Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

DCOM 10010 Error on SBS 2008.

567 views
Skip to first unread message

Scott H.

unread,
Dec 17, 2008, 4:48:01 PM12/17/08
to
Hello All,

Thank you for any advice or general directions you could offer for the
following error we receive every night on our new SBS 2008.

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 12/16/2008 9:15:13 PM
Event ID: 10010
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: DDISERVER1.ddinc.local
Description:
The server {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F} did not register with DCOM
within the required timeout.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM"
Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="49152">10010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2008-12-17T02:15:13.000Z" />
<EventRecordID>56722</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>DDISERVER1.ddinc.local</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">{0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}</Data>
</EventData>
</Event>

Miles Li [MSFT]

unread,
Dec 18, 2008, 4:49:47 AM12/18/08
to

Hello,

Thank you for posting here.

According to your description, I understand that:

You receive the Event 10010 that indicates the server
{0B5A2C52-3EB9-470A-96E2-6C6D4570E40F} fails to register with DCOM.

If I have misunderstood the problem, please don't hesitate to let me know.

From my research, it seems to be a error related to the VSS. However, on my
SBS 2008 server I cannot locate the COM with the ID
{0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}. You may find out which application
has the ID with the following steps:

1. Open Register Editor to ' HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\'
2. Locate the ID {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F} item and you can
find out the application name in the default vaule.

If the application is VSS related, you may follow the suggestions below to
correct the issue:


Suggestions #1:
===============
Please check whether the local service account has been granted the
SeImpersonatePrivilege privilege properly on the SBS 2008 server. To check
that:

1. Run GPedit.msc to open the Local Group Policy Editor.
2. Locate the "Impersonate a client after authentication" user right in:

Computer Configuration\Windows Settings\Security Settings\Local
Policies\User Rights Assignment\

3. Please make sure the following accounts are listed:

LOCAL SERVICE
NETOWORK SERVICE
SERVICE

Suggestions #2:
===============
To isolate the issue from influence from any 3 party software, you may
consider booting the SBS 2008 server into a Clean Boot environment to see
whether the event is logged:

1. Click Start, click Run, type "msconfig" (without the quotation marks) in
the Open box, and then click OK.
2. In the Startup tab, click the "Disable All" button.
3. In the Services tab, check the "Hide All Microsoft Services" checkbox,
and then click the "Disable All" button.
4. Click OK and restart your server.

If the issue disappear with clean boot, it indicates that some software may
be the culprit. You can uninstall recently installed software/update.


Suggestions #3:
===============
Please run the MPS report (PFE version) on the server for the analyzing.
The MPS Reporting Tool is utilized to gather detailed information regarding
a systems current configuration. The data collected will assist you with
fault isolation.

1. Please download MPS Reporting Tool (MPSRPT_PFE.EXE) from the following
link:
(http://www.microsoft.com/downloads/details.aspx?FamilyID=00ad0eac-720f-4441
-9ef6-ea9f657b5c2f&DisplayLang=en)

Please note: The link may be truncated when you read the E-mail. Be sure to
include all text between '(' and ')' when navigating to the download
location.

2. Right click MPSRPT_PFE.EXE and select Run as Administrator to run this
tool, and you will see a Command Window start up.

3. Please type Y with the message of <Include the MSINFO32 report?
(defaults to Y in 15 seconds)[Y,N]?

4. When the tool is done you will see an Explorer Window opening up the
%systemroot%\MPSReports\Setup\Reports\cab folder and containing a
<Computername>MPSReports.cab file.

5. Then send the package to me at v-mi...@microsoft.com.

Hope it helps. If you have any questions or concerns, please do not
hesitate to let me know.

Best regards,
Miles Li

Microsoft Online Partner Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


Scott H.

unread,
Dec 18, 2008, 5:32:01 PM12/18/08
to
Replies are inline:

"Miles Li [MSFT]" wrote:

>
> Hello,
>
> Thank you for posting here.
>
> According to your description, I understand that:
>
> You receive the Event 10010 that indicates the server
> {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F} fails to register with DCOM.
>
> If I have misunderstood the problem, please don't hesitate to let me know.
>
> From my research, it seems to be a error related to the VSS. However, on my
> SBS 2008 server I cannot locate the COM with the ID
> {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}. You may find out which application
> has the ID with the following steps:
>
> 1. Open Register Editor to ' HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\'
> 2. Locate the ID {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F} item and you can
> find out the application name in the default vaule.
>

Appears to be VSSsnapshot. Found in HKEY_ROOT (I think). There also was
another one. but could not find an entry in the registry for it. It was from
an earlier date though.

