[THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application
- From: "Jim Kenzig http://thin.ms" <jkenzig@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Fri, 16 Jan 2009 09:33:37 -0500
You might try recreating the local host cache on the affected servers if you
haven't already dsmaint /recreatelhc
Jim Kenzig
Blog: http://www.techblink.com
On Fri, Jan 16, 2009 at 3:52 AM, IT Support <it@xxxxxxxxxxxx> wrote:
> One other thing I don't think I've mentioned is..
>
>
>
> On affected servers, when you run QUERY FARM it comes back blank!
>
>
>
> Again, this is resolved after you restart the IMA Service.
>
>
>
> Regards
>
> Nik
> *IT Services Manager*
>
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *IT Support
> *Sent:* 16 January 2009 08:41
>
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] Re: DCOM 10016 Error - The machine-default permission
> settings do not grant Remote Activation permission for the COM Server
> application
>
>
>
> Hi Jim,
>
>
>
> I did this as the domain administrator – ie opening up dcomcnfg and
> literally expanding each node until it errored.
>
>
>
> The only error it came back with related to acrobat reader PDFShellInfo
> which was not recorded.
>
>
>
> Needless to say this hasn't fixed my issue.
>
>
>
> The strange thing is that these issues go away when I manually stop and
> start the Citrix IMA Service – until the next [daily] reboot.....
>
>
>
>
>
>
>
> Regards
>
> Nik
> *IT Services Manager*
>
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Jim Kenzig http://thin.ms
> *Sent:* 15 January 2009 15:28
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] Re: DCOM 10016 Error - The machine-default permission
> settings do not grant Remote Activation permission for the COM Server
> application
>
>
>
> Did you try opening dcomcnfg and click on and go through each of the
> components to see if any of them came up in error? It will usually fix ones
> it finds that are.
> Jim Kenzig
> Blog: http://www.techblink.com
>
>
> On Thu, Jan 15, 2009 at 10:02 AM, IT Support <it@xxxxxxxxxxxx> wrote:
>
>
>
>
> I implemented everything below and ran the script, but my original issue is
> still there every day until I restart the IMA Service.
>
>
>
> Damn!
>
>
>
>
>
>
>
> Regards
>
> Nik
> *IT Services Manager*
>
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *IT Support
> *Sent:* 14 January 2009 15:15
>
>
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] Re: DCOM 10016 Error - The machine-default permission
> settings do not grant Remote Activation permission for the COM Server
> application
>
>
>
> Thanks very much.
>
>
>
> I've run the script + restarted the IMA service & the errors have gone.
> Hopefully they won't come back again....
>
>
>
> N
>
>
>
> Nik
>
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Jeremy Saunders
> *Sent:* 14 January 2009 14:28
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] Re: DCOM 10016 Error - The machine-default permission
> settings do not grant Remote Activation permission for the COM Server
> application
>
>
>
> No Probs….I think there are two different versions of dcomperm.exe around.
> You can download my scripts including the working dcomperm.exe from here:
>
> http://www.jhouseconsulting.com/downloads/dcomperm.zip
>
>
>
> The script should be well documented for you to follow J
>
>
>
> Cheers,
>
> Jeremy.
>
>
>
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *IT Support
> *Sent:* Wednesday, January 14, 2009 11:01 PM
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] Re: DCOM 10016 Error - The machine-default permission
> settings do not grant Remote Activation permission for the COM Server
> application
>
>
>
> Thanks for this great response but I'm not following your statement about
> setting permissions on the CDF. Can you clarify further?
>
>
>
> I've downloaded a version of dcomperm.exe but it is "unable to run on this
> system".
>
>
>
> Cheers.
>
>
>
> N.
>
>
>
> Nik
>
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Jeremy Saunders
> *Sent:* 13 January 2009 00:59
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] Re: DCOM 10016 Error - The machine-default permission
> settings do not grant Remote Activation permission for the COM Server
> application
>
>
>
> The errors you get will be related to the COM Plus components and DCOM
> permissions on the CDF service.
>
>
>
> Firstly, ensure you have the COM Plus network access installed as per
> Citrix KB article CTX112853
>
>
>
> Secondly, set the correct permissions on the Citrix Diagnostic Facility
> (CDF). I have a script that automates this as the server builds. It simply
> uses a utility called dcomperm.exe to give members of the "Distributed COM
> Users" the ability to local launch, local activate, remote launch and remote
> activate the DCOM objects.
