Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 10002 Source: DCOM

Source
Level
Description
Access denied attempting to launch a DCOM Server. The server is: {<GUID>}
Comments
 
GUID: 0C0A3666-30C9-11D0-8F20-00805F2CD064 - As per Microsoft: "The Distributed component Object Model (DCOM) server that is failing to launch is Machine Debug Manager (0C0A3666-30C9-11D0-8F20-00805F2CD064). This occurs because Machine Debug Manager lacks sufficient DCOM permissions.". See the link to ME290398 for more details including resolution.
GUID: 554CD916-60BF-11D2-AC98-00C04F991BCF - See ME330341.
GUID: 3C8DE583-54C4-11D1-91D9-080009EBBC58 - See ME319515.
GUID: 9DA0E106-86CE-11D1-8699-00C04FB98036 - See ME305030 and ME320204.

Most of the Q articles point to permission problems so verify all the related information (user accounts, permissions, etc...). If you have developed a custom DCOM object make sure you understand the security requirements to access it remotely.
Regarding {9DA0E103-86CE-11D1-8699-00C04FB98036} and {9DA0E106-86CE-11D1-8699-00C04FB98036}, according to a MS support engineer, this issue occurs because the Microsoft Search (MSSearch) service starts before the Web Storage System starts, and the Microsoft Search service tries to automatically start the Web Storage System by using distributed COM (DCOM). The Web Storage System is secured to prevent programs from starting the Web Storage System with DCOM; therefore, an error is recorded when the Microsoft Search service tries to do so.The Web Storage System does not allow programs to automatically start the Web Storage System, to prevent it from being started without the server operator's knowledge when the server operator has stopped it for maintenance or other reasons.

Do not change your DCOM settings to allow programs to automatically start the Web Storage System.These DCOM error messages are benign, and you can ignore them."

Essentially, the MSSearch service starts before MSExchangeIS has started, and attempts to start the Information Store using DCOM, which fails by design. These errors have no impact, but if you want to get rid of them, make MSSearch depend on MSExchangeIS (instructions can be found in ME193888).
This happened to me after a hard drive on our SMS server needed to be replaced. I re-installed SMS 2003 SP2 (just the service pack) on top of the installation and it fixed the problem.
As per Microsoft: "A program (the Clsid displayed in the message), tried to start the DCOM server by using the DCOM infrastructure. Based on the security ID (SID), this user does not have the necessary permissions to start the DCOM server". See MSW2KDB for information on this event.

As per Microsoft: "The "503 Service Unavailable" error message may occur if a registry key that exceeds 259 characters exists in the HKEY_CLASSES_ROOT registry hive. During initialization, the Exchange OLE DB provider (ExOLEDB) scans the HKEY_CLASSES_ROOT hive to identify registered file types. If any subkey has a default value that exceeds 259 characters, or if there is a discretionary access control list that is not valid on one of the subkeys, ExOLEDB may quit unexpectedly". In addition, this event along with others is logged in the event log. See ME823159 for more details.

If you are having problems installing the Microsoft Systems Management Server (SMS) 2003 Advanced Client on a computer that has Microsoft Internet Information Services (IIS) installed, then read 884870 for a workaround on this problem.

- GUID: 12345678-1234-1234-1234-123456789ABC - See ME810153.
- GUID: 9DA0E106-86CE-11D1-8699-00C04FB98036 - See ME837285.

From a newsgroup post: "I installed MS05-025 one day, and the next day the download of the mssecure.cab file failed, this event being logged in the event log. I resolved this issue by enabling the write access for the network service account on the download directory".

See the link "McAfee Support Solution ID: nai10781" for additional information on this event.
- GUID: {D99E6E73-FC88-11D0-B498-00A0C90312F3} - This problem is related to CertSvc. The certificate for this CA has expired. Renew the certificate with Parent CA to resolve this error.


We had this problem, every time a user logged on to the server, via terminal services. Originally, we got the EventID 10002 from source DCOM, but after using dcomconfg.exe to change permissions on the culprit (FameworkServices.exe, a McAfee service) to default on all 3 topics, the 10002 error disappeared, and the 10010 error appeared. To get rid of the 10010, all that was needed was a restart of the FrameworkService service.
{A373E5B2-7A87-11D3-B1C1-00C04F68155C} – This is related to SPSTaskUser (SharePoint Portal Server 2003) trying to execute scheduled tasks. After I deleted the scheduled tasks, the problem has not reappeared.
- GUID: 2A6D72F1-6E7E-4702-B99C-E40D3DED33C3 - See "Network Associates Support Solution ID: KB37954" for details on this event.
- GUID: 46C468EC-ED4D-4789-B644-919956ABBC9C - Check whether the Distributed Transaction Coordinator service is started. If not, and if it cannot be started, configure it or put it on manual. Also, check EventID 4384 from source MSDTC.
Started seeing this event after restart, when Full Text Indexing in Exchange 2003 had been configured. MS Article ME298095 describes the event as benign in this circumstance.
In my case this happened when I tried to contact to an Exchange 2000 server but the server was not available.
This can occur If you apply an Exchange 2000 Server service pack as the Anti-Virus software is actively scanning. See ME308601.
I fixed this by using dcomcnfg.exe and changed the properties for xconfmgr.exe to "alllow launch" instead of "deny launch" for everyone for the custom launch attributes.
GUID: 9DA0E10X-86CE-11D1-8699-00C04FB98036 - MSDN KB Article 298095 says that it applies only to Microsoft Sharepoint Portal Server 2001. However, I'm getting this error without the Sharepoint Portal Server, but I am running MSSearch so this still looks plausible. The explanation in the KB article is that MSSearch starts before the Web Storage System starts. On my machine, the error occurs during the boot. I do not autostart MSSearch, the error does not appear. This occured the first time after I installed SQL Server 2000 Service Pack 3. For the time being, I'm leaving things as they are, as recommended in KB article 298095 as it looks like it applies to MS Search as well.


Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...