Category: Microsoft

DCOM Event ID 10016 : Removable Storage Service

HP Dataprotector requires that the Removable Storage Service be disabled on each fibre attached host in order to stop Network Storage Routers being flooded, and interruption of Dataprotector activities.

By disabling this service you will find that the following event is logged on each host under the system event log every time a backup is run:

Event Type:    Error
Event Source:    DCOM
Event Category:    None
Event ID:    10016
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 to the user ECOMMERCE\svc_dpagent SID (S-1-5-21-2426429480-712720545-947854963-1642).  This security permission can be modified using the Component Services administrative tool.

In order to resolve this issue perform the following steps:

1. Start > Run > dcomcnfg 
2. Expand Component Services > Computers > My Computer >DCOM Config
3. Locate the ‘Removable Storage Manage’ object, right-click and select properties
4. Select the location tab and uncheck the ‘Run application on this computer‘ box.
5. Now backup and delete the following registery keys:
   1. LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D61A27C6-8F53-11D0-BFA0-00A024151983}
   2. LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{D61A27C1-8F53-11D0-BFA0-00A024151983}
6. Finally reboot the affected host.

Dataprotector : Not a valid mount point => aborting.

I recently came across the following error when setting up a new DP backup for a Windows Server 2003 x64 R2 SP2 cluster:

  Volume Shadow Copy functionality could not be initialized.
  Fallback to legacy filesystem backup was not allowed. Aborting the backup.
  Not a valid mount point => aborting.

I was also presented with the followingerror in the Application event log on the server:

  Event Type:    Error
  Event Source:    VSS
  Event Category:    None
  Event ID:    11
  Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005]

On investigation I installed the KB940349 VSS update (http://support.microsoft.com/kb/940349), after rebooting each host, VSS backup functionality was restored.

Windows Server 2003 : Clustering MSMQ Client

On Windows Server 2003 x64 it is possible to cluster the MSMQ Independent client (first you must MSMQ core via Add/Remove Programs).

Once complete you will be able to create an MSMQ resource under a cluster group, this will require the following dependencies:

• Network Name Resource
• Physical Disk Resource

You will also need to configure permissions on the Network Name resource to Create/Delete MSMQ Configuration Objects otherwise you will be presented witht he following error in the application event log:

Event Type:    Error
Event Source:    MSMQ Cluster Resource DLL
Event ID:    2011
Message Queuing objects cannot be created in Active Directory (Error: 0xc00e0040). Please verify your permissions and network connectivity.

This can be achieved by modifying the DACL of the Network Name resource in Active Directory.

It is important to note that when clustering MSMQ you cannot use a volume that is assigned a mount point, if you use a mount point the MSMQ configuration will become invalid. This can be checked under the following registry key; HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSMQ\Clustered QMs\MSMQ$[Resource Name]\Parameters\MsmqRootPath You will also get the following event in the application event log:

Event Type:    Error
Event Source:    MSMQ$MSMQ2
Event ID:    2096
The Message Queuing folder cannot be created.

You can configure multiple MSMQ resources on a Windows cluster, each should have its own physical disk and network name.

Windows 2003 :  HP c-Class evbda.sys BSOD

When installing Windows Server 2003 x64 on a HP c-Class Blade you may experience a BSOD with the error code:  IRQ_NOT_LESS_OR_EQUAL / 0x0000000A / evbda.sys

This issue is caused by the HP NC532i Dual Port 10GbE Multifunction BL-c Adapter driver that has a known issue which causes a BSOD on servers with 16+ cores. The new driver is available here. We must integrate this driver into the Windows setup process as this BSOD occurs before the PSP is installed.

If you are using HP RDP then this process is simple; download the new 10Gbe driver from HP and extract its entire contents to the following folder on the Altiris server:
eXpress Directory\Deployment Server\lib\osoem\proliant.zzz\w52.64\$oem$\$1\drivers\net

The driver located in this folder are used during Windows setup, as a result this will resolve the BSOD error.

Alternatively, disable some of the cores to boot your server and install the updated driver. You’ll then be able to boot to Windows with all cores enabled.

Checkpoint Secure Client : RPC Failures / Filter Rejected Issues

WMI/RPC calls from Windows Server 2003 SP1 / SP2 servers to client running Checkpoint Secure Client R60 (pre-HFA02) may experience unexpected shutdowns/restarts. When viewing theSecure Client firewall log you will see that RPC traffic is being dropped by rule 995, even though it may be explicitly allowed by another rule.

WMI query errors may report: Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))

This is a known issue caused by the ‘Server2003NegotiateDisable‘ option that is enabled by default upon installation of Windows Server 2003 SP1 or newer – http://support.microsoft.com/kb/899148. There are two potential solutions – a quick fix, and a ‘proper’ fix. I’ll cover the quick fix first.

The quick-fix

   Download and install the hotfix available from the above MS knowledgebase article – this should be installed on the server affected by this issue.

   Once installed, create a new DWORD registry key on the server, setting the value to 1: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Rpc\Server2003NegotiateDisable

   Reboot the server, the RPC calls will now fuction as expected to devices with non-RPC compliant VPN clients.

The ‘proper’ fix

   Initally, you can perform the above. This will get RPC working with the non-RPC compliant VPN clients.

   You should then proceed to update all of the SecureClient installs to at least version R60 HFA02, when this is complete set the registry key to 0 on the server and reboot once again.

   An updated version of the client is easily obtainable form the Checkpoint Website.

   For further information from Checkpoint see the following URL: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk31818

VBScript : ADODB Provider Could Not Be Found / Re-install MDAC

You may encounter ADODB errors when running a VBscript containing WMI calls on computers running  Windows XP Service Pack 2 or 3.

ADODB  is a part of the Microsoft Data Access Components (MDAC). You can download MDAC form here, but wait…!

If you are running Service Pack 2 or newer you will find that you are unable to re-install this version of MDAC,as the version included with the service pack is newer.So, in order to perform this task you will require a Windows XP CD with your current Service Pack slip-streamed into it, although files should be available under %systemroot%\windows\servicepackfiles\i386.

With the Windows XP CD inserted / files available perform the following tasks:

• Browse to c:\Windows\Inf folderin Windows Explorer
• Right-click the Mdac.inf file, and then click Install. 
• When prompted point the installer to your Windows XP CD, if the files are unavailable form this location use the Service Pack source files under %systemroot%\windows\servicepackfiles\i386

A special consideration, if running McAfee VirusScan Enterprise, ensure you disable the Access Protection component for this process, it will cause the installation of MDAC to fail.

Windows Firewqall : View Current State

Use the following command the view the status of the windows firewall, including whether ‘Remote Administration’ is enabled and the active Profile.

c:\>netsh firewall show state

Firewall status:
——————————————————————-
Profile                           = Domain
Operational mode                  = Enable
Exception mode                    = Enable
Multicast/broadcast response mode = Enable
Notification mode                 = Enable
Group policy version              = Windows Firewall
Remote admin mode                 = Enable

To forcibly enable Remote Admin mode, use the following commands:

call netsh firewall set service RemoteAdmin enable
call netsh firewall add portopening protocol=tcp port=135 name=DCOM_TCP135
call netsh firewall add allowedprogram program=%windir%\system32\wbem\unsecapp.exe name=WMI
call netsh firewall add allowedprogram program=%windir%\system32\dllhost.exe name=Dllhost