DCOM 10009 SBS 2011

We have got an SBS 2011 server that every half hour is generating the annoying dcom 10009 errors. It was affecting multiple windows 7 workstations, but I have resolved them by cleaning out the stale DNS entries. I also have one server that is generating the errors and it is a Window Server 2008 R2 Terminal Server.

I have confirmed that there are no other machines trying to use the same IP (set statically). There was a previous terminal server using the same address but I have removed it from AD and DNS)

I have attempted disabling the firewall on the 2008 server and the errors are still occuring.

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
  <EventID Qualifiers="49152">10009</EventID>
  <Version>0</Version>
  <Level>2</Level>
  <Task>0</Task>
  <Opcode>0</Opcode>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2013-10-04T06:03:25.000000000Z" />
  <EventRecordID>414542</EventRecordID>
  <Correlation />
  <Execution ProcessID="0" ThreadID="0" />
  <Channel>System</Channel>
  <Computer>SBS2011.####.local</Computer>
  <Security />
  </System>
- <EventData>
  <Data Name="param1">VIV-SYD-TS-1.####.local</Data>
  <Binary>3C5265636F726423313A20436F6D70757465723D286E756C6C293B5069643D3739363B31302F342F3230313320363A333A32353A31313B5374617475733D313732323B47656E636F6D703D323B4465746C6F633D313731303B466C6167733D303B506172616D733D313B7B506172616D23303A307D3E3C5265636F726423323A20436F6D70757465723D286E756C6C293B5069643D3739363B31302F342F3230313320363A333A32353A31313B5374617475733D313732323B47656E636F6D703D31383B4465746C6F633D313434323B466C6167733D303B506172616D733D313B7B506172616D23303A5649562D5359442D54532D312E76697669642E6C6F63616C7D3E3C5265636F726423333A20436F6D70757465723D286E756C6C293B5069643D3739363B31302F342F3230313320363A333A32353A31313B5374617475733D313732323B47656E636F6D703D31383B4465746C6F633D3332333B466C6167733D303B506172616D733D303B3E3C5265636F726423343A20436F6D70757465723D286E756C6C293B5069643D3739363B31302F342F3230313320363A333A32353A31313B5374617475733D313233373B47656E636F6D703D31383B4465746C6F633D3331333B466C6167733D303B506172616D733D303B3E3C5265636F726423353A20436F6D70757465723D286E756C6C293B5069643D3739363B31302F342F3230313320363A333A32353A31313B5374617475733D31303036303B47656E636F6D703D31383B4465746C6F633D3331313B466C6167733D303B506172616D733D333B7B506172616D23303A3133357D7B506172616D23313A307D7B506172616D23323A30783830616138633030303030303030307D3E3C5265636F726423363A20436F6D70757465723D286E756C6C293B5069643D3739363B31302F342F3230313320363A333A32353A31313B5374617475733D31303036303B47656E636F6D703D31383B4465746C6F633D3331383B466C6167733D303B506172616D733D303B3E</Binary>
  </EventData>
  </Event>
jaylaaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cris HannaSr IT Support EngineerCommented:
http://support.microsoft.com/kb/957713
SBS 2008 Post installation Errors (applies to 2011 as well)

Were all workstations joined to the domain using the http://connect wizard?
Are all computer accounts in the SBSComputers OU?

2.1DCOM Event ID 10009:

Problem: The DCOM event ID 10009 will occur when a client workstation has a misconfigured firewall or other issues affecting its network communications within the domain. For example, if the workstation is not managed by an SBS GPO. In this scenario, the DCOM event ID 10009 will happen repeatedly, potentially hundreds per day.



Resolution: To attempt to resolve configuration issues with the firewall try the following:

•Make sure to allow remote management exception. Depending on your firewall solution this might be implemented or might require opening several ports. Unfortunately, this means opening common ports like TCP/135, TCP/139 but also a range of dynamic ports that cannot easily be defined and start at 1025. Check with your firewall manufacturer for the proper ways of allowing dynamic RPC traffic.


•If the workstation is on a different subnet than the SBS server and it is running Windows XP SP2 or higher, the firewall exceptions provided by the SBS group policies will not properly allow the required connectivity. You should edit the Client XP GPO and change the scope of the rules to allow subnet + the internal IP of the server. Follow the extra steps below to properly monitor XP SP2 (or higher) machines running in the SBS domain on different subnets than the SBS server, and prevent the DCOM event ID 10009 errors if that is the case.




1. Click Start, click Run, type GPMC.MSC, and click OK.

2. Click Continue on the UAC prompt.

3. Expand Forest: Domain.local, Domains, Domain.local and select Group Policy Objects. (Replace Domain.local with your domain)

4. Right-click the Windows SBS Client – Windows XP Policy and click Edit.

5. Expand Computer Configuration, Policies, Administrative Templates, Network, Network Connections, Windows Firewall, Domain Profile.

6. Find the IP Address of the server: Open a command prompt window (cmd.exe) from the Start menu. In the command prompt window type IPConfig and press return. Make note of the IPv4 address listed.

7. In the Group Policy Management Editor, double click Windows Firewall: Allow inbound file and printer sharing exception

a. In the text box labeled Allow unsolicited incoming messages from these IP addresses, add the IP (IPv4) of the server. For example, if the IP of the server is 192.168.1.2, the text box should read: localsubnet,192.168.1.2.

b. Click OK.

8. Repeat Steps 7.a and 7.b for the following rules:

Windows Firewall: Allow inbound remote administration exception

Windows Firewall: Allow inbound remote desktop exceptions
0
jaylaaAuthor Commented:
I"ve gone through the SBS 2008 post installation issues and the solutions suggested don't work. Also the workstations are all working, the remaining issue it a 2008 Server talking to the SBS 2011 so the XP group policies have no bearing. The server is under the SBSComputers OU.

I have checked the DCOM protocols and they are all set correctly without needing to change anything. I've disabled IPv6 on the 2008 server with no change

It is a flat network so there are no vlan or subnet separations.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Cris HannaSr IT Support EngineerCommented:
The Server needs to be move to the SBS Servers OU
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jaylaaAuthor Commented:
I have moved the server under the SBS Servers OU and the errors are still occurring. Are there supposed to be any group policies set on that group?
0
Cris HannaSr IT Support EngineerCommented:
On both the SBS server and the other server you should, at an elevated command prompt, run "gpupdate /force" (without the quotes)
0
jaylaaAuthor Commented:
Well thats interesting - after the group policy has updated fully, the server has gone from  creating 8 error messages every 30 minutes to only one error message every 30 mins.
0
Cris HannaSr IT Support EngineerCommented:
Are you saying the remote server is throwing the error or you're seeing it on SBS server
0
jaylaaAuthor Commented:
I'm seeing the dcom error in the SBS server event log when trying to talk to the 2008 server
0
Cris HannaSr IT Support EngineerCommented:
I guess the real question here at this point is, other than this showing up on the morning report, is there an issue between these two servers?   You can spend hours trying to troubleshoot these things and it may never go away completely.

If there is no real issue, and you just want it off the report...you should go here
http://blogs.technet.com/b/sbs/archive/2012/01/16/managing-event-alerts-in-your-reports-an-sbs-monitoring-feature-enhancement.aspx
0
jaylaaAuthor Commented:
Awesome thanks. Its less of an issue now since it is no longer flooding the event log with errors, so I think I'll just leave it as is now.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.