Exchangemaster GmbH company logo

Exchangemaster GmbH - A Swiss IT Consultancy
Services
References
Partners
Contact
Getting Started
FAQs
Presentations
Articles
Community
Search
Popular
Tell-a-Friend
Follow Me

Follow exchangemaster on Twitter

Who's Online
We have 85 guests online
Syndicate
FAQ 000115 - DCOM was unable to communicate with the computer using any of the configured protocols PDF Print E-mail
User Rating: / 155
PoorBest 
Written by Dejan Foro   
May 27, 2013 at 04:12 PM

This article applies to:

Windows 2008 R2

Excahnge 2010 SP3

 

PROBLEM

On an Exchange Server the folllowing error occurs in the System Event log:

 

Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Date:          5/23/2013 10:56:10 AM
Event ID:      10009
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      EXCHANGE01.exchangemasterslab.net
Description:
DCOM was unable to communicate with the computer EXCHANGE02.exchangemasterslab.net using any of the configured protocols.

 

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
    <EventID Qualifiers="49152">10009</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-05-23T08:56:10.000000000Z" />
    <EventRecordID>3437</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>EXCHANGE01.exchangemasterslab.net</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">EXCHANGE02.exchangemasterslab.net</Data>
    <Binary>3C5265636F726423313A20436F6D70757465723D286E756C6C293B5069643D3733323B352F32332F3230313320383A35363A31303A3935323B5374617475733D313832353B47656E636F6D703D323B4465746C6F633D313436313B466C6167733D303B506172616D733D303B3E3C5265636F726423323A20436F6D70757465723D286E756C6C293B5069643D3733323B352F32332F3230313320383A35363A31303A3935323B5374617475733D313832353B47656E636F6D703D323B4465746C6F633D3135333B466C6167733D303B506172616D733D343B7B506172616D23303A2D323134363839333030367D7B506172616D23313A347D7B506172616D23323A36383132367D7B506172616D23333A317D3E</Binary>
  </EventData>
</Event>

CAUSE

This is normally caused by failing NTLM authentication.

 

This can occur if an option is set in the Domain Controller Group Policy to deny NTLM Authentication requests.  

The option is found in the  Domain Controller Group Policy under

  Policies

    Windows Settings

       Security Settings

         Local Policies

             Security Options

                 Network Security:Restrict NTLM:NTLM Authentication in this domain - Deny all

 

 

If you look in the Event Viewer on the domain controller under Application and Services log / Micrososft / Windowss / NTLM / Operational you will see log entries similar to following

 

Log Name:      Microsoft-Windows-NTLM/Operational
Source:        Microsoft-Windows-Security-Netlogon
Date:          5/23/2013 10:23:54 AM
Event ID:      4004
Task Category: Blocking NTLM
Level:         Warning
Keywords:     
User:          SYSTEM
Computer:      DC01.exchangemasterslab.net
Description:
Domain Controller Blocked: NTLM authentication to this domain controller is blocked.
Secure Channel name: EXCHANGE02
User name: EXCHANGE01$
Domain name: LAB
Workstation name: EXCHANGE01
Secure Channel type: 2

NTLM authentication within the domain LAB is blocked.

SOLUTION

 

Setting this Option to Disable will remove the restriction and things will begin to work normally.

Do not forget to run gpupdate on the servers if you want the change to be applied immediately.

 

 

 

<Previous   Next>