> If the application is VSS related, you may follow the suggestions below to
> correct the issue:
>
>
> Suggestions #1:
> ===============
> Please check whether the local service account has been granted the
> SeImpersonatePrivilege privilege properly on the SBS 2008 server. To check
> that:
>
> 1. Run GPedit.msc to open the Local Group Policy Editor.
> 2. Locate the "Impersonate a client after authentication" user right in:
>
> Computer Configuration\Windows Settings\Security Settings\Local
> Policies\User Rights Assignment\
>
> 3. Please make sure the following accounts are listed:
>
> LOCAL SERVICE
> NETOWORK SERVICE
> SERVICE
>

These are all listed.

> Suggestions #2:
> ===============
> To isolate the issue from influence from any 3 party software, you may
> consider booting the SBS 2008 server into a Clean Boot environment to see
> whether the event is logged:
>
> 1. Click Start, click Run, type "msconfig" (without the quotation marks) in
> the Open box, and then click OK.
> 2. In the Startup tab, click the "Disable All" button.
> 3. In the Services tab, check the "Hide All Microsoft Services" checkbox,
> and then click the "Disable All" button.
> 4. Click OK and restart your server.
>
> If the issue disappear with clean boot, it indicates that some software may
> be the culprit. You can uninstall recently installed software/update.
>

There are no other services running and only two in startup. Watson
Subscriber for SENS Network Notifications and Windows Live OneCare. I did not
attempt to turn these off while we were open at the office. If you think one
of these might be the culprit, I will attempt this step after hours.


>
> Suggestions #3:
> ===============
> Please run the MPS report (PFE version) on the server for the analyzing.
> The MPS Reporting Tool is utilized to gather detailed information regarding
> a systems current configuration. The data collected will assist you with
> fault isolation.
>
> 1. Please download MPS Reporting Tool (MPSRPT_PFE.EXE) from the following
> link:
> (http://www.microsoft.com/downloads/details.aspx?FamilyID=00ad0eac-720f-4441
> -9ef6-ea9f657b5c2f&DisplayLang=en)
>
> Please note: The link may be truncated when you read the E-mail. Be sure to
> include all text between '(' and ')' when navigating to the download
> location.
>
> 2. Right click MPSRPT_PFE.EXE and select Run as Administrator to run this
> tool, and you will see a Command Window start up.
>
> 3. Please type Y with the message of <Include the MSINFO32 report?
> (defaults to Y in 15 seconds)[Y,N]?
>
> 4. When the tool is done you will see an Explorer Window opening up the
> %systemroot%\MPSReports\Setup\Reports\cab folder and containing a
> <Computername>MPSReports.cab file.
>
> 5. Then send the package to me at v-mi...@microsoft.com.
>
> Hope it helps. If you have any questions or concerns, please do not
> hesitate to let me know.
>

I did this. The program gave a few errors and stopped a couple of times. The
output file is approximately 12MB and couldn't be sent due to size
limitations. Any suggestions?

Miles Li [MSFT]

unread,
Dec 19, 2008, 5:53:23 AM12/19/08
to
Hello,

Thanks for the update.

So the issue is related to the VSS. From my experience, I'd like to suggest
you to check whether VSS related applications are registered in the AppID
properly. The VSS applications that you should check:


[HKEY_CLASSES_ROOT\AppID\{4db9c793-c48d-449c-9754-46027ee45c94}]
Microsoft Volume Shadow Copy Service software provider

[HKEY_CLASSES_ROOT\AppID\{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}]
VssEvent

[HKEY_CLASSES_ROOT\AppID\{56BE716B-2F76-4dfa-8702-67AE10044F0B}]
Volume Shadow Copy Service

If either of the above application is missing in the AppID, the VSSsnapshot
will fail to start and prompt the Event 10010 with exact same error. To
correct this, you may copy the following strings, save it as *.reg file and
then import it to the registry.

----------------------------------------------------------------------------
----
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\AppID\{4db9c793-c48d-449c-9754-46027ee45c94}]
@="Microsoft Volume Shadow Copy Service software provider"
"LocalService"="swprv"

[HKEY_CLASSES_ROOT\AppID\{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}]
@="VssEvent"
"DllSurrogate"=""

[HKEY_CLASSES_ROOT\AppID\{56BE716B-2F76-4dfa-8702-67AE10044F0B}]
@="Volume Shadow Copy Service"
"LocalService"="VSS"
"LaunchPermission"=hex:01,00,04,80,60,00,00,00,6c,00,00,00,00,00,00,00,14,00
,\

00,00,02,00,4c,00,03,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\

05,20,00,00,00,27,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,\

12,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\

02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,\
00,00
----------------------------------------------------------------------------
----

About the MPS report, you can split it into several packages and send them
to me separately. Or you can send four *.evt files that contains the Event
Logs to me.

