共用方式為

How to troubleshoot DCOM 10009 error logged in system event?

  • 發行項

Symptom:

 

Sometimes, we may see below DCOM 10009 errors in our system event, or we may receive the exception code 0x800706ba in our DCOM client application:

Event Type: Error
Event Source: DCOM|
Event Category: None
Event ID: 10009
Date: 2010-2-22
Time: 10:02:07
User: N/A
Computer: <Computer Name>
Description:
DCOM was unable to communicate with the computer <Target Computer Name> using any of the configured protocols.

Simply speaking, DCOM 10009 indicates that the DCOM client located on this <Computer Name> can’t communicate with the DCOM|COM+ server located on that <Target Computer Name>.

How this happens:

 

When a client calls CoGetClassObject or CoCreateInstance (CreateObject or new in VB) to activate a component, the COM runtime contacts its local SCM COM activator (RPCSS service) in order to launch the corresponding COM server that will host the desired component.

 

If the component is remote, the local RPCSS service will forward the request to the RPCSS service of the remote machine.

 

However, if the RPCSS service of remote target server is not available, DCOM 10009 will be logged locally to notify administrator. The typical call stack is as follows:
ChildEBP RetAddr

006df364 757f8b72 ADVAPI32!ReportEventW-> then DCOM 10009 is logged.

006df3a0 757f6542 rpcss!LogRemoteSideUnavailable+0x63 ->here we don’t found the server.

006df40c 757f6781 rpcss!CRemoteMachine::Activate+0x294

006df648 757f6861 rpcss!RemoteActivationCall+0xf2

006df664 757edb5c rpcss!ActivateRemote+0x8e

006df6c0 757d629c rpcss!Activation+0x343

006df718 757d7680 rpcss!ActivateFromProperties+0x1c2

006df724 757d76c0 rpcss!CScmActivator::CreateInstance+0xd

Why this happens:

 

Totally speaking, the reason why DCOM 10009 is logged is that: local RPCSS service can’t reach the remote RPCSS service of remote target server. There are many possibilities which can cause this issue.

  • Scenario 1:
     The remote target server happens to be offline for a short time, for example, just for maintenance.
  • Scenario 2:
    Both servers are online. However, there RPC communication issue exists between these two servers, for example: server name resolvation failure, port resources for RPC communication exhaustion, firewall configuration.
  • Scenario 3:

Even though the TCP connection to remote server has no any problem, but if the communication of RPC authentication gets problem, we may get the error status code like 0x80070721 which means “A security package specific error occurred” during the communication of RPC authentication, DCOM 10009 will also be logged on the client side.

  • Scenario 4:

The target DCOM |COM+ service failed to be activated due to permission issue. Under this kind of situation, DCOM 10027 will be logged on the server side at the same time.

 

How to troubleshoot:

 

As I mentioned above, there are many possibilities which can cause DCOM 10009 being logged. Some scenarios are normal while others are abnormal. We should deal with the DCOM 10009 in different ways.

  • · For scenario 1
    if DCOM 10009 is logged during the period of maintenance of remote target server, it’s an expected behaviour because the remote target server is offline. We can verify it by ping <remote server>
  • · For Scenario 2
    If the remote target server is online while DCOM 10009 is still logged, then we can perform below tests:

1) Ping <remote server> & IP Address of remote server to make sure network traffic is fine.

2) Telnet <remote server> 135 to make sure the Port 135 is not blocked by firewall.

3) If we have configured dynamic port for RPC communication, we can check what status the port resources are on both servers using below command:

netstat –anb

if all dynamic ports are used , or only few left, you can consider expanding the dynamic port.

How to configure RPC dynamic port allocation to work with firewalls

https://support.microsoft.com/?id=154596

DCOM port range configuration problems

https://support.microsoft.com/kb/217351/en-us

4) If all above tests are fine, we can use DTCPing tool to verify if the DCOM communication between two servers is fine.

How to troubleshoot connectivity issues in MS DTC by using the DTCPing tool
https://support.microsoft.com/kb/918331/en-us

Note: DTCPing tool is not specific for troubleshooting MSDTC issue, it can be used to troubleshooting all DCOM communication issues.

