none
DCOM Problem RRS feed

  • Question

  • Hi.

    I know this may have already been answered, but I find my problem a little different to all others.

    I have deployed SCCM 2007 client to a PC.  The software installs fine, all advertisements work.  However, I am now failing to receive an update under the Software Distribution in the Console Manager.  Having checked the event log of the PC shows this error being repeated:

    The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

    {05D1D5D8-18D1-4B83-85ED-A0F99D53C885}

    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

    I have checked the permission under DCOM for SMS Host Agent.  All settings are the same as all other PC's that are working fine within the Active Directory.  I have noticed that there is no CCM under DCOMcnfg when all other PC's do have this.  Is this likely to be causing the problem?

    I can post logs if someone wouldn't mind helping me

     

    Thanks

     

    Wednesday, July 20, 2011 5:29 PM

Answers

  • To resolve this problem, use one of the following methods.
    Grant the user permissions to start the COM component

    Grant the user permissions to start the COM component. To do this, follow these steps:

    1. Click Start, click Run, type regedit in the Open box, and then click OK.
    2. Locate and then click the following registry subkey:

      HKEY_CLASSES_ROOT\CLSID\CLSID value

      Note In this subkey, "CLSID value" is a placeholder for the CLSID information that appears in the message.

    3. In the right pane, double-click AppID.
      The Edit String dialog box appears. Leave this dialog box open and continue to the next step.
    4. Click Start, click Run, type dcomcnfg in the Open box, and then click OK.
      If a Windows Security Alert message prompts you to keep blocking the Microsoft Management Console program, click to unblock the program.
    5. In Component Services, double-click Component Services, double-click Computers, double-click My Computer, and then click DCOM Config.
    6. In the details pane, locate the program by using the friendly name.
      If the AppGUID identifier is listed instead of the friendly name, locate the program by using this identifier.
    7. Right-click the program, and then click Properties.
    8. Click the Security tab.
    9. In the Launch and Activation Permissions area, click Customize, and then click Edit.
    10. Click Add, type the user’s account name, and then click OK.
    11. While the user is selected, click to select the Allow check boxes for the following items:
      • Local Launch
      • Remote Launch
      • Local Activation
      • Remote Activation
    12. Click OK two times.
    13. Quit Registry Editor.
    Grant the correct permissions to the Network Service account

    To grant the correct permissions to the Network Service account, follow these steps:

    1. Click Start, click Run, type dcomcnfg in the Open box, and then click OK.
    2. In Component Services, double-click Component Services, and then double-click Computers.
    3. Right-click My Computer, and then click Properties.
    4. Click the COM Security tab.
    5. In the Launch and Activation Permissions area, click Edit Default.
    6. Click Add, type Network Service, and then click OK.
    7. While Network Service is selected, click to select the Allow check boxes for the following items:
      • Local Launch
      • Remote Launch
      • Local Activation
      • Remote Activation

      Click OK two times.

     

    Hope this will help you to resolve this issue.


    Zulqarnain Ali | MCTS, MCSA Please remember to click “Mark as Answer” on the post that helps you.
    • Proposed as answer by Zulqarnain Ali Thursday, July 21, 2011 6:01 AM
    • Marked as answer by Sabrina Shen Tuesday, July 26, 2011 9:34 AM
    Thursday, July 21, 2011 6:01 AM

All replies

  • Hi - Did you check the StatusAgent.log for more details like the client is able to send the status msg to MP.

    Also, to find out more about DCOM, search system registry with CLSID... 


    Anoop C Nair - This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, July 21, 2011 1:41 AM
  • To resolve this problem, use one of the following methods.
    Grant the user permissions to start the COM component

    Grant the user permissions to start the COM component. To do this, follow these steps:

    1. Click Start, click Run, type regedit in the Open box, and then click OK.
    2. Locate and then click the following registry subkey:

      HKEY_CLASSES_ROOT\CLSID\CLSID value

      Note In this subkey, "CLSID value" is a placeholder for the CLSID information that appears in the message.

    3. In the right pane, double-click AppID.
      The Edit String dialog box appears. Leave this dialog box open and continue to the next step.
    4. Click Start, click Run, type dcomcnfg in the Open box, and then click OK.
      If a Windows Security Alert message prompts you to keep blocking the Microsoft Management Console program, click to unblock the program.
    5. In Component Services, double-click Component Services, double-click Computers, double-click My Computer, and then click DCOM Config.
    6. In the details pane, locate the program by using the friendly name.
      If the AppGUID identifier is listed instead of the friendly name, locate the program by using this identifier.
    7. Right-click the program, and then click Properties.
    8. Click the Security tab.
    9. In the Launch and Activation Permissions area, click Customize, and then click Edit.
    10. Click Add, type the user’s account name, and then click OK.
    11. While the user is selected, click to select the Allow check boxes for the following items:
      • Local Launch
      • Remote Launch
      • Local Activation
      • Remote Activation
    12. Click OK two times.
    13. Quit Registry Editor.
    Grant the correct permissions to the Network Service account

    To grant the correct permissions to the Network Service account, follow these steps:

    1. Click Start, click Run, type dcomcnfg in the Open box, and then click OK.
    2. In Component Services, double-click Component Services, and then double-click Computers.
    3. Right-click My Computer, and then click Properties.
    4. Click the COM Security tab.
    5. In the Launch and Activation Permissions area, click Edit Default.
    6. Click Add, type Network Service, and then click OK.
    7. While Network Service is selected, click to select the Allow check boxes for the following items:
      • Local Launch
      • Remote Launch
      • Local Activation
      • Remote Activation

      Click OK two times.

     

    Hope this will help you to resolve this issue.


    Zulqarnain Ali | MCTS, MCSA Please remember to click “Mark as Answer” on the post that helps you.
    • Proposed as answer by Zulqarnain Ali Thursday, July 21, 2011 6:01 AM
    • Marked as answer by Sabrina Shen Tuesday, July 26, 2011 9:34 AM
    Thursday, July 21, 2011 6:01 AM
  • I'm having trouble applying this procedure since the Security tab refered to in step 8 is greyed-out.  I'm therefore not able to proceed to step 9.

    Please advise.

    Regards,

    Mandlenkosi Makiwane (Mandla)

    Chief Systems Architect,

    Virtual Space-Time Commerce

    Wednesday, November 21, 2012 7:09 PM
  • I see no one has answered re the greyed out question. I have got to this point as well, and it is greyed out. Are there additional steps that can be taken to resolve this?
    Sunday, June 28, 2015 12:10 PM
  • In registry editor, find the key under: HKEY_CLASSES_ROOT\AppID\{App id guid}

    Right click it, choose Permissions.

    Click Advanced.

    Next to Owner, click Change.

    Type Administrators (plural).

    Click OK.

    Check the box to Replace owner on subcontainers and objects.

    Click OK.

    In the simple Permissions dialog, Select Administrators and grand them Full Control and Select SYSTEM and grant it Full Control as well.

    Restart dcomcnfg and retry.   It should not be greyed out anymore.

    Saturday, October 1, 2016 12:02 AM