I would recommend that you search the registry for the following
{8BC3F05E-D86B-11D0-A075-00C04FB68820} that should the the CSlid that will lead
you to the object DCOM that needs to be enabled or have additional permissions
added to it. I have run into this in the past.Also this might be of some help: http://social.technet.microsoft.com/Forums/en-US/0d8335f6-99a2-4f88-b8e2-b63520d4e861/event-10006?forum=smallbusinessserver Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> Work:401-255-2497 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: [email protected] [mailto:[email protected]] On Behalf Of Miller Bonnie L. Sent: Thursday, February 06, 2014 1:28 PM To: [email protected] Subject: RE: [NTSysADM] DCOM If I had to guess, I would think there is some kind of network discovery mechanism enabled on that server within that application. We see these types of Dcom messages all the time on our main SCCM 2012 primary site server when discovery runs and the machines on the other end are turned off. -Bonnie From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jesse Rink Sent: Wednesday, February 05, 2014 8:03 AM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] DCOM I admit little experience with DCOM. Here's my situation. I have a W2008R2 server running Backup Exec Media Server (2012) and nothing else except the standard HP Agent Software that's loaded on it. No roles associated with it except an MS iSCSI Target. Oddly enough, I am getting countless DCOM errors showing up in the servers System Log. Event id 10006, source is DistributedCOM. The messages are "DCOM got error "2147944122" from computer (computer-name here) when attempting to activate the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820} I believe the error is because the machines are turned off, however, **my BIGGER interest is WHY** this server, which only serves as a backup server, is attempting to contact PCs using DCOM. It happens only once a day, and seems to occur between 10:30am and 12:30pm most of the time. I just don't understand what application or process is doing this and WHY. These DCOM errors have been showing in the SYSTEM log, once per day (well, once per attempt of EACH computer, once per day) for over 12 months... so it's definitely not anything new. I'm just finally getting around to looking into it. I'm thinking about setting up a wireshark capture during that time period, but wireshark captures tend to get really BIG and I don't know what to filter on for DCOM. Thoughts?
<<inline: image001.jpg>>
