The plot thickens, we have another issue with our build whereby this doesn't work! When I run dsmaint recreate, I get the following error: ODBC MICROSOFT ACCESS DRIVER LOGIN FAILED NOT A VALID ACCOUNT NAME OR PASSWORD [cid:image001.png@01C977EC.C933C450] Incidentally we are running PS4.5 PSE450W2K3R02 & PSE450R02W2K3037 Regards Nik Hunt IT Services Manager From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Kenzig http://thin.ms Sent: 16 January 2009 14:34 To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application You might try recreating the local host cache on the affected servers if you haven't already dsmaint /recreatelhc Jim Kenzig Blog: http://www.techblink.com On Fri, Jan 16, 2009 at 3:52 AM, IT Support <it@xxxxxxxxxxxx<mailto:it@xxxxxxxxxxxx>> wrote: One other thing I don't think I've mentioned is.. On affected servers, when you run QUERY FARM it comes back blank! Again, this is resolved after you restart the IMA Service. Regards Nik IT Services Manager From: thin-bounce@xxxxxxxxxxxxx<mailto:thin-bounce@xxxxxxxxxxxxx> [mailto:thin-bounce@xxxxxxxxxxxxx<mailto:thin-bounce@xxxxxxxxxxxxx>] On Behalf Of IT Support Sent: 16 January 2009 08:41 To: thin@xxxxxxxxxxxxx<mailto:thin@xxxxxxxxxxxxx> Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application Hi Jim, I did this as the domain administrator - ie opening up dcomcnfg and literally expanding each node until it errored. The only error it came back with related to acrobat reader PDFShellInfo which was not recorded. Needless to say this hasn't fixed my issue. The strange thing is that these issues go away when I manually stop and start the Citrix IMA Service - until the next [daily] reboot..... Regards Nik IT Services Manager From: thin-bounce@xxxxxxxxxxxxx<mailto:thin-bounce@xxxxxxxxxxxxx> [mailto:thin-bounce@xxxxxxxxxxxxx<mailto:thin-bounce@xxxxxxxxxxxxx>] On Behalf Of Jim Kenzig http://thin.ms Sent: 15 January 2009 15:28 To: thin@xxxxxxxxxxxxx<mailto:thin@xxxxxxxxxxxxx> Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application Did you try opening dcomcnfg and click on and go through each of the components to see if any of them came up in error? It will usually fix ones it finds that are. Jim Kenzig Blog: http://www.techblink.com On Thu, Jan 15, 2009 at 10:02 AM, IT Support <it@xxxxxxxxxxxx<mailto:it@xxxxxxxxxxxx>> wrote: I implemented everything below and ran the script, but my original issue is still there every day until I restart the IMA Service. Damn! Regards Nik IT Services Manager From: thin-bounce@xxxxxxxxxxxxx<mailto:thin-bounce@xxxxxxxxxxxxx> [mailto:thin-bounce@xxxxxxxxxxxxx<mailto:thin-bounce@xxxxxxxxxxxxx>] On Behalf Of IT Support Sent: 14 January 2009 15:15 To: thin@xxxxxxxxxxxxx<mailto:thin@xxxxxxxxxxxxx> Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application Thanks very much. I've run the script + restarted the IMA service & the errors have gone. Hopefully they won't come back again.... N Nik From: thin-bounce@xxxxxxxxxxxxx<mailto:thin-bounce@xxxxxxxxxxxxx> [mailto:thin-bounce@xxxxxxxxxxxxx<mailto:thin-bounce@xxxxxxxxxxxxx>] On Behalf Of Jeremy Saunders Sent: 14 January 2009 14:28 To: thin@xxxxxxxxxxxxx<mailto:thin@xxxxxxxxxxxxx> Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application No Probs....I think there are two different versions of dcomperm.exe around. You can download my scripts including the working dcomperm.exe from here: http://www.jhouseconsulting.com/downloads/dcomperm.zip The script should be well documented for you to follow J Cheers, Jeremy. From: thin-bounce@xxxxxxxxxxxxx<mailto:thin-bounce@xxxxxxxxxxxxx> [mailto:thin-bounce@xxxxxxxxxxxxx<mailto:thin-bounce@xxxxxxxxxxxxx>] On Behalf Of IT Support Sent: Wednesday, January 14, 2009 11:01 PM To: thin@xxxxxxxxxxxxx<mailto:thin@xxxxxxxxxxxxx> Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application Thanks for this great response but I'm not following your statement about setting permissions on the CDF. Can you clarify further? I've downloaded a version of dcomperm.exe but it is "unable to run on this system". Cheers. N. Nik From: thin-bounce@xxxxxxxxxxxxx<mailto:thin-bounce@xxxxxxxxxxxxx> [mailto:thin-bounce@xxxxxxxxxxxxx<mailto:thin-bounce@xxxxxxxxxxxxx>] On Behalf Of Jeremy Saunders Sent: 13 January 2009 00:59 To: thin@xxxxxxxxxxxxx<mailto:thin@xxxxxxxxxxxxx> Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application The errors you get will be related to the COM Plus components and DCOM permissions on the