You might try recreating the local host cache on the affected servers if you haven't already dsmaint /recreatelhc Jim Kenzig Blog: http://www.techblink.com On Fri, Jan 16, 2009 at 3:52 AM, IT Support <it@xxxxxxxxxxxx> wrote: > One other thing I don't think I've mentioned is.. > > > > On affected servers, when you run QUERY FARM it comes back blank! > > > > Again, this is resolved after you restart the IMA Service. > > > > Regards > > Nik > *IT Services Manager* > > *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On > Behalf Of *IT Support > *Sent:* 16 January 2009 08:41 > > *To:* thin@xxxxxxxxxxxxx > *Subject:* [THIN] Re: DCOM 10016 Error - The machine-default permission > settings do not grant Remote Activation permission for the COM Server > application > > > > Hi Jim, > > > > I did this as the domain administrator – ie opening up dcomcnfg and > literally expanding each node until it errored. > > > > The only error it came back with related to acrobat reader PDFShellInfo > which was not recorded. > > > > Needless to say this hasn't fixed my issue. > > > > The strange thing is that these issues go away when I manually stop and > start the Citrix IMA Service – until the next [daily] reboot..... > > > > > > > > Regards > > Nik > *IT Services Manager* > > *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Jim Kenzig http://thin.ms > *Sent:* 15 January 2009 15:28 > *To:* thin@xxxxxxxxxxxxx > *Subject:* [THIN] Re: DCOM 10016 Error - The machine-default permission > settings do not grant Remote Activation permission for the COM Server > application > > > > Did you try opening dcomcnfg and click on and go through each of the > components to see if any of them came up in error? It will usually fix ones > it finds that are. > Jim Kenzig > Blog: http://www.techblink.com > > > On Thu, Jan 15, 2009 at 10:02 AM, IT Support <it@xxxxxxxxxxxx> wrote: > > > > > I implemented everything below and ran the script, but my original issue is > still there every day until I restart the IMA Service. > > > > Damn! > > > > > > > > Regards > > Nik > *IT Services Manager* > > *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On > Behalf Of *IT Support > *Sent:* 14 January 2009 15:15 > > > *To:* thin@xxxxxxxxxxxxx > *Subject:* [THIN] Re: DCOM 10016 Error - The machine-default permission > settings do not grant Remote Activation permission for the COM Server > application > > > > Thanks very much. > > > > I've run the script + restarted the IMA service & the errors have gone. > Hopefully they won't come back again.... > > > > N > > > > Nik > > *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Jeremy Saunders > *Sent:* 14 January 2009 14:28 > *To:* thin@xxxxxxxxxxxxx > *Subject:* [THIN] Re: DCOM 10016 Error - The machine-default permission > settings do not grant Remote Activation permission for the COM Server > application > > > > No Probs….I think there are two different versions of dcomperm.exe around. > You can download my scripts including the working dcomperm.exe from here: > > http://www.jhouseconsulting.com/downloads/dcomperm.zip > > > > The script should be well documented for you to follow J > > > > Cheers, > > Jeremy. > > > > *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On > Behalf Of *IT Support > *Sent:* Wednesday, January 14, 2009 11:01 PM > *To:* thin@xxxxxxxxxxxxx > *Subject:* [THIN] Re: DCOM 10016 Error - The machine-default permission > settings do not grant Remote Activation permission for the COM Server > application > > > > Thanks for this great response but I'm not following your statement about > setting permissions on the CDF. Can you clarify further? > > > > I've downloaded a version of dcomperm.exe but it is "unable to run on this > system". > > > > Cheers. > > > > N. > > > > Nik > > *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Jeremy Saunders > *Sent:* 13 January 2009 00:59 > *To:* thin@xxxxxxxxxxxxx > *Subject:* [THIN] Re: DCOM 10016 Error - The machine-default permission > settings do not grant Remote Activation permission for the COM Server > application > > > > The errors you get will be related to the COM Plus components and DCOM > permissions on the CDF service. > > > > Firstly, ensure you have the COM Plus network access installed as per > Citrix KB article CTX112853 > > > > Secondly, set the correct permissions on the Citrix Diagnostic Facility > (CDF). I have a script that automates this as the server builds. It simply > uses a utility called dcomperm.exe to give members of the "Distributed COM > Users" the ability to