>
>
>
> Thirdly, add the Citrix/Server administrators groups to the local
> "Distributed COM Users" group.
>
>
>
> Fourthly, if you are using Custom admins, ensure they have "view"
> permissions on objects such as "View My Knowledge Configuration", as this
> will also cause some AMC permission issues.
>
>
>
> Once you've made these changes, the DCOM errors you are seeing will be a
> thing of the past.
>
>
>
> Cheers,
>
> Jeremy.
>
>
>
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *IT Support
> *Sent:* Monday, January 12, 2009 7:18 PM
> *To:* 'thin@xxxxxxxxxxxxx'
> *Subject:* [THIN] Re: DCOM 10016 Error - The machine-default permission
> settings do not grant Remote Activation permission for the COM Server
> application
>
>
>
> Further to this –
>
> We are also getting the error below in the logs, and errors enumerating the
> Citrix Access Management Console.
>
> This seems to happen on reboot, and persists until we manually restart the
> IMA Service on the affected servers.
>
> Any ideas?
>
> N
>
>
>
>
>
> Event Type: Error
>
> Event Source: DCOM
>
> Event Category: None
>
> Event ID: 10006
>
> Date: 12/01/2009
>
> Time: 10:02:00
>
> User: N/A
>
> Computer: CITRIX1
>
> Description:
>
> DCOM got error "General access denied error " from the computer CITRIX2
> when attempting to activate the server:
>
> {DB192ECC-CCBC-4A97-8121-B2FB89FE77C2}
>
>
>
>
>
>
>
>
>
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *IT Support
> *Sent:* 08 January 2009 08:34
> *To:* 'thin@xxxxxxxxxxxxx'
> *Subject:* [THIN] DCOM 10016 Error - The machine-default permission
> settings do not grant Remote Activation permission for the COM Server
> application
>
>
>
> Hi All,
>
>
>
> We're getting DCOM 10016 errors every time a citrix admin users the Citrix
> Access Management console on all our citrix servers as below:
>
>
>
> Before I start hacking away at DCOM config permissions, does anyone know of
> a recommended citrix fix?
>
>
>
> Cheers.
>
>
>
> N
>
>
>
>
>
> Event Type: Error
>
> Event Source: DCOM
>
> Event Category: None
>
> Event ID: 10016
>
> Date: 07/01/2009
>
> Time: 12:20:09
>
> User: DOMAIN\user.name
>
> Computer: CITRIX1
>
> Description:
>
> The machine-default permission settings do not grant Remote Activation
> permission for the COM Server application with CLSID
>
> {DB192ECC-CCBC-4A97-8121-B2FB89FE77C2}
>
> to the user DOMAIN\user.name SID
> (S-1-5-21-1708537768-1844237615-1177238915-1249). This security permission
> can be modified using the Component Services administrative tool.
>
>
>
>
>
>
>
>
>
> BM Polyco Ltd Disclaimer
> This e-mail and the information it contains are confidential. If you have
> received this message in error please notify us immediately. You should not
> use or copy it for any purpose nor disclose its contents to any other party.
> The contents of this communication are advisory and are not binding on the
> Company unless supported by authorised documentation.
> It has also passed through the MailControl Anti-Virus service powered by
> BlackSpider for total peace of mind.
>
>
>
> Click here <https://www.mailcontrol.com/sr/wQw0zmjPoHdJTZGyOCrrhg==> to
> report this email as spam.
> ------------------------------
>
> *Confidentiality and Privilege Notice
> *This document is intended solely for the named addressee. The
> information contained in the pages is confidential and contains legally
> privileged information. If you are not the addressee indicated in this
> message (or responsible for delivery of the message to such person), you may
> not copy or deliver this message to anyone, and you should destroy this
> message and kindly notify the sender by reply email. Confidentiality and
> legal privilege are not waived or lost by reason of mistaken delivery to
> you.
> ------------------------------
> ------------------------------
>
> *Confidentiality and Privilege Notice
> *This document is intended solely for the named addressee. The
> information contained in the pages is confidential and contains legally
> privileged information. If you are not the addressee indicated in this
> message (or responsible for delivery of the message to such person), you may
> not copy or deliver this message to anyone, and you should destroy this
> message and kindly notify the sender by reply email. Confidentiality and
> legal privilege are not waived or lost by reason of mistaken delivery to
> you.
> ------------------------------
>
>
>
Other related posts:
