Upgrading Windows Server 2003 RTM to SP2 w/ SMS 2003 SP1 caused DCOM Error Event ID: 10021

My site server configuration prior to upgrade:  Windows Server 2003 Standard RTM, SMS 2003 SP1, SQL Server 2000 SP3a.

I stopped all SMS related services, upgraded the OS to SP2, rebooted, and started checking the logs for errors.  I noticed a persistent DCOM error with Event ID 10021 (figure 1) and knew that I would need to reset COM permissions as noted in everything that I read.  Well, I reset the permissions for all of the documented processes (SMS Reporting Users Group, granting the SMS Admin Group "Remote Activation" for remote console access, and for the SMS_SERVER_LOCATOR_POINT.

The error continued to populate in the System Event logs at a rate of every 5 seconds. The information provided from the Help and Support Center link was only partially helpful.  In REGEDIT you find that the CLSID value for {AD65A69D-3831-40D7-9629-9B0B50A93843} is the SMS Agent Host.  You are then instructed to run DCOMCNFG and "Add the user to the permissions list, and give the user the appropriate permissions", in the Launch and Activation Permissions section.  That is the unhelpful part - which user account?

After an hour of Live Search and Google Searching, I stumbled on an article from http://www.monkeyclicker.com/ that worked. All is well in my world toady.

(http://www.monkeyclicker.com/forum/index.php?topic=26.msg56;topicseen#new)

Excerpt from the site:

Open component services by going start -> run -> dcomcnfg.exe
Expand Component Services
Expand computers
Expand My Computer

Its a  DCOM error so you should try the DCOM Config subtree for this first
-drill down to COM+ applications/DCOM Config depending on the error source in eventviewer
-switch to a detail view,
-objects will show up in the right hand pane with an application ID against them.  *hopefully* the clsid above will show up there so you can identify the problem component.

Find the Class ID from the event log.
Right click on the name and select properties. 
Select the security tab
Check permissions on Launch and Activation.  Odds are they are set to custom.  Change to default settings.


Figure 1

___________________________________________________

Event Type:                                                                   Error

Event Source:                                                                DCOM

Event Category:                                                             None

Event ID:                                                                       10021

Date:                                                                            5/5/2007

Time:                                                                            1:18:01 PM

User:                                                                            N/A

Computer:                                                                     MYSITESERVER

Description:

The launch and activation security descriptor for the COM Server application with CLSID {AD65A69D-3831-40D7-9629-9B0B50A93843} is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.

 

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

___________________________________________________
Published Monday, May 07, 2007 9:42 AM by snorman

Comments

No Comments
Copyright - www.myITforum.com, Inc. - 2007 All Rights reserved.
Powered by Community Server (Commercial Edition), by Telligent Systems