local launch, local activate, remote launch and remote > activate the DCOM objects. > > > > Thirdly, add the Citrix/Server administrators groups to the local > "Distributed COM Users" group. > > > > Fourthly, if you are using Custom admins, ensure they have "view" > permissions on objects such as "View My Knowledge Configuration", as this > will also cause some AMC permission issues. > > > > Once you've made these changes, the DCOM errors you are seeing will be a > thing of the past. > > > > Cheers, > > Jeremy. > > > > *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On > Behalf Of *IT Support > *Sent:* Monday, January 12, 2009 7:18 PM > *To:* 'thin@xxxxxxxxxxxxx' > *Subject:* [THIN] Re: DCOM 10016 Error - The machine-default permission > settings do not grant Remote Activation permission for the COM Server > application > > > > Further to this – > > We are also getting the error below in the logs, and errors enumerating the > Citrix Access Management Console. > > This seems to happen on reboot, and persists until we manually restart the > IMA Service on the affected servers. > > Any ideas? > > N > > > > > > Event Type: Error > > Event Source: DCOM > > Event Category: None > > Event ID: 10006 > > Date: 12/01/2009 > > Time: 10:02:00 > > User: N/A > > Computer: CITRIX1 > > Description: > > DCOM got error "General access denied error " from the computer CITRIX2 > when attempting to activate the server: > > {DB192ECC-CCBC-4A97-8121-B2FB89FE77C2} > > > > > > > > > > *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On > Behalf Of *IT Support > *Sent:* 08 January 2009 08:34 > *To:* 'thin@xxxxxxxxxxxxx' > *Subject:* [THIN] DCOM 10016 Error - The machine-default permission > settings do not grant Remote Activation permission for the COM Server > application > > > > Hi All, > > > > We're getting DCOM 10016 errors every time a citrix admin users the Citrix > Access Management console on all our citrix servers as below: > > > > Before I start hacking away at DCOM config permissions, does anyone know of > a recommended citrix fix? > > > > Cheers. > > > > N > > > > > > Event Type: Error > > Event Source: DCOM > > Event Category: None > > Event ID: 10016 > > Date: 07/01/2009 > > Time: 12:20:09 > > User: DOMAIN\user.name > > Computer: CITRIX1 > > Description: > > The machine-default permission settings do not grant Remote Activation > permission for the COM Server application with CLSID > > {DB192ECC-CCBC-4A97-8121-B2FB89FE77C2} > > to the user DOMAIN\user.name SID > (S-1-5-21-1708537768-1844237615-1177238915-1249). This security permission > can be modified using the Component Services administrative tool. > > > > > > > > > > BM Polyco Ltd Disclaimer > This e-mail and the information it contains are confidential. If you have > received this message in error please notify us immediately. You should not > use or copy it for any purpose nor disclose its contents to any other party. > The contents of this communication are advisory and are not binding on the > Company unless supported by authorised documentation. > It has also passed through the MailControl Anti-Virus service powered by > BlackSpider for total peace of mind. > > > > Click here <https://www.mailcontrol.com/sr/wQw0zmjPoHdJTZGyOCrrhg==> to > report this email as spam. > ------------------------------ > > *Confidentiality and Privilege Notice > *This document is intended solely for the named addressee. The > information contained in the pages is confidential and contains legally > privileged information. If you are not the addressee indicated in this > message (or responsible for delivery of the message to such person), you may > not copy or deliver this message to anyone, and you should destroy this > message and kindly notify the sender by reply email. Confidentiality and > legal privilege are not waived or lost by reason of mistaken delivery to > you. > ------------------------------ > ------------------------------ > > *Confidentiality and Privilege Notice > *This document is intended solely for the named addressee. The > information contained in the pages is confidential and contains legally > privileged information. If you are not the addressee indicated in this > message (or responsible for delivery of the message to such person), you may > not copy or deliver this message to anyone, and you should destroy this > message and kindly notify the sender by reply email. Confidentiality and > legal privilege are not waived or lost by reason of mistaken delivery to > you. > ------------------------------ > > >