Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 10015 Source: DCOM

Source
Level
Description
The machine wide limit settings do not grant Remote Launch permission for the COM Server application with CLSID {<ID>} to the user <user> SID (<SID>). This security permission can be modified using the Component Services administrative tool.
Comments
 
When the problem is caused by the HP Toolbox, open Administrative tools on your print server and start Component Services. Go to Component Services -> Computers -> My Computer -> DCOM Config. You will find HP Port Resolver in there. Right-click on it and choose Properties and then go to the Location tab and check "Run application on the computer where the data is located".
In our situation, the DCOM errors started after we had to upgrade Opentext's DM from 5.2 to 5.2.1. Initially we thought the problem was a permission problem with the Network Service. We were able to determine that the class ID {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} belongs to Microsoft WMI Provider Subsystem Host. We checked and confirmed that Network Service had the correct permissions. We did the following test:
- Disabled the Opentext DM services and the DCOM error for Network Services stopped. However, we started getting the same error with event ID 10015 for our DM users. We determined that installing DM 5.2.1 must have blown away the permissions for Microsoft WMI Provider Subsystem Host. In addition to the permissions, we could not get Windows Management Infrastructure (WMI) to run.
- Start/Run  wmimgmt.msc. Right click on WMI Control (Local), select properties. If WMI is running, the properties will show successful connection. However, for us it showed failed.

We did the following to reset the permissions for WMI:
- Disable and stop the Hummingbird services:
  DOCSFusion
  DOCSFusionSS Server
  DOCSFusionSS Server Manager

- Remove the WMI and MSDTC permissions.
Go to the registry using regedit. Go to HKLM\software\Microsoft\OLE. Delete the following values:
  DefaultAccessPermissions
  MachineAccessPermissions
  MachineLaunchPermissions.

- Reconfigure the WMI permissions.
Start/Run DCOMCNFG (Component Services). Right click properties for Computers/My Computers. Go to COM Security tab. Under Access Permissions/Edit Defaults:
  Domain administrator
  Local administrator
  Authenticated Users
  Services
All have Local and Remote Access enabled.

With the Hummingbird services disabled. Proceed to restart the server. At this point WMI and MSDTC services are also restarted.

- Test Windows Management Infrastructure (WMI)
Start/Run wmimgmt.msc. Right click on WMI Control (Local). Select properties If WMI is running the properties will show successful connection.

- Restart the server and see if you get anymore DCOM errors. If there are no DCOM errors, proceed to re-enable the Hummingbird services. Make sure you set startup to AUTOMATIC.
  DOCSFusion
  DOCSFusionSS Server
  DOCSFusionSS Server Manager

- Restart the server.
In our case, it turned out to be a problem with the HP Toolbox that was running on the machine of the user in question. Disabling the HP Toolbox and taking it out of startup solved the problem.
I fixed this problem by following contributor's Wayne comment from "EventID 10006 from source DCOM".

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...