Avatar of Dbredes
 asked on

sbs console reports server firewall turned off

Okay new install of sbs 2008 been up & running a couple of weeks

the day before delivering server and workstations installed symantec endpint 12 as unmanaged  and also maill security for exchange

the next day I noticed the sbs console was reporting that the firewall was turned off

every time I check on the server..it's the same thing...the sbs server reports critical errors and the firewall is turned off

I tickled this for later followup with symantec
because it shows on the console the users are starting to ask about it....
so today I spoke to tech support for symantec mail security - thinking this was the culprit

but they say no that they have never heard of the problem.

today I reset the firewall - whcih by itself doesn't clear the error - you have to reset the rules back to defaults which is part of the sbs console - which clears the error in the console

just so you know...
Outlook on wkstns - all mail is pop  through godaddy...no pop connectors etc in exchange
exchange was needed so that the 2 users could share their outlook calendars - which they are very happy with
We haven't configured sharepoint or sql anymore than what the normal install does.
the users run a simple app off the server and they also use the server for a central file repository for documents
until installing this server they had been using a novell file server that we built for them 10 yrs ago
there are 2 users and 3 workstations

in the logs I see dcom errors...but I haven't found an event that says anything about turning off the firewall... the dcom errors seem to be in a set of 4-xx errors nightly between 2am and 4am event id 10016 source DistributedCOM
through sbs console updates are pushing to clients...and it is working ..server gets updates at 2am workstations at 4am

last night there were 9  errors
All identical all at the exact same time
source 10016 source DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {61738644-F196-11D0-9953-00C04FD919C1} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

The number of DCOM errors changes from night to night...if it were related to updates then possibly the number changes based on the number of updates? Just a guess...

Don't know if this has anything to do with the firewall..this just happens to be the only  errors happening at night

Big points if someone can help me figure this out

SBSMicrosoft Server OS

Avatar of undefined
Last Comment

8/22/2022 - Mon

Okay been researching the DistributedCOM error

The classid referenced is IIS WAMREG Admin Service
So following a technote similar to the one listed on experts exchange
Ran dcomcnfg
Found IIS WAMREG Admin Service - right click chose properties  
Under security - under launch permissions
I added network service and gave it local launch and local activation permissions

Hope this resolves the error

However it tends to indicate that the dcom error has nothing to do with firewall issues

1) Does it look like I handled the dcom error correctly?
2) Any ideas on the firewall problem

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.

Oh My - I believe that you hit on the problem.  The firewall problem didn't start unted after SEP was installed.  I opened a case with symantec but the app support I went to was the exchange protection;  After your post I searched on SEP and SBS 2008 and firewall.

I found Symantec TECH95700 and guess what?.... it's my problem. I unchecked the local area connection...But, It would seem to me that SBS Console would still complain ...this time that my firewall is not configured with recommended settings. I refreshed the console...but it didn't query security....so.... sp far so good.

II'll change the report so that it generates again today....

You may get points  :-)

Symantec technote TECH971527 was the fix...While the guru that answered didn't hit on exactly this technote... His comment refocused my attention on SEP..... SEP 10.1 didn't have a firewall component.   I was unaware that the network section of SEP was the SEP firewall. His comment sent me researching SEP again...and there it was...my problem.

Good Job
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes

Oops I wrote the wrong technote number please look for symantec technote 95700...the previous number 971527 is the MS technote regarding the STORFLT error I mentioned in the post.  

The path to the Symantec technote is

Hope this saves someone else the hours that I put into this...