Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 10021 Source: DCOM

The launch and activation security descriptor for the COM Server application with CLSID {<CLSID>} is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.
This event appears a program identified by the Clsid displayed in the message, tried to start the DCOM server by using the DCOM infrastructure. However, the permission associated with the DCOM Server was not correctly set up. See MSW2KDB for troubleshooting steps.

Additional information can be found in McAfee Solution ID kb41482. Go to the McAfee Knowledge Search page and search for this solution to read the article.

See "Sophos Support Article ID: 3040", "Sophos Support Article ID: 3309", "Sophos Support Article ID: 3642", "Sophos Support Article ID: 3699", and "Sophos Support Article ID: 13040" if you have a Sophos product on your system.

As per Microsoft: "You may also see an error if the computer that acts as an enrollment station is not a domain member of your Active Directory forest. You cannot use a computer that is a workgroup member or a member of an un-trusted Active Directory domain. An enrollment station that is not registered properly in Active Directory will report DCOM error 10006 and error 10021 in its System event log". See "Configuring and Troubleshooting Windows 2000 and Windows Server 2003 Certificate Services Web Enrollment" for more details.
In my case, Sophos AV caused this error. Select Start|Run and type dcomcnfg. Under "Component Services", browse to Computers|My Computer|DCOM Config. In the list, locate the Management Service (a Sophos component), right-click on it and select "Properties". Under the Security tab, change "Launch and Activation Permissions" to "Use Default" and click "OK". Locate the Management Service again, select "Properties", select the Security tab and change "Launch and Activation Permissions" to "Customize". Click "Edit", then "Add", locate the group "Sophos Console Administrators" and add it. Ensure that the following premissions are set to "Allow": Local Launch, Remote Launch, Location Activation, Remote Activation. Restart the "Sophos Management Service". After performing these steps this event ceased to occur.
I had this issue with Sophos Antivirus and I fixed it by changing the security of the "ManagementService" service to default.
This issue has been found on Enterprise Vault servers that have the SkipChecks registry key HKEY_LOCAL_MACHINE\SOFTWARE\KVS\Enterprise Vault\AdminService and are then upgraded to Windows 2003 SP1. See "Veritas Support Document ID: 278336" to solve this problem.

See ME913119 for additional information about this event.
Error was noted on a Windows 2003 server after SP1 was installed with McAfee Protection Pilot 1.1.0. This issue occurred because of changes made to DCOM permissions by the service pack. Read McAfee Solution ID KB41482 for information on how to resolve this problem. Go to the McAfee Knowledge Search page and search for this solution to read the article.

I had this problem with Sophos Antivirus Enterprise Console 1.0 and did what contributor Eric Ritchie said, but the problem was still there. I contacted Sophos support and the problem was solved by changing the "Launch and Activation Permissions" in the security tab to "Default".
I had the same problem; it turned out to be Sophos Anti-Virus in my case. I went through the same procedure as outlined by Eric Ritchie and my problem went away.
I had this error on Windows Server 2003 (SP1, German version) with McAfee Protect Pilot 1.1 installed on it. In my case, searching for the registry key mentioned in the event description show me that the "narepl32" stood behind the {<CLSID>}. To solve the problem open the Component Services Administrative Tool -> My Computer -> DCOM Configuration. Point to "narepl32" -> Properties (right click) -> Security Tab. Change "Launch and Activation Permissions" to Default or insert via the Custom tab the INTERACTIVE group and give it full access.
If you have a McAfee product installed and you have recently applied Microsoft Windows XP Service Pack 2, then read McAfee Solution ID KB37954 for information on how to resolve this problem. Go to the McAfee Knowledge Search page and search for this solution to read the article.
I found this error to be a DCOM issue resulting from improper Launch and Activation permissions for the McAfee Framework Service in DCOM configuration. To resolve the issue, I searched for the registry key mentioned in the event description (which turned out to be McAfee's Framework Service). I then opened the Component Services Administrative Tool, and opened the properties of DCOM Config.\Framework Service under Computers\My Computer. Under the Security Tab, I found that the Administrators Group was missing from the Launch and Activation Permissions (Custom Tab). Giving the Administrators group full access corrected the issue.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.