Solved

DCom Error Messages  EventID 10009

Posted on 2014-03-28
3
2,106 Views
1 Endorsement
Last Modified: 2014-03-31
The error log on a server is showing an error every few minutes that indicates a connection cannot be made to server on the web.  WHOIS says the server is a google server.

The error reads:
DCOM was unable to communicate with the computer 74.125.224.72 using any of the configured protocols.

In tracing the process it is coming from process ID 768.  768 is Svchost.exe and is coming from the services  RpcSs and RpcEptMapper.    

Help says to open up port 135 in the firewall.   But researching this seems to be a bad idea since DCOM has been know to be a virus back door.    For the life of me, I don't know what this is trying to do and why would a google server need to communicate this way.

My questions are:
1)  Should the port be opened.
2)  Is there anyway to tell what this is trying to do?

Any insight would be appreciated.
1
Comment
Question by:HCSHAW
3 Comments
 
LVL 43

Expert Comment

by:Davis McCarn
ID: 39963709
Is there any chance that Chrome, Earth, or the Toolbar got installed?  All of them check for updates.
And no, I wouldn't open a port for a suspicious process.
0
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 39964373
Simply speaking, DCOM 10009 indicates that the DCOM client located on this <Computer Name> can’t communicate with the DCOM|COM+ server located on that <Target Computer  Name>.  local SCM COM activator is also called the RPCSS service.

There is past troubleshooting details shared - mostly remote server is offline or the comms btw the remote server is blocked at client or remote server end, can be any security device blocking esp those FW..secure by default this port is included

wearing the security hat, indeed DCOM port must be close especially if it s not used by any application but mostly legacy apps can be still using them, most of apps has shifted into the port 80 space ..that is another playground.

wearing the business hat, Microsoft did has something to say on securing the DCOM or COM+ service from a computer/application perspective such as restricting to least privileged and specify specific user account (instead of default system) to run this. Ideally, the account assigned only purpose is RPC related and for this case to facilitate the comms. Overall, the measures of lockdown attempts to reduce attack surface though..you can catch an hardening example (pdf) which is pretty step by step for their case and reference.

There is a technet of enabing host FW to allow DCOM/COM+ to pass through.

In summary, in order to make DCOM applications work in Windows Server 2008 you need to do two things. Installing the Application role is not needed (but it does add the COM+ network access as in below).

a. Allow "COM+ network access" in firewall rules (type firewall.cpl from a command prompt and on the left you'll see the setting). COM+ is somewhat of a misnomer since it is also for DCOM. COM+ Network Access is a preconfigured program in the exception list that you can just check off.

b. Add your DCOM server to the list of program exceptions in the firewall.
0
 

Author Closing Comment

by:HCSHAW
ID: 39966891
Thats the info I needed.  Thanks,...
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question