M
Max
I have set up a Windows 2003 PKI environment with a stand-alone Root
CA and Policy CA, and a subordinate Enterprise CA as the Issuing CA -
all on Windows 2003 Enterprise Edition Server with all current Windows
Updates. I am a local administrator when doing all
intall/configuration for the Root and Policy CAs and am Enterprise
Admin, Domain Admin, and local Admin for all install/config for the
Issuing CA.
After the install, although everything seems to be functioning
properly, I have consistent DCOM errors in the System logs on all
three servers that occurred during the install.
Here are two errors:
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10002
Date: 11/8/2004
Time: 5:27:34 PM
User: XXXXXXX\xxxx
Computer: XXXXXXX
Description:
Access denied attempting to launch a DCOM Server. The server is:
{D99E6E74-FC88-11D0-B498-00A0C90312F3}
The user is xxxx/xxxxxxx,
SID=x-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxxx.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10002
Date: 11/8/2004
Time: 5:27:35 PM
User: XXXXXXX\xxxx
Computer: XXXXXXX
Description:
Access denied attempting to launch a DCOM Server. The server is:
{D99E6E73-FC88-11D0-B498-00A0C90312F3}
The user is xxxx/xxxxxxx,
SID=x-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxxx.
Additionally, I continue to receive errors when I do any CA tasks,
such as stopping and starting the Certificate Service. Although
everything seems to work, I continue to get these errors.
When I check the registry for permissions on these keys,
administrators have full control and users have read
(D99E6E73-FC88-11D0-B498-00A0C90312F3 is under CLSID under
CertSrv.Admin and D99E6E74-FC88-11D0-B498-00A0C90312F3 is under CLSID
under CertSrv.Request).
When I look at the DCOM ACLs in dcomcnfg.exe under Console Root >
Component
Services > Computers > My Computer > CertSrv Request the permissions
are as follows:
Launch Permissions: Customize – no security defined
Access Permissions: Customize – Everyone Allow
Configuration Permissions – Administrators – Full Control; CREATOR
OWNER Full Control Special; Power Users Special; System Full Control;
Users Read, Special
Both the registry and DCOM permissions should be the default.
Can anyone tell me why I'm experiencing all of these errors or what
additional steps I can take to figure out their cause?
Thanks!
CA and Policy CA, and a subordinate Enterprise CA as the Issuing CA -
all on Windows 2003 Enterprise Edition Server with all current Windows
Updates. I am a local administrator when doing all
intall/configuration for the Root and Policy CAs and am Enterprise
Admin, Domain Admin, and local Admin for all install/config for the
Issuing CA.
After the install, although everything seems to be functioning
properly, I have consistent DCOM errors in the System logs on all
three servers that occurred during the install.
Here are two errors:
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10002
Date: 11/8/2004
Time: 5:27:34 PM
User: XXXXXXX\xxxx
Computer: XXXXXXX
Description:
Access denied attempting to launch a DCOM Server. The server is:
{D99E6E74-FC88-11D0-B498-00A0C90312F3}
The user is xxxx/xxxxxxx,
SID=x-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxxx.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10002
Date: 11/8/2004
Time: 5:27:35 PM
User: XXXXXXX\xxxx
Computer: XXXXXXX
Description:
Access denied attempting to launch a DCOM Server. The server is:
{D99E6E73-FC88-11D0-B498-00A0C90312F3}
The user is xxxx/xxxxxxx,
SID=x-x-x-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxxx.
Additionally, I continue to receive errors when I do any CA tasks,
such as stopping and starting the Certificate Service. Although
everything seems to work, I continue to get these errors.
When I check the registry for permissions on these keys,
administrators have full control and users have read
(D99E6E73-FC88-11D0-B498-00A0C90312F3 is under CLSID under
CertSrv.Admin and D99E6E74-FC88-11D0-B498-00A0C90312F3 is under CLSID
under CertSrv.Request).
When I look at the DCOM ACLs in dcomcnfg.exe under Console Root >
Component
Services > Computers > My Computer > CertSrv Request the permissions
are as follows:
Launch Permissions: Customize – no security defined
Access Permissions: Customize – Everyone Allow
Configuration Permissions – Administrators – Full Control; CREATOR
OWNER Full Control Special; Power Users Special; System Full Control;
Users Read, Special
Both the registry and DCOM permissions should be the default.
Can anyone tell me why I'm experiencing all of these errors or what
additional steps I can take to figure out their cause?
Thanks!