none
1000's of DCOM Event ID 10009 errors in the system event log

    Question

  • So I am seeing 1000's of these events in the event log which are becoming quite annoying (I hate a dirty event log) and hard to find anything else in the event log because so many of these errors. I looked at Microsoft Article ID: 957713 which has you modify the GPO for the XP clients to allow connections from the server IP. I configured this even though I have the Windows Firewall turned off on all of my machines and the SBS 2011 server itself. Still having the same issue. I am quite fed up with this. I have seen this in the past and I was able to fix it by modifying something in the component services but that was 4+ yrs ago on a 2003 server and I dont recall my steps.

    Event ID 10009  Source: Distributed COM

    DCOM was unable to communicate with the computer xxxxx.xxxxx.local using any of the configured protocols.

    Please help!

    Friday, September 28, 2012 11:13 PM

All replies

  • Are these computers turned off?
     
    What OS are they?
     
    It's a WMI issue on XP's that I've seen.
     
    Saturday, September 29, 2012 12:37 AM
  • On the XP boxes:

    1. Start - Run - DComcnfg

    2. Expand Component Services

    3. Expand Computers

    4. Right click My Computer and choose properties

    5. Click the Default Properties Tab

    6. Is the Enable Distributed COM on this computer checkbox checked? If not, that'll do it.

    7. Make sure Default Authentication Level is set to 'Connect' and Default Impersonation Level to 'Impersonate

    8. OK, then close Component Services dialog.

    Chris


    Chris

    Saturday, September 29, 2012 1:38 AM
  • Some of these are Windows 7 machines
    Saturday, September 29, 2012 3:05 AM
  • Hi,

    Several thinkings:

    1. Make sure your SBS 2003 is up-to-date;

    2. Disable all the third party software on both server side and client side;

    3. Try to restore from the backup file;

    At the same time, I suggest that you could download Windows SBS 2003 BPA then have a general health check on your server:

    Title: Microsoft Windows Small Business Server 2003 Best Practices Analyzer

    URL: http://www.microsoft.com/en-us/download/details.aspx?id=5334

    Regards,

    James


    James Xiong

    TechNet Community Support

    Monday, October 01, 2012 5:06 AM
  • On the XP boxes:

    1. Start - Run - DComcnfg

    2. Expand Component Services

    3. Expand Computers

    4. Right click My Computer and choose properties

    5. Click the Default Properties Tab

    6. Is the Enable Distributed COM on this computer checkbox checked? If not, that'll do it.

    7. Make sure Default Authentication Level is set to 'Connect' and Default Impersonation Level to 'Impersonate

    8. OK, then close Component Services dialog.

    Chris


    Chris


    I will try this when I am back onsite later this week. Would this be the same for Windows 7 machines?
    Monday, October 01, 2012 6:51 PM
  • Hi,

    Several thinkings:

    1. Make sure your SBS 2003 is up-to-date;

    2. Disable all the third party software on both server side and client side;

    3. Try to restore from the backup file;

    At the same time, I suggest that you could download Windows SBS 2003 BPA then have a general health check on your server:

    Title: Microsoft Windows Small Business Server 2003 Best Practices Analyzer

    URL: http://www.microsoft.com/en-us/download/details.aspx?id=5334

    Regards,

    James


    James Xiong

    TechNet Community Support


    1. This is SBS 2011 fully patched

    2. All that is running on my server is BackupExec 2010R3

    3. Restore what from a backup file?

    I am sorry this seems like a canned response, definitely not helpful

    Monday, October 01, 2012 6:53 PM
  • Anything on this? I am seeing this in another environment as well which is using SBS 2008 with a mix of XP & Windows 7 machines. This is becoming quite the nuisance

    Tuesday, October 09, 2012 5:26 PM
  • On the XP boxes:

    1. Start - Run - DComcnfg

    2. Expand Component Services

    3. Expand Computers

    4. Right click My Computer and choose properties

    5. Click the Default Properties Tab

    6. Is the Enable Distributed COM on this computer checkbox checked? If not, that'll do it.

    7. Make sure Default Authentication Level is set to 'Connect' and Default Impersonation Level to 'Impersonate

    8. OK, then close Component Services dialog.

    Chris

    =========

    Are they XP or 7's that are triggering the issue?

      If XP follow that.  If 7 what security software are you using?

    Tuesday, October 09, 2012 5:30 PM
  • On the XP boxes:

    1. Start - Run - DComcnfg

    2. Expand Component Services

    3. Expand Computers

    4. Right click My Computer and choose properties

    5. Click the Default Properties Tab

    6. Is the Enable Distributed COM on this computer checkbox checked? If not, that'll do it.

    7. Make sure Default Authentication Level is set to 'Connect' and Default Impersonation Level to 'Impersonate

    8. OK, then close Component Services dialog.

    Chris

    =========

    Are they XP or 7's that are triggering the issue?

