DCOM 10009 SBS 2011

We have got an SBS 2011 server that every half hour is generating the annoying dcom 10009 errors. It was affecting multiple windows 7 workstations, but I have resolved them by cleaning out the stale DNS entries. I also have one server that is generating the errors and it is a Window Server 2008 R2 Terminal Server.

I have confirmed that there are no other machines trying to use the same IP (set statically). There was a previous terminal server using the same address but I have removed it from AD and DNS)

I have attempted disabling the firewall on the 2008 server and the errors are still occuring.

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
  <EventID Qualifiers="49152">10009</EventID>
  <TimeCreated SystemTime="2013-10-04T06:03:25.000000000Z" />
  <Correlation />
  <Execution ProcessID="0" ThreadID="0" />
  <Security />
- <EventData>
  <Data Name="param1">VIV-SYD-TS-1.####.local</Data>
Who is Participating?
Cris HannaConnect With a Mentor Commented:
The Server needs to be move to the SBS Servers OU
Cris HannaCommented:
SBS 2008 Post installation Errors (applies to 2011 as well)

Were all workstations joined to the domain using the http://connect wizard?
Are all computer accounts in the SBSComputers OU?

2.1DCOM Event ID 10009:

Problem: The DCOM event ID 10009 will occur when a client workstation has a misconfigured firewall or other issues affecting its network communications within the domain. For example, if the workstation is not managed by an SBS GPO. In this scenario, the DCOM event ID 10009 will happen repeatedly, potentially hundreds per day.

Resolution: To attempt to resolve configuration issues with the firewall try the following:

•Make sure to allow remote management exception. Depending on your firewall solution this might be implemented or might require opening several ports. Unfortunately, this means opening common ports like TCP/135, TCP/139 but also a range of dynamic ports that cannot easily be defined and start at 1025. Check with your firewall manufacturer for the proper ways of allowing dynamic RPC traffic.

•If the workstation is on a different subnet than the SBS server and it is running Windows XP SP2 or higher, the firewall exceptions provided by the SBS group policies will not properly allow the required connectivity. You should edit the Client XP GPO and change the scope of the rules to allow subnet + the internal IP of the server. Follow the extra steps below to properly monitor XP SP2 (or higher) machines running in the SBS domain on different subnets than the SBS server, and prevent the DCOM event ID 10009 errors if that is the case.

1. Click Start, click Run, type GPMC.MSC, and click OK.

2. Click Continue on the UAC prompt.

3. Expand Forest: Domain.local, Domains, Domain.local and select Group Policy Objects. (Replace Domain.local with your domain)

4. Right-click the Windows SBS Client – Windows XP Policy and click Edit.

5. Expand Computer Configuration, Policies, Administrative Templates, Network, Network Connections, Windows Firewall, Domain Profile.

6. Find the IP Address of the server: Open a command prompt window (cmd.exe) from the Start menu. In the command prompt window type IPConfig and press return. Make note of the IPv4 address listed.

7. In the Group Policy Management Editor, double click Windows Firewall: Allow inbound file and printer sharing exception

a. In the text box labeled Allow unsolicited incoming messages from these IP addresses, add the IP (IPv4) of the server. For example, if the IP of the server is, the text box should read: localsubnet,

b. Click OK.

8. Repeat Steps 7.a and 7.b for the following rules:

Windows Firewall: Allow inbound remote administration exception

Windows Firewall: Allow inbound remote desktop exceptions
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

jaylaaAuthor Commented:
I"ve gone through the SBS 2008 post installation issues and the solutions suggested don't work. Also the workstations are all working, the remaining issue it a 2008 Server talking to the SBS 2011 so the XP group policies have no bearing. The server is under the SBSComputers OU.

I have checked the DCOM protocols and they are all set correctly without needing to change anything. I've disabled IPv6 on the 2008 server with no change

It is a flat network so there are no vlan or subnet separations.
jaylaaAuthor Commented:
I have moved the server under the SBS Servers OU and the errors are still occurring. Are there supposed to be any group policies set on that group?
Cris HannaCommented:
On both the SBS server and the other server you should, at an elevated command prompt, run "gpupdate /force" (without the quotes)
jaylaaAuthor Commented:
Well thats interesting - after the group policy has updated fully, the server has gone from  creating 8 error messages every 30 minutes to only one error message every 30 mins.
Cris HannaCommented:
Are you saying the remote server is throwing the error or you're seeing it on SBS server
jaylaaAuthor Commented:
I'm seeing the dcom error in the SBS server event log when trying to talk to the 2008 server
Cris HannaCommented:
I guess the real question here at this point is, other than this showing up on the morning report, is there an issue between these two servers?   You can spend hours trying to troubleshoot these things and it may never go away completely.

If there is no real issue, and you just want it off the report...you should go here
jaylaaAuthor Commented:
Awesome thanks. Its less of an issue now since it is no longer flooding the event log with errors, so I think I'll just leave it as is now.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.