Hope it helps. If you have any questions or concerns, please do not
hesitate to let me know.

Best regards,

Scott H.

unread,
Dec 19, 2008, 2:40:03 PM12/19/08
to
All three are currently registered in the AppID properly.

I broke the report into 4 sections and sent them to you.

Miles Li [MSFT]

unread,
Dec 22, 2008, 5:38:11 AM12/22/08
to
Hello,

Thanks for the update.

I have received the logs. In the Event log, I found:

Event 10009 Event 10009 that indicates the SBS server failed to communicate
with other computers with DCOM
Event 10016 that indicates the insufficient Local Activation permission on
the COM components
Event 10010


Event 10009:
======================
Please make sure that the Windows firewalls on the computers in the SBS
2008 domain has the proper rules for DCOM traffic. By default, the Windows
Firewall Group Policy settings define the rule for DCOM. You may check
whether the rules for DCOM is enabled on the SBS 2008 server and other
computers.


More information about the event, you may refer to:

Windows SBS 2008 Known Post Installation Event Errors
http://support.microsoft.com/kb/957713


Event 10016:
======================
It seems that the Event 10016 is related to WSS 3.0. To correct it, you can
simply grant the user account the Local Activation permission on the IIS
WAMREG admin Service.

More information about how to correct the issue, you may refer to:

BUG: COM+ Incorrectly Lets You Configure Datagram Protocol
http://support.microsoft.com/default.aspx?scid=kb;en-us;245197

Event 10010:
======================
Incorrect permissions on the application may result in the Event 10010.
Please help to check whether you can view the Lunch and Activation
Permissions and Access Permission of the VSS snapshoot service.

Scott H.

unread,
Dec 23, 2008, 4:40:03 PM12/23/08
to
Event 10009:
=========
Ensured the Default Windows Firewall Group Policy settings were defined for
DCOM.
They were. I haven't seen an event 10009 in a few days.

Event 10016:
=========
Made sure the IIS WAMREG admin Service had Local Activation permission. It
did already, but I cleared and then re-applied to make sure. Will watch in
error logs.

Event 10010:
=========
Could not find the VSS snapshot Service to ensure it had Launch and
Activation permission. Any suggestions on where or how to find this?

Thanks in Advance.

Miles Li [MSFT]

unread,
Dec 24, 2008, 5:18:07 AM12/24/08
to

Hello ,

Thanks for the update.

Suggestions #1:
====================
Please make sure that proper permissions are set to Access, Lunch and
Activation in COM security. To check that:

1. Click Start, click Run, type "dcomcnfg" (without the quotation marks) in

the Open box, and then click OK.

2. In the Component Services MMC, right click the My
Computer--->Properties--->COM security.
3. In the "Access permissions" and "Lunch and Activation Permissions",
verify whether the local system, administrator, and everyone have the Local
Access, Local Lunch and Local Activation permissions.

Suggestions #2:
====================
As Distributed Transaction Coordinator (MSDTC) performs the transaction
coordination role for COM components. Please try to rebuild the MSDTC
through following process to check how it works:

1. Stop the Distributed Transaction Co-coordinator Services.mmc
2. At a command prompt run "msdtc -uninstall" without quotes. The command
will be executed in silence and nothing will be prompted.

4. Delete the following registry hives (if they still exist)

HKEY_CLASSES_ROOT\CID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC

5. Reboot the SBS Server

6. Then logon to the SBS serve with administrative account. At a command
prompt run "msdtc -install" without quotes.

7. Try to start the VSS in the Services.mmc to check how it works.

Information needed:
====================
Could you please export the APPID registry key to hive file and send to me
at v-mi...@microsoft.com for further investigations?

I hope these steps will give you some help. If you have any questions or

Scott H.

unread,
Dec 31, 2008, 1:49:01 PM12/31/08
to

Completed suggestion one and two.

Only challenge i ran into was step number 7 in suggestion number two. I
cannot find a service that is VSS or even VS snapshot service. It seems to
be a mystery. I still am receiving the 10010 events daily.

Everything else seems to work itself out except this.

Miles Li [MSFT]

unread,
Jan 2, 2009, 5:10:53 AM1/2/09
to

Hello,

Thanks for the update.

Due to the security policy, the *.reg files are blocked in the mail on my
side. Please try to export the registry to hive files and send to me. To do
that:

1. Run the "regedit" to open the Registry Editor.
2. Click Files--->Export. In the export file dialog box, choose the
Registry Hive file as the save type.
3. Click Ok to save the Hive file and send to me.

Please check whether the Volume Shadow Copy service is there is the
Services.mmc. Will the event be logged if you manually start the Volume
Shadow Copy service?

0 new messages