Microsoft KB Archive/933994

= The COM+ Event System service and the Shell Hardware Detection service do not start successfully on a Windows Server 2003-based computer =

Article ID: 933994

Article Last Modified on 10/11/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Web Edition
 * Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
 * Microsoft Windows Server 2003, Datacenter x64 Edition
 * Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft Windows Server 2003, Standard x64 Edition

-



Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



SYMPTOMS
You experience the following symptoms on a Microsoft Windows Server 2003-based computer:  The Microsoft COM+ Event System service does not start successfully. In this scenario, the service stops responding (hangs). Additionally, the Services Microsoft Management Console (MMC) snap-in reports a status of Starting. The Shell Hardware Detection service does not start successfully. In this scenario, the service stops responding (hangs). Additionally, the Services Microsoft Management Console (MMC) snap-in reports a status of Starting. Other dependent services do not start. If you click the Dependencies tab in the  Properties (Local Computer) dialog box of one of the affected services, you receive the following error message:

Win32: RPC server is unavailable.

 The Network Connections dialog box is blank. In this scenario, no Local Area Connection icon appears when you open the Network Connections dialog box. If you open the Component Services dialog box (Dcomcnfg.exe), you experience the following symptoms:  When you expand Component Services and then you expand Computers, a red down arrow appears over the My Computer icon. If you right-click My Computer and then you click Properties, the Enable Distributed COM on this computer check box is not selected on the Default Properties tab.</li></ul> </li></ul>

<div class="resolution_section">

RESOLUTION
To troubleshoot this problem, follow these steps.

Step 1: Install the latest COM+ rollup package
Obtain the latest COM+ hotfix rollup package. For more information about how to obtain the latest COM+ hotfix rollup package, click the following article number to view the article in the Microsoft Knowledge Base:

896729 Availability of Windows Server 2003 Post-Service Pack 1 COM+ Hotfix Rollup Package 5

Step 2: Examine the &quot;Impersonate a client after authentication&quot; policy settings
View the Impersonate a client after authentication policy settings. In this policy, the following accounts must appear on the Local Security Setting tab:
 * SERVICE
 * IIS_
 * NETWORK
 * Administrators

To view this policy, follow these steps:
 * 1) Click Start, click Run, type gpedit.msc, and then click OK.
 * 2) In the Group Policy Object Editor window, expand Computer Configuration, expand Windows Settings, and then expand Security Settings.
 * 3) Expand Local Policies, and then click User Rights Assignment.
 * 4) In the details pane, double-click Impersonate a client after authentication.
 * 5) Determine whether the appropriate accounts are listed on the Local Security Setting tab.

You can use the Resultant Set of Policy (RSoP) Microsoft Management Console (MMC) snap-in to view the effective policy settings for the Impersonate a client after authentication policy. To do this, follow these steps:
 * 1) Click Start, click Run, type rsop.msc, and then click OK.
 * 2) In the Resultant Set of Policy window, expand Computer Configuration, expand Windows Settings, and then expand Security Settings.
 * 3) Expand Local Policies, and then click User Rights Assignment.
 * 4) In the details pane, view the value in the Computer Setting column for the Impersonate a client after authentication policy.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

323276 How to install and use RSoP in Windows Server 2003

Step 3: Remove the EventSystem registry subkey
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Back up the following registry subkey:

Remove this registry subkey, and then restart the computer.

To do this, follow these steps: <ol> Click Start, click Run, type regedit, and then click OK.</li> Locate and then click the following registry subkey:

 

</li> On the File menu, click Export, type Exported EventSystem Key in the File name box, and then click Save.</li> Right-click EventSystem, click Delete, and then click Yes to confirm that you want to remove this registry subkey.</li> Restart the computer.</li> Log on the computer.</li> Click Start, click Run, type regsvr32.exe es.dll, and then click OK.</li> Restart the computer.</li> Examine the list of running services to verify that the following two services start successfully: <ul> COM+ Event System</li> Shell Hardware Detection</li></ul> </li></ol>

Keywords: kberrmsg kbtshoot kbprb KB933994

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.