none
How do I configure component services or DCOM settings on a Windows 2008 R2 Server Core?

    Question

  • I am experiencing EventID 10016 (see below) when attempting to perform a VSS backup suggesting I need to access component services or dcomcnfg to adjust the permissions. Unfortunately the server in question is running Windows 2008 R2 Server Core SP1 which does not appear to make these options available. This server is also a domain controller...

    I have resorted to the process outlined here http://blogs.technet.com/b/dpm/archive/2012/05/22/how-to-install-the-dpm-agent-on-a-windows-server-2008-r2-core-computer.aspx using the DCOMPERM tool however the issue still appears suggesting there is something else I am missing perhaps in the dcomcnfg or component services tools.

    The APPID/CSLID relates to a HP VSS Hardware Provider which is working on a 2008 R2 server core (non-DC)...

    Any suggestions would be appreciated.

    Regards Peter

    EVENTID: 10016

    The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

    {047477CA-8240-429F-8C5D-0F9B96C88137}

     and APPID

    {72F0591D-B5F6-4B9A-B36D-F316357BDC59}

     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    Thursday, July 04, 2013 12:45 AM

Answers

  • Unfortunately I resorted to removing the problematic provider hence never did get a resolution to this issue. Hopefully others may have greater success with the DCOMPERM utility although it does appear this is the utility to use for this situation.
    • Marked as answer by PLatLICR Friday, August 09, 2013 7:50 AM
    Friday, August 09, 2013 7:50 AM

All replies

  • Hi,

    1. Click Start -> Run -> Type -> dcomcnfg, expand Component Services -> Computers -> My Computer -> DCOM Config.
    2. Click View -> Detail -> Now you will get Application Name and Application ID in right side.
    3. Scroll down and find the application ID {047477CA-8240-429F-8C5D-0F9B96C88137} -> Right Click -> Properties and select the Security tab.
    3. Click Customize under "Launch & Activation Permission" -> click Edit -> Add in the account NT AUTHORITY\SYSTEM and set local launch and local activation.
    4. Restart the application Service linked to this Application ID or restart the server and monitor

    DCOM troubleshooting info

    http://technet.microsoft.com/en-us/library/cc751272.aspx

    Regards,

    Yan Li

    If you have any feedback on our support, please click here .


    Cataleya Li
    TechNet Community Support

    Monday, July 08, 2013 6:34 AM
  • Thank you for your reply Yan Li,

    However this is a server core machine which does not have a start button. It also lacks MMC snapins...

    I have also attempted searching on the server for dcomc*.* without success...

    As indicated in my original post, I have resorted to a dcomperm utility, however there seems to be something still missing... Hence my question...

    Regards Peter

    Monday, July 08, 2013 6:48 AM
  • Thank you for your reply Yan Li,

    However this is a server core machine which does not have a start button. It also lacks MMC snapins...

    I have also attempted searching on the server for dcomc*.* without success...

    As indicated in my original post, I have resorted to a dcomperm utility, however there seems to be something still missing... Hence my question...

    Regards Peter


    Here is the output from DCOMPERM:

    D:\temp>dcomperm -al {72F0591D-B5F6-4B9A-B36D-F316357BDC59} list
    Launch permission list for AppID {72F0591D-B5F6-4B9A-B36D-F316357BDC59}:

    Remote and Local launch permitted to NT AUTHORITY\SYSTEM.
    Remote and Local activation permitted to NT AUTHORITY\SYSTEM.
    Remote and Local launch permitted to BUILTIN\Administrators.
    Remote and Local activation permitted to BUILTIN\Administrators.
    Remote and Local launch permitted to NT AUTHORITY\INTERACTIVE.
    Remote and Local activation permitted to NT AUTHORITY\INTERACTIVE.
    Remote and Local launch permitted to NT AUTHORITY\SYSTEM.
    Remote and Local activation permitted to NT AUTHORITY\SYSTEM.
    Remote and Local launch permitted to NT AUTHORITY\NETWORK SERVICE.
    Remote and Local activation permitted to NT AUTHORITY\NETWORK SERVICE.

    D:\temp>dcomperm -aa {72F0591D-B5F6-4B9A-B36D-F316357BDC59} list
    Access permission list for AppID {72F0591D-B5F6-4B9A-B36D-F316357BDC59}:

    Remote and Local access permitted to NT AUTHORITY\SELF.
    Remote and Local access permitted to NT AUTHORITY\NETWORK SERVICE.
    Remote and Local access permitted to NT AUTHORITY\SYSTEM.

    D:\temp>dcomperm -aa {047477CA-8240-429F-8C5D-0F9B96C88137} list
    Access permission list for AppID {047477CA-8240-429F-8C5D-0F9B96C88137}:

    Local access permitted to NT AUTHORITY\SYSTEM.
    Remote and Local access permitted to NT AUTHORITY\SELF.
    Local access permitted to NT AUTHORITY\SYSTEM.

    D:\temp>dcomperm -al {047477CA-8240-429F-8C5D-0F9B96C88137} list
    Launch permission list for AppID {047477CA-8240-429F-8C5D-0F9B96C88137}:

    Remote and Local launch permitted to NT AUTHORITY\SYSTEM.
    Remote and Local activation permitted to NT AUTHORITY\SYSTEM.
    Remote and Local launch permitted to BUILTIN\Administrators.
    Remote and Local activation permitted to BUILTIN\Administrators.
    Remote and Local launch permitted to NT AUTHORITY\INTERACTIVE.
    Remote and Local activation permitted to NT AUTHORITY\INTERACTIVE.
    Local launch permitted to NT AUTHORITY\SYSTEM.
    Local activation permitted to NT AUTHORITY\SYSTEM.

    This looks ok to me however I have noticed another couple of other events logged in the Application log for VSS. I suspect these VSS events are a result of the permission here...

    EventID 12292:

    Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {047477ca-8240-429f-8c5d-0f9b96c88137} [0x80070005, Access is denied.].

    Operation:

    Creating instance of hardware provider

    Obtain a callable interface for this provider

    List interfaces for all providers supporting this context

    Delete Shadow Copies

    Context:

    Provider ID: {21e5ab69-9685-4664-a5b2-4ca42bddb153}

    Provider ID: {21e5ab69-9685-4664-a5b2-4ca42bddb153}

    Class ID: {047477ca-8240-429f-8c5d-0f9b96c88137}

    Snapshot Context: -1

    Snapshot Context: -1

    EventID 13:

    Volume Shadow Copy Service information: The COM Server with CLSID {047477ca-8240-429f-8c5d-0f9b96c88137} and name HWPRV cannot be started. [0x80070005, Access is denied.]

    Operation:

    Creating instance of hardware provider

    Obtain a callable interface for this provider

    List interfaces for all providers supporting this context

    Delete Shadow Copies

    Context:

    Provider ID: {21e5ab69-9685-4664-a5b2-4ca42bddb153}

    Provider ID: {21e5ab69-9685-4664-a5b2-4ca42bddb153}

    Class ID: {047477ca-8240-429f-8c5d-0f9b96c88137}

    Snapshot Context: -1

    Snapshot Context: -1

    Tuesday, July 09, 2013 12:45 AM
  • Unfortunately I resorted to removing the problematic provider hence never did get a resolution to this issue. Hopefully others may have greater success with the DCOMPERM utility although it does appear this is the utility to use for this situation.
    • Marked as answer by PLatLICR Friday, August 09, 2013 7:50 AM
    Friday, August 09, 2013 7:50 AM