GRV001
asked on
Event Id 1004 dcom help needed
I am getting the following error in the logs every 15 seconds approximately
DCOM got error "Logon failure: unknown user name or bad password. " and was unable to logon domain/user in order to run the server:
It is a windows 2000 box with exchange 2003
I have tried http://support.microsoft.com/kb/255770 with no luck any suggestions?
DCOM got error "Logon failure: unknown user name or bad password. " and was unable to logon domain/user in order to run the server:
It is a windows 2000 box with exchange 2003
I have tried http://support.microsoft.com/kb/255770 with no luck any suggestions?
Nirmal Sharma
Try running Synciwam.vbs from \Inetpub\AdminScripts directory.
ASKER
I did that with no results
What DCOM Server is it trying to run, does it mention?
ASKER
the only reference of a server is itself in the event
Is it referenced as a CLSID ? Looks something like this?
{00000107-0000-0010-8000-0
You can do a search in the registry under this key
HKEY_CLASSES_ROOT\CLSID
for the CLSID in the error, and get the value for it...Look at the subkey InprocServer32, and you will see a path under the Default Value......
This might help us pinpoint where the problem is.....
{00000107-0000-0010-8000-0
You can do a search in the registry under this key
HKEY_CLASSES_ROOT\CLSID
for the CLSID in the error, and get the value for it...Look at the subkey InprocServer32, and you will see a path under the Default Value......
This might help us pinpoint where the problem is.....
ASKER
Ok I a little confused
the spot i can find reference to this within the registry is
hkey_current_user/software
there is a string in there with a value of 1 called 888FC943-CB7D-43E7-BB64-90
the spot i can find reference to this within the registry is
hkey_current_user/software
there is a string in there with a value of 1 called 888FC943-CB7D-43E7-BB64-90
888FC943-CB7D-43E7-BB64-90
is referenced in that DCOM error in the log, right?
is referenced in that DCOM error in the log, right?
ASKER
Yes
Ok, this is a kinda an "out in left field' idea....Obviously there is a DCOM server thats trying to authenticate to something....Obviously using cached credentials that are outdated, or as an anonymous user(domains dont like 'anonymous' anything.....)
I would try and download ShellExView, and see if you can search on that CLSID, from the top it has a little magnifying glass that you click on and copy '888FC943-CB7D-43E7-BB64-9
ShellExView - Shell Extension Manager For Windows
http://www.nirsoft.net/utils/shexview.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also, has there been any recent password changes by the administrator account, or yours, when this started happening? It could be that a service is confugred to run with outdated credentials.......
By the way....
"It is a windows 2000 box with exchange 2003"
Is this the server were talking about or a workstation?
By the way....
"It is a windows 2000 box with exchange 2003"
Is this the server were talking about or a workstation?
And if it isnt the Services starting under bad credentials, go back to Compnent Services, and check those to see if any of those have the old credentials.....
ASKER
We are getting close. MailbasketMd is installed.
I got a meeting will change password when i get back
I am the SA but only been here a week, looks like we getting closer :)
I got a meeting will change password when i get back
I am the SA but only been here a week, looks like we getting closer :)