Microsoft KB Archive/332092

= IIS 6.0: DCOM Error When You View ASP Content on IIS 6.0 Web Server =

Article ID: 332092

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Internet Information Services 6.0

-



This article was previously published under Q332092





SYMPTOMS
When you view Active Server Pages (ASP) content on an Internet Information Services (IIS) version 6.0 Web server, you may receive the following error message in the event viewer system log: Event ID:10004

Source: DCOM

Description: DCOM got error &quot;The operation completed successfully.&quot; and was unable to logon.\IWAM_ComputerName in order to run the server.

{77FBCBE1-FA6A-475D-8387-9FEF4E12E398}



CAUSE
This can occur if both of the following conditions are met:
 * The IWAM_ComputerName user account does not have the &quot;Logon as a batch job&quot; user right.
 * You have set the World Wide Web Publishing Service to run in IIS 5.0 isolation mode.

Important By default, this user right is granted to the IWAM_ComputerName account through membership in the IIS_WPG group.



RESOLUTION
To resolve this issue, grant the &quot;Logon as a batch job&quot; right to the IWAM_ComputerName account by adding it to the IIS_WPG group. To do this, follow these steps:
 * 1) On the Administrative Tools menu, expand Local Security Policy.
 * 2) Expand Local Policies, and then click User Rights Assignment.
 * 3) Double-click Deny log on as a batch job.
 * 4) If the IWAM_ComputerName account or the IIS_WPG group is listed, select the account or group, and then click Remove.
 * 5) Double-click Log on as a batch job.
 * 6) If IIS_WPG is not listed, click Add User or Group, and then type IIS_WPG.
 * 7) Click OK to close all dialog boxes.
 * 8) On the Administrative Tools menu, click Computer Management.
 * 9) Expand Local Users and Groups.
 * 10) Click Groups.
 * 11) If the IWAM_ComputerName account is not listed, add it to the group.

Note If domain-level policy settings are defined, they override local policy settings. Make sure that Effective Policy is also selected (this setting is dimmed). Contact your domain administrator if this setting is not selected.



MORE INFORMATION
Batch logon is required for the identities that are launching COM+ applications. When a COM+ application is run, before it starts the server process, the Service Control Manager calls the LogonUser API by using a batch-type logon. This only works if the user who is being logged on is granted the &quot;Log on as a batch job&quot; right.

COM+ adds the user to the &quot;Log on as a batch job&quot; right automatically when you enter a new account for the identity of a COM+ application through the Component Services Management Console.

