troubleshooting Question

sbs console reports server firewall turned off

Avatar of Dbredes
Dbredes asked on
SBSMicrosoft Server OS
5 Comments1 Solution1799 ViewsLast Modified:
Okay new install of sbs 2008 been up & running a couple of weeks

the day before delivering server and workstations installed symantec endpint 12 as unmanaged  and also maill security for exchange

the next day I noticed the sbs console was reporting that the firewall was turned off

every time I check on the's the same thing...the sbs server reports critical errors and the firewall is turned off

I tickled this for later followup with symantec
because it shows on the console the users are starting to ask about it....
so today I spoke to tech support for symantec mail security - thinking this was the culprit

but they say no that they have never heard of the problem.

today I reset the firewall - whcih by itself doesn't clear the error - you have to reset the rules back to defaults which is part of the sbs console - which clears the error in the console

just so you know...
Outlook on wkstns - all mail is pop  through pop connectors etc in exchange
exchange was needed so that the 2 users could share their outlook calendars - which they are very happy with
We haven't configured sharepoint or sql anymore than what the normal install does.
the users run a simple app off the server and they also use the server for a central file repository for documents
until installing this server they had been using a novell file server that we built for them 10 yrs ago
there are 2 users and 3 workstations

in the logs I see dcom errors...but I haven't found an event that says anything about turning off the firewall... the dcom errors seem to be in a set of 4-xx errors nightly between 2am and 4am event id 10016 source DistributedCOM
through sbs console updates are pushing to clients...and it is working ..server gets updates at 2am workstations at 4am

last night there were 9  errors
All identical all at the exact same time
source 10016 source DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {61738644-F196-11D0-9953-00C04FD919C1} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

The number of DCOM errors changes from night to night...if it were related to updates then possibly the number changes based on the number of updates? Just a guess...

Don't know if this has anything to do with the firewall..this just happens to be the only  errors happening at night

Big points if someone can help me figure this out


Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 5 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros