Tagline: Fix your SharePoint DCOM issues with a single click !
The dreaded DCOM error (10016, DistributedCOM, Local Activation, IIS WAMREG admin Service) has seen the light ever since SharePoint 2007. It carried over to SharePoint 2010 and now it seems to SharePoint 2013 as well.
Fixing it wasn’t all that hard. You had to identifiy the DCOM app based on the GUID, identify the user(s) affected and then modify the Local Activation permissions accordingly.
Windows Server 2008 R2 and higher made that a bit harder. You first have to set the permissions of the DCOM app in the registry, but that requires changing the owner, granting permissions on the registry key, granting local activation, and then undoing your permission and owner change on the registry key (keep things tidy, you know).
Quite some manual steps to take so I decided to automate them.
At first I decided to PowerShell it, but I’m not a PoSH hero and decided to use some ready available tools, along with a bit of batch scripting.
The two tools required are:
This tool is provided as sample source code by Microsoft, but I’ve included a compiled version in the download. It takes various parameters to list, set or remove permissions on various DCOM objects.
This tool allows you to run a process from different credentials, including TrustedInstaller which will make our life a lot easier.
» Link: DevxExec
This tool eliminates the need to change the permissions in the registry, since our TrustedInstaller account already has them and we’re impersonating that account!
Putting it together
I have two scripts using the dcomperm tool; one for displaying the current permissions, one for setting the permissions. Note that the APPID and USER (can be user or group) in both files are currently configured for the IIS WAMREG admin Service and the IIS_IUSRS builtin group. You can change these if you want.
dcomperm -al %appid% list
dcomperm -al %appid% set %user% permit level:la
Then I have a corresponding batch file that will run each in elevated mode as TrustedInstaller using devxexec.
devxexec /user:TrustedInstaller get_dcom_perms.cmd
The outcome is that we can just run the run_set_elevated script, which will impersonate the TrustedInstaller account and grant local activation permissions to our IIS_IUSRS group for the DCOM app.
SharePoint Conference 2012 really is a mental overload. Just the scale of the Conference itself is enormous (me being a first time SPC attendee), let alone the impressions that Las Vegas adds to that.
The keynote was the marketing machine at its best. I don’t mean that as a bad thing. It was really well-prepared and got everyone excited about the product and conference.
Then there are all those sessions for developers, IT professionals and business. There are so many sessions that overlap that you have to make some hard choices. Luckily most of the sessions are recorded and made available afterwards.
Yesterday was the big outdoor event on Mandalay Beach with Jon Bon Jovi and the Suburban Kings performing. Being not much of a fan I didn’t get excited about it, but I went anyway and enjoyed the vibe, catering and conversations with other attendees.
The ending fireworks were a real blast
The meetup with fellow Belgian attendees was real fun. Got to meet new and familiar faces.
Finally, I took both SharePoint 2013 beta exams. They put a real focus on Office 365 which is not my real area of expertise. But I’ll have to wait for a few more weeks to know the result. We’ll see