Microsoft KB Archive/892500

= Programs that use DCOM do not work correctly after you install Microsoft Windows Server 2003 Service Pack 1 =

Article ID: 892500

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows Server 2003 Service Pack 1

-



Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SYMPTOMS
After you install Microsoft Windows Server 2003 Service Pack 1 (SP1), programs that use DCOM do not work correctly. For example, if the server that you installed Windows Server 2003 SP1 on is also a backup server, Veritas Backup Exec 8.6 stops and cannot run backup tasks.



CAUSE
This issue occurs because the default Component Object Model (COM) permissions are changed in Windows Server 2003 SP1. The new COM permissions restrict remote calls that are not authenticated. The COM program may work locally, but the remote calls that are not authenticated fail. By default, only members of the Administrators group have the Remote Activation permission and the Launch permissions. This change prevents user accounts that do not belong to the Administrators group from starting COM components.



RESOLUTION
Before you follow the steps in this section that describe how to resolve this issue, you must first confirm that you are experiencing this permissions issue.

Confirm that you are experiencing this permissions issue
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

You can confirm that you are experiencing this permissions issue by turning on DCOM error logging. You can enable error logging by changing the registry and then restarting the DCOM process that you want to examine. The DCOM process that you want to examine determines whether you have to restart the computer. To turn on DCOM error logging, follow these steps:
 * 1) Click Start, click Run, type regedit, and then click OK.
 * 2) Locate the   registry subkey.
 * 3) Right-click the Ole value, point to New, and then click DWORD Value.
 * 4) Type ActivationFailureLoggingLevel, and then press ENTER. Double-click ActivationFailureLoggingLevel, type 1 in the Value data box, and then click OK.
 * 5) Right-click the Ole value, point to New, and then click DWORD Value.
 * 6) Type CallFailureLoggingLevel, and then press ENTER. Double-click CallFailureLoggingLevel, type 1 in the Value data box, and then click OK.
 * 7) Restart the DCOM program, and then examine the System log and the Application log for DCOM errors.

The error messages in the event log contain information that you can use to help resolve the permissions issue.

You can turn off DCOM error logging by changing the ActivationFailureLoggingLevel value and the CallFailureLoggingLevel value to zero.

Resolve the permissions issue
If you confirm that you are experiencing this permissions issue, resolve the permissions issue by following these steps:
 * 1) Click Start, point to Administrative Tools, and then click Component Services.
 * 2) Expand the Component Services\Computers container.
 * 3) Right-click My Computer, and then click Properties.
 * 4) On the COM Security tab, click Edit Limits in the Launch and Activation Permissions area or in the Remote Activation area. The area depends on where the issue occurs.
 * 5) Click the account that is specified in the event log error, and then click Allow for the Remote Access permissions or for the Remote Launch and Remote Activation permissions.
 * 6) Click OK two times to accept the changes. Then, try to use the program that uses DCOM.



STATUS
This behavior is by design.



MORE INFORMATION
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

For information about how to contact Veritas, click the appropriate article number in the following list to view the article in the Microsoft Knowledge Base:

65416 Hardware and software vendor contact information, A-K

60781 Hardware and software vendor contact information, L-P

60782 Hardware and software vendor contact information, Q-Z

Additional query words: kbASDDT

Keywords: kbdcom kbcomservices kbcominterop kbclientprotocols kbclient kbinterop kbtshoot KB892500

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.