Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

DCOM (it_GenericSnmp) logon error every ten seconds

Avatar of epitec
epitecFlag for United States of America asked on
Programming Languages-OtherMicrosoft IIS Web ServerWindows Server 2003
2 Comments1 Solution1549 ViewsLast Modified:
Hi,

I'm trying to track down the source of this error and fix it, so my logs can live in peace.  Every ten seconds, we're getting three errors on our application/SQL server (one in the System log, two in the Security log).  This server also runs IIS (Sharepoint Server 2007 and our company Web sites).  I tried looking up the error in the Microsoft link provided at the bottom of the error.  It was less than helpful.

The System error is below:
____________________________
Event Type:      Error
Event Source:      DCOM
Event Category:      None
Event ID:      10004
Date:            7/15/2008
Time:            11:10:23 AM
User:            N/A
Computer:      <servername>
Description:
DCOM got error "Logon failure: unknown user name or bad password. " and was unable to logon .\it_GenericSnmp in order to run the server:
{1DC2A582-3AC9-11D1-A1E5-AE25DE000000}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
____________________________________
I looked up the server string in the registry; it's just called GenericSnmp, with a hex string for AccessPermission and RunAs "it_GenericSnmp"... but I still have no idea what it is, why it's being used, and how to stop the errors.

The Security log shows these:
______________________________________
Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            7/15/2008
Time:            11:16:23 AM
User:            NT AUTHORITY\SYSTEM
Computer:      <servername>
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      it_GenericSnmp
       Domain:            <servername>
       Logon Type:      4
       Logon Process:      DCOMSCM
       Authentication Package:      Negotiate
       Workstation Name:      <servername>
       Caller User Name:      <servername$>
       Caller Domain:      <domainname>
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      804
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
______________________________________
Event Type:      Failure Audit
Event Source:      Security
Event Category:      Account Logon
Event ID:      680
Date:            7/15/2008
Time:            11:16:23 AM
User:            NT AUTHORITY\SYSTEM
Computer:      <servername>
Description:
Logon attempt by:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
 Logon account:      it_GenericSnmp
 Source Workstation:      <servername>
 Error Code:      0xC0000064

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
_______________________________________
I googled DCOMSCM - I still don't know what it is, but I found its default location (C:\Program Files\Microsoft SQL Server\80\Tools\binn).  It's not there on this server, so I ran a search for the file, and the only things it pulled up are four copies of "dcomscm.exe.cc1a8c58_27d1_4d38_bf1b_c0a5cbb90616" from SQLRUN.CAB, (two on the file drive - in I386 and in an MSDE folder - and two under C:\WINDOWS\ServicePackFiles).  I don't know if this apparently missing file could be part of the problem, but there's that, for what it's worth.

From the second security error, I found that the error code means the account doesn't exist (http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows%20Operating%20System&ProdVer=5.2&EvtID=680&EvtSrc=Security&LCID=1033).  This would make sense then that we're getting this error, but why is this missing, and what is it supposed to do in the first place?

Anyone who can help will be my hero.  These errors are driving me nuts.  TIA for any proposed solutions!
ASKER CERTIFIED SOLUTION
Avatar of epitec
epitecFlag of United States of America image

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Commented:
This problem has been solved!
Unlock 1 Answer and 2 Comments.
See Answers