      If XP follow that.  If 7 what security software are you using?

    This comes from both XP & Windows 7 machine

    This is occurring in two different environments with different security software (AVG & Symantec)

    I cant really go to each computer to make those adjustments, most are Windows 7 anyways so that doesn't even apply. I think this is something more

    Tuesday, October 09, 2012 6:35 PM
  • Can you post up the exact error message as it may be Kerb errors caused by printer drivers.

    It's XP's hating dcom

    It's Win7 with HP gui happy printer drivers

    It's security software

    I've seen all three. 

    And yes you have to go to each offending XP to make the adjustments.  If WMI is messed up, there's nothing on the server side that can be done.

    Tuesday, October 09, 2012 6:38 PM
  • P.S. one more,

    if the machines are on VPNs and the server can't talk to the workstations.

    Bottom line there's no magic pill to fix.  The server is having issues talking to the workstations. 

    Tuesday, October 09, 2012 6:39 PM
  • Can you post up the exact error message as it may be Kerb errors caused by printer drivers.

    It's XP's hating dcom

    It's Win7 with HP gui happy printer drivers

    It's security software

    I've seen all three. 

    And yes you have to go to each offending XP to make the adjustments.  If WMI is messed up, there's nothing on the server side that can be done.

    The error message is

    Event ID 10009  Source: Distributed COM

    DCOM was unable to communicate with the computer xxxxx.xxxxx.local using any of the configured protocols.

    Since this isn't affecting anything, can I suppress these messages some how?

    I do have HP's in both environments but the printers are shared from the server.

    As for security software, what exactly would cause that?

    Thanks for the quick reply!

    Tuesday, October 09, 2012 6:41 PM
  • Security software that is blocking WMI messages from the server.  For example does the security software provide it's own firewall software?

    Event ID: 10009 Source: DCOM:
    http://www.eventid.net/display-eventid-10009-source-DCOM-eventno-579-phase-1.htm

    Event ID 10009 — COM Remote Service Availability:
    http://technet.microsoft.com/en-us/library/cc774368.aspx

    Check the firewall settings.

    http://support.microsoft.com/default.aspx?scid=kb;en-us;957713

    2.1DCOM Event ID 10009:

    Problem: The DCOM event ID 10009 will occur when a client workstation has a misconfigured firewall or other issues affecting its network communications within the domain. For example, if the workstation is not managed by an SBS GPO. In this scenario, the DCOM event ID 10009 will happen repeatedly, potentially hundreds per day.



    Resolution:  To attempt to resolve configuration issues with the firewall try the following:

    • Make sure to allow remote management exception. Depending on your firewall solution this might be implemented or might require opening several ports. Unfortunately, this means opening common ports like TCP/135, TCP/139 but also a range of dynamic ports that cannot easily be defined and start at 1025. Check with your firewall manufacturer for the proper ways of allowing dynamic RPC traffic.


    • If the workstation is on a different subnet than the SBS server and it is running Windows XP SP2 or higher, the firewall exceptions provided by the SBS group policies will not properly allow the required connectivity.  You should edit the Client XP GPO and change the scope of the rules to allow subnet + the internal IP of the server. Follow the extra steps below to properly monitor XP SP2 (or higher) machines running in the SBS domain on different subnets than the SBS server, and prevent the DCOM event ID 10009 errors if that is the case.




    1. Click Start, click Run, type GPMC.MSC, and click OK.

    2. Click Continue on the UAC prompt.

    3. Expand Forest: Domain.local, Domains, Domain.local and select Group Policy Objects. (Replace Domain.local with your domain)

    4. Right-click the Windows SBS Client – Windows XP Policy and click Edit.

    5. Expand Computer Configuration, Policies, Administrative Templates, Network, Network Connections, Windows Firewall, Domain Profile.

    6. Find the IP Address of the server: Open a command prompt window (cmd.exe) from the Start menu. In the command prompt window type IPConfig and press return. Make note of the IPv4 address listed.

    7. In the Group Policy Management Editor, double click Windows Firewall: Allow inbound file and printer sharing exception

    a. In the text box labeled Allow unsolicited incoming messages from these IP addresses, add the IP (IPv4) of the server. For example, if the IP of the server is 192.168.1.2, the text box should read: localsubnet,192.168.1.2.

    b. Click OK.

    8. Repeat Steps 7.a and 7.b for the following rules:

    Windows Firewall: Allow inbound remote administration exception

    Windows Firewall: Allow inbound remote desktop exceptions
    Tuesday, October 09, 2012 6:47 PM