none
Exchange Best Practices Analyzer and Event 10009 - DCOM RRS feed

  • Question

  • We have two Exchange 2010 SP3 RU7 servers on Windows 2008 R2

    In general, they seem to function correctly.

    ExBPA (Best Practices Analyzer) results are fine. Just some entries about drivers being more than two years old (vendor has not supplied newer drivers so we use what we have). Anything else has been verified to be something that can "safely be ignored".

    Test-ServiceHealth, Test-ReplicationHealth and other tests indicate no problems.

    However, when I run the ExBPA, it seems like the server on which I run ExBPA attempts to contact the other using DCOM and this fails.

    Some notes:

    1. Windows Firewall is disabled on both.
    2. Pings in both directions are successful.
    3. DTCPing would not even run so I was not able to test with this.
    4. Connectivity works perfectly otherwise. I can see/manage either server from the other using the EMC or EMS. DAG works fine as far as I can see.

    What's the error message?

    ***

    Event 10009, DistributedCOM

    "DCOM was unable to communiate with the computer --- opposite Exchange server of the pair of Exchange servers---  using any of the configured protocols."

    This is in the System Log.

    ***

    This happens on both servers and only when I run the ExBPA.

    I understand that ExBPA uses DCOM but cannot see what would be blocking communications.

    I can access the opposite server in MS Management Consoles (MMC).

    Note: the error is NOT in the ExBPA results - but rather in the Event Viewer System Log.

    Yes, it is consistent. Have noticed it for some time now.

    Does anyone have any idea what could be causing this? Since normal Exchange operations are not affected, I'm tempted to ignore it, but I have to do my "due diligence" and inquire. 


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.


    Tuesday, December 2, 2014 5:47 PM

All replies

  • Hi David,

    I recommend you refer the following article to troubleshoot this event:

    How to troubleshoot DCOM 10009 error logged in system event

    Why this happens:

    Totally speaking, the reason why DCOM 10009 is logged is that: local RPCSS service can’t reach the remote RPCSS service of remote target server. There are many possibilities which can cause this issue.

    • Scenario 1:
       The remote target server happens to be offline for a short time, for example, just for maintenance.
    • Scenario 2:
      Both servers are online. However, there RPC communication issue exists between these two servers, for example:  server name resolvation failure, port resources for RPC communication exhaustion, firewall configuration.
    • Scenario 3:

    Even though the TCP connection to remote server has no any problem, but if the communication of RPC authentication gets problem, we may get the error status code like 0x80070721 which means “A security package specific error occurred” during the communication of RPC authentication, DCOM 10009 will also be logged on the client side.

    • Scenario 4:

    The target DCOM |COM+ service failed to be activated due to permission issue. Under this kind of situation, DCOM 10027 will be logged on the server side at the same time.

    Event ID 10009 — COM Remote Service Availability

    Resolve

    Ensure that the remote computer is available

    There is a problem accessing the COM Service on a remote computer. To resolve this problem:

    • Ensure that the remote computer is online.
    • This problem may be the result of a firewall blocking the connection. For security, COM+ network access is not enabled by default. Check the system to determine whether the firewall is blocking the remote connection.
    • Other reasons for the problem might be found in the Extended Remote Procedure Call (RPC) Error information that is available in Event Viewer.

    To perform these procedures, you must have membership in Administrators, or you must have been delegated the appropriate authority.

    Ensure that the remote computer is online

    To verify that the remote computer is online and the computers are communicating over the network:

    1. Open an elevated Command Prompt window. Click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
    2. At the command prompt, type ping, followed by a space and the remote computer name, and then press ENTER. For example, to check that your server can communicate over the network with a computer named ContosoWS2008, type ping ContosoWS2008, and then press ENTER.
    3. A successful connection results in a set of replies from the other computer and a set of ping statistics.

    Check the firewall settings and enable the firewall exception rule

    To check the firewall settings and enable the firewall exception rule:

    1. Click Start, and then click Run.
    2. Type wf.msc, and then click OK. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
    3. In the console tree, click Inbound rules.
    4. In the list of firewall exception rules, look for COM+ Network Access (DCOM In).
    5. If the firewall exception rule is not enabled, in the details pane click Enable rule, and then scroll horizontally to confirm that the protocol is TCP and the LocalPort is 135. Close Windows Firewall with Advanced Security.

    Review available Extended RPC Error information for this event in Event Viewer

    To review available Extended RPC Error information for this event in Event Viewer:

    1. Click Start, and then click Run.
    2. Type comexp.msc, and then click OK. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
    3. Under Console Root, expand Event Viewer (Local).
    4. In the details pane, look for your event in the Summary of Administrative Events, and then double-click the event to open it.
    5. The Extended RPC Error information that is available for this event is located on the Details tab. Expand the available items on the Details tab to review all available information. 

      For more information about Extended RPC Error information and how to interpret it, see Obtaining Extended RPC Error Information (http://go.microsoft.com/fwlink/?LinkId=105593).

    Best regards,


    Niko Cheng
    TechNet Community Support

    Thursday, December 4, 2014 6:33 AM
    Moderator
  • Thanks Niko.

    1. I know the computer is online for a number of reasons: succesful ping, the fact I have a active remote connection and can interact with it. For example, from the other Exchange server, I can connect to the Event Viewer.

    2. The Windows Firewall is disabled and always was (that's just the way the Exchange servers are configured - not even my decision). And I did double-check, just to make sure.

    3. I will look at extending the Event Viewer logging for RPC.


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

    Thursday, December 4, 2014 5:28 PM