&hl=en&gl=us&ct=clnk&cd=4

and here, just different solution.....
http://64.233.187.104/search?q=cache:9EFdB0Vb110J:www.smallbizserver.net/Forum/tabid/53/view/topic/forumid/11/postid/4751/Default.aspx+888FC943-CB7D&hl=en&gl=us&ct=clnk&cd=2

I am windering if it would be possible for the Admin who has access to the Server (Not sure if you are the SA or not), go to the registry on the box and do a search for that GUID '888FC943-CB7D-43E7-BB64-905342B0D34D'

0
 
LVL 66

Expert Comment

by:johnb6767
ID: 17991702
Also, has there been any recent password changes by the administrator account, or yours, when this started happening? It could be that a service is confugred to run with outdated credentials.......

By the way....
"It is a windows 2000 box with exchange 2003"

Is this the server were talking about or a workstation?
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 17991710
And if it isnt the Services starting under bad credentials, go back to Compnent Services, and check those to see if any of those have the old credentials.....
0
 
LVL 1

Author Comment

by:GRV001
ID: 17991927
We are getting close. MailbasketMd is installed.
I got a meeting will change password when i get back

I am the SA but only been here a week, looks like we getting closer :)
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
When trying to connect from SSMS v17.x to a SQL Server Integration Services 2016 instance or previous version, you get the error “Connecting to the Integration Services service on the computer failed with the following error: 'The specified service …
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question