Back to Cleverworkarounds mainpage
 

Oct 25 2007

DCOM Fun with SharePoint

Send to Kindle

One thing you will first notice in planning a MOSS install is the sheer number of service accounts used. Without proper planning, it is only going to result in a poor set up and most likely be insecure. Despite the complexity of having to learn what each service account is required for, MOSS2007 does a reasonable job in working in a restricted configuration. Properly configured, the majority of these accounts can run with minimal security privileges.

If you follow all the best practice guides, and religiously read Joel’s stuff, I would be preaching to the converted.

Anyhoo, there were some side effects with all of this which, when last I did it, were not in the official guides. Nothing major, but some annoying DCOM errors in the eventlogs. I didn’t even spend too much time working out which activity was causing them, but simply granted the minimal permissions required.

The config here was 2 WFE servers (intranet/extranet), one index/query server and 1 SQL cluster

All Web Front End Servers:

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10016
User:
Computer: WEBSERVER1

Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {61738644-F196-11D0-9953-00C04FD919C1} to the user l SID (S-1-5-21-573225893-205518295-00000000000-00000). This security permission can be modified using the Component Services administrative tool.

Remedy:

  • Search the GUID in HKCR registry…
  • 61738644-F196-11D0-9953-00C04FD919C1
  • The service name for this key is “IIS WAMREG Admin Service”
  • Load DCOMCNFG, browse to My Computer -> ” DCOM Config”
  • Go to the properties of IIS WAMREG
  • The permission missing was “Local Activation” permissions for the user .
  • DATABASE SERVERS

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10016
User:
Computer: SQLCLUSTER1

Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {ABF05265-635E-44B0-A28F-AEA45247ACA0} to the user SID (S-1-5-21-573225893-205518295-3307690801-69150). This security permission can be modified using the Component Services administrative tool.

This event seems to occur at: 12:00AM, 6:00AM, 12:00PM and 8:00PM.

Note: This error will be related to a SharePoint timer job of some description, and thus, we need more permission that just the base SQL Server roles that were set up originally.

Remedy

  • The application for this CLSID is called “Microsoft.SqlServer.Dts.Server.DtsServer” in the registry.
  • Launch DCOMCNFG on SQL02 and SQL03. The DCOM name is MSDTSServer
  • Under security, choose to Edit “Launch and Activation Permissions”
  • Add the user to have local launch permissions
    EXTRANET WFE Server

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10016
User:
Computer: EXTRANET1

Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {61738644-F196-11D0-9953-00C04FD919C1} to the user SID (S-1-5-21-573225893-205518295-0000000000-00000). This security permission can be modified using the Component Services administrative tool.

Remedy:

  • Search the GUID in HKCR registry..
  • 61738644-F196-11D0-9953-00C04FD919C1
  • The service name for this key is IIS WAMREG Admin Service
  • Load DCOMCNFG, browse to My Computer -> ” DCOM Config”
  • Go to the properties of IIS WAMREG
  • The permission missing was “Local Activation” permissions for the user .
  • QUERY/INDEX SERVER

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10016
User:
Computer: INDEX01

Description:The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {61738644-F196-11D0-9953-00C04FD919C1} to the user SID (S-1-5-21-573225893-205518295-3307690801-00000). This security permission can be modified using the Component Services administrative tool.

Remedy:

  • Search the GUID in HKCR registry..
  • 61738644-F196-11D0-9953-00C04FD919C1
  • The service name for this key is IIS WAMREG Admin Service
  • Load DCOMCNFG, browse to My Computer -> ” DCOM Config”
  • Go to the properties of IIS WAMREG
  • The permission missing was “Local Activation” permissions for the user .
 Digg  Facebook  StumbleUpon  Technorati  Deli.cio.us  Slashdot  Twitter  Sphinn  Mixx  Google  DZone 

No Tags

Send to Kindle

Similar posts

 

8 Responses to “DCOM Fun with SharePoint”

  1. Jayesh says:

    hi to more detail to solve this error
    click here
    http://www.sharepointlions.blogspot.com

  2. Miguel Murillo says:

    Thank’s very much!

    You are my God. I had the same problem and I resolve the problem with you help.

    Regards.

  3. CleverWorkarounds » Good advice hidden in the Infrastructure Update says:

    [...] farm server, over and above what it minimally needs (which is some SQL Server rights and some DCOM permission stuff). For what it’s worth, I do not use the Network Service account either, as it is [...]

  4. Cannot login WSS with a domain user « c# to javascript, actionscript says:

    [...] it by reading this or this. Possibly related posts: (automatically generated)Using SharePoint Request Access [...]

  5. #20 Some helpful links for tracking down & fixing SP errors « Integration Points says:
  6. the rasx() context » Blog Archive » SharePoint Services and SQL Reporting Services Must Start Manually on My Server says:

    [...] The Application Log of my VM was defiled by actual errors! It was SharePoint trying to log into my SQL Server 2008 instance but it wasn’t ‘ready’ to accept connections… I strongly suspect that SharePoint services will try to access the database during system startup and shutdown—when services SPTimerV3, SPTrace, SPAdmin and SPSearch are set to start automatically. What’s a dangerous possibility is that SharePoint might try to write to the database during a system shutdown. The 2008 SQL instance might ‘abandon’ SharePoint, leaving it to perhaps damage the disk with its unmanaged, wild-ass DCOM parts. [...]

  7. jeff says:

    Thanks for the fix on the DCOM errors. Worked! -j

  8. Nursey says:

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


Today is: Tuesday 2 September 2014 |