Trace DCOM

Event Viewer Error on DC Windows 2008 R2:

I am receiving the following error after the deletion of a Enterprise Sub CA. I went back through ADUC and cleaned it out follow the window's document but the error still appears 30+ times a day on my  main Domain controller.

"DCOM was unable to communicate with the computer using any of the configured protocols."
Event ID: 10009

I want to figure out a way to see why the DCOM is attempting to contact the computer. I am thinking either there are computers on the network with certs that are still looking to confirm validity and contact the DC to contact the SubCA. Is there a way to track request? Any ideas of what could be causing the error to be thrown?

Thanks for any help!

- <Event xmlns="">
- <System>
  <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
  <EventID Qualifiers="49152">10009</EventID>
  <TimeCreated SystemTime="2012-08-14T13:25:36.000000000Z" />
  <Correlation />
  <Execution ProcessID="0" ThreadID="0" />
  <Security />
- <EventData>
  <Data Name="param1"></Data>
Who is Participating?
TimMurpAuthor Commented:
Rebuilt my DC and the error no longer appears.
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

TimMurpAuthor Commented:
Hi Rancy,

Thanks for taking a look. However, still not seeing a solution

and ---

They tell me to go under regedit--> RPC and then DCOM, there isn't a sub folder with that name there. I have clientProtocols, extensions, and security service. It also doesn't say what to do if I found it there. ( I am assuming I am finding this on my DC)

I go through the steps of the first link but my DC computer is already set to TCP/IP. I am assuming then it is good to go. --this has to do with 2000 and xp. Also is changing the protocols which it was already established correctly.

I looked through the search you sent but most of them were the same as the case above and weren't fruitful. I am looking around component services for some type of solution. Is there a way to view where the DCOM request come from? The only solution I can find right now, isn't a solution which is to put on DNS forwarders. I feel like this is a bad a ignoring the problem.

I am beginning to wonder if the certs it originally issued are trying to verify still. I might run a startup script to remove all personal certifications if I can't find a solution to the DCOM.
TimMurpAuthor Commented:
I figured out how to do DNS logging:

This is the cause of the error:

8/15/2012 12:58:23 PM 09F8 PACKET  00000000025B9210 UDP Rcv ::1             6836   Q [0001   D   NOERROR] A      (5)SUBCA(12)Headquarters(4)xxx(3)org(0)
UDP question info at 00000000025B9210
  Socket = 336
  Remote addr ::1, port 58633
  Time Query=9828926, Queued=0, Expire=0
  Buf length = 0x0fa0 (4000)
  Msg length = 0x002d (45)
    XID       0x6836
    Flags     0x0100
      QR        0 (QUESTION)
      OPCODE    0 (QUERY)
      AA        0
      TC        0
      RD        1
      RA        0
      Z         0
      CD        0
      AD        0
      RCODE     0 (NOERROR)
    QCOUNT    1
    ACOUNT    0
    NSCOUNT   0
    ARCOUNT   0
    Offset = 0x000c, RR count = 0
    Name      "(5)SUBCA(12)Headquarters(4)xxxxx(3)org(0)"
      QTYPE   A (1)
      QCLASS  1

When this request happened for DNS the error appear in event viewer. I know ::1 is the loop back adapter for IPv6. However, I am unsure of what would cause this to be called. Any ideas?
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Ideally the Ipv4 is used not sure about ipv6.

- Rancy
TimMurpAuthor Commented:
Not sure if this is the only way but I had to do it for another reason. It most likely is a benign issue to begin with.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.