CDF service. Firstly, ensure you have the COM Plus network access installed as per Citrix KB article CTX112853 Secondly, set the correct permissions on the Citrix Diagnostic Facility (CDF). I have a script that automates this as the server builds. It simply uses a utility called dcomperm.exe to give members of the "Distributed COM Users" the ability to local launch, local activate, remote launch and remote activate the DCOM objects. Thirdly, add the Citrix/Server administrators groups to the local "Distributed COM Users" group. Fourthly, if you are using Custom admins, ensure they have "view" permissions on objects such as "View My Knowledge Configuration", as this will also cause some AMC permission issues. Once you've made these changes, the DCOM errors you are seeing will be a thing of the past. Cheers, Jeremy. From: thin-bounce@xxxxxxxxxxxxx<mailto:thin-bounce@xxxxxxxxxxxxx> [mailto:thin-bounce@xxxxxxxxxxxxx<mailto:thin-bounce@xxxxxxxxxxxxx>] On Behalf Of IT Support Sent: Monday, January 12, 2009 7:18 PM To: 'thin@xxxxxxxxxxxxx<mailto:thin@xxxxxxxxxxxxx>' Subject: [THIN] Re: DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application Further to this - We are also getting the error below in the logs, and errors enumerating the Citrix Access Management Console. This seems to happen on reboot, and persists until we manually restart the IMA Service on the affected servers. Any ideas? N Event Type: Error Event Source: DCOM Event Category: None Event ID: 10006 Date: 12/01/2009 Time: 10:02:00 User: N/A Computer: CITRIX1 Description: DCOM got error "General access denied error " from the computer CITRIX2 when attempting to activate the server: {DB192ECC-CCBC-4A97-8121-B2FB89FE77C2} From: thin-bounce@xxxxxxxxxxxxx<mailto:thin-bounce@xxxxxxxxxxxxx> [mailto:thin-bounce@xxxxxxxxxxxxx<mailto:thin-bounce@xxxxxxxxxxxxx>] On Behalf Of IT Support Sent: 08 January 2009 08:34 To: 'thin@xxxxxxxxxxxxx<mailto:thin@xxxxxxxxxxxxx>' Subject: [THIN] DCOM 10016 Error - The machine-default permission settings do not grant Remote Activation permission for the COM Server application Hi All, We're getting DCOM 10016 errors every time a citrix admin users the Citrix Access Management console on all our citrix servers as below: Before I start hacking away at DCOM config permissions, does anyone know of a recommended citrix fix? Cheers. N Event Type: Error Event Source: DCOM Event Category: None Event ID: 10016 Date: 07/01/2009 Time: 12:20:09 User: DOMAIN\user.name<http://user.name> Computer: CITRIX1 Description: The machine-default permission settings do not grant Remote Activation permission for the COM Server application with CLSID {DB192ECC-CCBC-4A97-8121-B2FB89FE77C2} to the user DOMAIN\user.name<http://user.name> SID (S-1-5-21-1708537768-1844237615-1177238915-1249). This security permission can be modified using the Component Services administrative tool. BM Polyco Ltd Disclaimer This e-mail and the information it contains are confidential. If you have received this message in error please notify us immediately. You should not use or copy it for any purpose nor disclose its contents to any other party. The contents of this communication are advisory and are not binding on the Company unless supported by authorised documentation. It has also passed through the MailControl Anti-Virus service powered by BlackSpider for total peace of mind. Click here<https://www.mailcontrol.com/sr/wQw0zmjPoHdJTZGyOCrrhg==> to report this email as spam. ________________________________ Confidentiality and Privilege Notice This document is intended solely for the named addressee. The information contained in the pages is confidential and contains legally privileged information. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone, and you should destroy this message and kindly notify the sender by reply email. Confidentiality and legal privilege are not waived or lost by reason of mistaken delivery to you. ________________________________ ________________________________ Confidentiality and Privilege Notice This document is intended solely for the named addressee. The information contained in the pages is confidential and contains legally privileged information. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone, and you should destroy this message and kindly notify the sender by reply email. Confidentiality and legal privilege are not waived or lost by reason of mistaken delivery to you. ________________________________