    • For scenario 3:
      Need capture more resources like Network traffic, or even iDNA trace to further investigate how this failure happens. 
    • For scenario 4:

Grant the specific account mentioned in DCOM event 10027 with corresponding permission through “Component Services MMC”

 

References:

FIX: You cannot obtain detailed error information about DCOM 10009 errors in Windows Server 2003
https://support.microsoft.com/kb/910695

Winston from APGC DSI Team

Comments

  • Anonymous
    April 29, 2011
    Awesome Article .....Thanks for sharing this and in such a gud language ,Keep posting

  • Anonymous
    August 15, 2011
    My event is logged because we removed the server from our rack. How do I stop this event from logging?

  • Anonymous
    August 22, 2011
    you need to find out the process who is always trying to send out DCOM request where the target server doesn't exists any more, and stop it. This could be implemented by the configuration of that application, I think.

  • Anonymous
    June 05, 2012
    We have these DCOM 10009 Events filling up event logs after removing a server from the network. What we did was added another server by the same name. Expectation is that the new server (with same name as old) should be looked up.But we continue to get the events. So how should I be fixing this error? I guess I'll need to find the application that seems to be making calls to the non-existant server name.

  • Anonymous
    June 05, 2012
    Aamer, right. You need to find out which application raised the call on this machine. You can check with application team, or run Network Monitor and Process Monitor, look at which process keeps sending failured RPC requests.

  • Anonymous
    April 03, 2013
    All my DCOM error messages are coming from Non-windows machines, anyone have this problem: All events are logged on the domain controller:

  • Anonymous
    April 15, 2013
    To Brian:It could be caused that there is a kind of monitoring tool which scans those unreachable machines among this domain. you need to capture network traffic when the issue happens for further clarification, or TTT trace for deep analysis if needed to find out which process is sending out such DCOM request.

  • Anonymous
    June 12, 2013
    Many thanks for sharing knowledge in down to earth explanation!!

  • Anonymous
    July 03, 2013
    The comment has been removed

  • Anonymous
    August 12, 2013
    great post

  • Anonymous
    September 27, 2013
    The comment has been removed

  • Anonymous
    January 09, 2014
    The comment has been removed

  • Anonymous
    May 12, 2014
    سلام شارژ اینترنت پر سرعت من که از "آسیاتک‏"‏ دفتر شعبه آمل آدرس جدید میدان ۱۷ شهریور تغدیه می شود تمام شده و حالا که برای ورود به سیستم AsiaTech QuickTask اقدام کردم ارور زیر دریافت کردم:Important server errorبروز خطا در سیستم لطفا پس از کنترل اطلاعات مجددا سعی کنیدThere is a problem with the resource you are looking for, and it cannot be displayed.آدرس صفحه حاوی ارور:111.asiatech.ir/.../quicktask_main_page.asp

  • Anonymous
    May 12, 2014
    Why my Translate Microsoft don't exist in all blogs msdn?

  • Anonymous
    July 11, 2014
    Hi,I am getting this event but the server it's trying to communicate with does not exit on the network anymore, and I also don't know why is it trying to communicate with it.any ideas?

  • Anonymous
    July 15, 2014
    The comment has been removed

  • Anonymous
    December 08, 2014
    <a href='www.1544.ir'>پنل کاربری آسیاتک</a>

  • Anonymous
    June 25, 2015
    The comment has been removed

  • Anonymous
    August 02, 2015
    Hello guys, I have a same issue "DCOM was unable to communicate with the computer "Computer_name" using any of the configured protocol" I'm working on a Citrix XenApp 6.5 farm application. Anyone experiencing the same issue, please help :), all services needed is up and running, i know its more of a Citrix issue but just to share and seek some help.

  • Anonymous
    December 17, 2015
    I have a DCOM problem and the event code is 10016. What does the code mean and how to troubleshoot the problem?

  • Anonymous
    July 01, 2016
    Hello all, i was having this error - DCOM trying to contact a non-existent server - more specifically, a server that i used temporarily for a swing migration of SBS.I couldn't find the server name anywhere in the registry or otherwise - that is until i stumbled upon it in "Active Directory Certificate Services" > "Issued Certificates". I revoked the certifiacate and the error is gone.