Link to home
Start Free TrialLog in
Avatar of Nolan Gustavo
Nolan GustavoFlag for United Kingdom of Great Britain and Northern Ireland

asked on

DCOM Errors Event ID 10009

Hi all,

I am having an issue with a server in a secure domain, the event log is full of DCOM errors. The log is full of them and new logs appear at a rate of 3 per second which is difficult to work with when troubleshooting issues.
Now I am aware that these errors could be caused by any number of reasons but whats strange is that the addresses DCOM is trying to contact are on an external WLAN and none of the addresses can be pinged..
I have tried installing Wireshark to capture the traffic to find out what is generating these errors but nothing obvious shows up.. just wondering if anyone has any suggestions on how to troubleshoot this?

RPC port is not blocked as far as I can see
Addresses are on external WLAN do not have access to the server anyway so not sure what happens there
DNS Scavenging is configured and runs every day

Many Thanks
Avatar of Kamal Khaleefa
Kamal Khaleefa
Flag of Kuwait image

Put the public ip in browser and check what service is running
Hi, You can use the Windows command

ipconfig /displaydns > dnscache.txt

to dump out the DNS cache on your server to a text file then search the file to find the unknown IP addresses and matching names.

In this case you may be better using Microsoft NetMon on the server to check what is generating the requests rather than Wireshark.  NetMon shows the process details (program name and pid).  I believe Message Analyser does the same but I'm not familiar with it.  You can still download NetMon 3.4.

Best regards...Paul
Avatar of Nolan Gustavo

ASKER

King 2002, please could you elaborate? I am not sure if I understand your suggestion.

PaulOffrod, I tried installing NetMon but the installation fails at the moment so going to reboot the server in attempt to resolve this.. Unfortunately Message Analyser does not run on Server 2008, has to be R2 or Win7. I will let you know once I have rebooted the server and tried installing this again.

 Many Thanks!
Hi Nolan,

I hadn't noticed that this is 2008 r1.  I'm not sure if you will get the process information - there are quite a few additional capabilities n this area in r2.

If you don't we can talk about using netstat instead.  Not quite as neat but may be good enough.

Best regards...Paul
I mean first open ie browser http://public ip making error
And check what is the site
As dcom error with external url
You need to find what service website cuse it in advance to troubleshoot 'dcom error is too genaric'
ASKER CERTIFIED SOLUTION
Avatar of Nolan Gustavo
Nolan Gustavo
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial