Dbredes
asked on
sbs console reports server firewall turned off
Okay new install of sbs 2008 been up & running a couple of weeks
the day before delivering server and workstations installed symantec endpint 12 as unmanaged and also maill security for exchange 6.5.5.255
the next day I noticed the sbs console was reporting that the firewall was turned off
every time I check on the server..it's the same thing...the sbs server reports critical errors and the firewall is turned off
I tickled this for later followup with symantec
because it shows on the console the users are starting to ask about it....
so today I spoke to tech support for symantec mail security - thinking this was the culprit
but they say no that they have never heard of the problem.
today I reset the firewall - whcih by itself doesn't clear the error - you have to reset the rules back to defaults which is part of the sbs console - which clears the error in the console
just so you know...
Outlook on wkstns - all mail is pop through godaddy...no pop connectors etc in exchange
exchange was needed so that the 2 users could share their outlook calendars - which they are very happy with
We haven't configured sharepoint or sql anymore than what the normal install does.
the users run a simple app off the server and they also use the server for a central file repository for documents
until installing this server they had been using a novell file server that we built for them 10 yrs ago
there are 2 users and 3 workstations
in the logs I see dcom errors...but I haven't found an event that says anything about turning off the firewall... the dcom errors seem to be in a set of 4-xx errors nightly between 2am and 4am event id 10016 source DistributedCOM
through sbs console updates are pushing to clients...and it is working ..server gets updates at 2am workstations at 4am
last night there were 9 errors
All identical all at the exact same time
source 10016 source DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {61738644-F196-11D0-9953-0
The number of DCOM errors changes from night to night...if it were related to updates then possibly the number changes based on the number of updates? Just a guess...
Don't know if this has anything to do with the firewall..this just happens to be the only errors happening at night
Big points if someone can help me figure this out
the day before delivering server and workstations installed symantec endpint 12 as unmanaged and also maill security for exchange 6.5.5.255
the next day I noticed the sbs console was reporting that the firewall was turned off
every time I check on the server..it's the same thing...the sbs server reports critical errors and the firewall is turned off
I tickled this for later followup with symantec
because it shows on the console the users are starting to ask about it....
so today I spoke to tech support for symantec mail security - thinking this was the culprit
but they say no that they have never heard of the problem.
today I reset the firewall - whcih by itself doesn't clear the error - you have to reset the rules back to defaults which is part of the sbs console - which clears the error in the console
just so you know...
Outlook on wkstns - all mail is pop through godaddy...no pop connectors etc in exchange
exchange was needed so that the 2 users could share their outlook calendars - which they are very happy with
We haven't configured sharepoint or sql anymore than what the normal install does.
the users run a simple app off the server and they also use the server for a central file repository for documents
until installing this server they had been using a novell file server that we built for them 10 yrs ago
there are 2 users and 3 workstations
in the logs I see dcom errors...but I haven't found an event that says anything about turning off the firewall... the dcom errors seem to be in a set of 4-xx errors nightly between 2am and 4am event id 10016 source DistributedCOM
through sbs console updates are pushing to clients...and it is working ..server gets updates at 2am workstations at 4am
last night there were 9 errors
All identical all at the exact same time
source 10016 source DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {61738644-F196-11D0-9953-0
The number of DCOM errors changes from night to night...if it were related to updates then possibly the number changes based on the number of updates? Just a guess...
Don't know if this has anything to do with the firewall..this just happens to be the only errors happening at night
Big points if someone can help me figure this out
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Oh My - I believe that you hit on the problem. The firewall problem didn't start unted after SEP was installed. I opened a case with symantec but the app support I went to was the exchange protection; After your post I searched on SEP and SBS 2008 and firewall.
I found Symantec TECH95700 and guess what?.... it's my problem. I unchecked the local area connection...But, It would seem to me that SBS Console would still complain ...this time that my firewall is not configured with recommended settings. I refreshed the console...but it didn't query security....so.... sp far so good.
II'll change the report so that it generates again today....
You may get points :-)
I found Symantec TECH95700 and guess what?.... it's my problem. I unchecked the local area connection...But, It would seem to me that SBS Console would still complain ...this time that my firewall is not configured with recommended settings. I refreshed the console...but it didn't query security....so.... sp far so good.
II'll change the report so that it generates again today....
You may get points :-)
ASKER
Symantec technote TECH971527 was the fix...While the guru that answered didn't hit on exactly this technote... His comment refocused my attention on SEP..... SEP 10.1 didn't have a firewall component. I was unaware that the network section of SEP was the SEP firewall. His comment sent me researching SEP again...and there it was...my problem.
Good Job
Good Job
ASKER
Oops I wrote the wrong technote number please look for symantec technote 95700...the previous number 971527 is the MS technote regarding the STORFLT error I mentioned in the post.
The path to the Symantec technote is
http://www.symantec.com/docs/tech95700
Hope this saves someone else the hours that I put into this...
The path to the Symantec technote is
http://www.symantec.com/docs/tech95700
Hope this saves someone else the hours that I put into this...
ASKER
The classid referenced is IIS WAMREG Admin Service
So following a technote similar to the one listed on experts exchange
Ran dcomcnfg
Found IIS WAMREG Admin Service - right click chose properties
Under security - under launch permissions
I added network service and gave it local launch and local activation permissions
Hope this resolves the error
However it tends to indicate that the dcom error has nothing to do with firewall issues
1) Does it look like I handled the dcom error correctly?
2) Any ideas on the firewall problem