Fixing SharePoint DCOM errors the easy way


November 29, 2012 - 13:23, by Steven Van de Craen - 2 Comments

Tagline: Fix your SharePoint DCOM issues with a single click !
Update 8/05/2014: Scripts were revised to work with Windows Server 2008 R2 and Windows Server 2012 with User Account Control enabled.
Revised post: Fixing SharePoint DCOM errors the easy way - revised
Direct download: DCOMFIX-revised.zip

Problem

The dreaded DCOM error (10016, DistributedCOM, Local Activation, IIS WAMREG admin Service) has seen the light ever since SharePoint 2007. It carried over to SharePoint 2010 and now it seems to SharePoint 2013 as well.

image

Fixing it wasn’t all that hard. You had to identifiy the DCOM app based on the GUID, identify the user(s) affected and then modify the Local Activation permissions accordingly.

Windows Server 2008 R2 and higher made that a bit harder. You first have to set the permissions of the DCOM app in the registry, but that requires changing the owner, granting permissions on the registry key, granting local activation, and then undoing your permission and owner change on the registry key (keep things tidy, you know).

image

Automation

Quite some manual steps to take so I decided to automate them.

At first I decided to PowerShell it, but I’m not a PoSH hero and decided to use some ready available tools, along with a bit of batch scripting.

The two tools required are:

DComPerm

This tool is provided as sample source code by Microsoft, but I’ve included a compiled version in the download. It takes various parameters to list, set or remove permissions on various DCOM objects.

DevxExec

This tool allows you to run a process from different credentials, including TrustedInstaller which will make our life a lot easier.

» Link: DevxExec

image

This tool eliminates the need to change the permissions in the registry, since our TrustedInstaller account already has them and we’re impersonating that account!

Putting it together

I have two scripts using the dcomperm tool; one for displaying the current permissions, one for setting the permissions. Note that the APPID and USER (can be user or group) in both files are currently configured for the IIS WAMREG admin Service and the IIS_IUSRS builtin group. You can change these if you want.

GET:

@echo off

set appid={61738644-F196-11D0-9953-00C04FD919C1}

dcomperm -al %appid% list

echo Done
pause

SET:

@echo off
set appid={61738644-F196-11D0-9953-00C04FD919C1}
set user=IIS_IUSRS
pause
dcomperm -al %appid% set %user% permit level:la
pause

Then I have a corresponding batch file that will run each in elevated mode as TrustedInstaller using devxexec.

devxexec /user:TrustedInstaller get_dcom_perms.cmd

Outcome

The outcome is that we can just run the run_set_elevated script, which will impersonate the TrustedInstaller account and grant local activation permissions to our IIS_IUSRS group for the DCOM app.

image

Download


SharePoint Conference 2012 Report - Mental Overload


November 14, 2012 - 22:17, by Steven Van de Craen - 1 Comments

SharePoint Conference 2012 really is a mental overload. Just the scale of the Conference itself is enormous (me being a first time SPC attendee), let alone the impressions that Las Vegas adds to that.

The keynote was the marketing machine at its best. I don’t mean that as a bad thing. It was really well-prepared and got everyone excited about the product and conference.

WP_000145WP_000147

Then there are all those sessions for developers, IT professionals and business. There are so many sessions that overlap that you have to make some hard choices. Luckily most of the sessions are recorded and made available afterwards.

Yesterday was the big outdoor event on Mandalay Beach with Jon Bon Jovi and the Suburban Kings performing. Being not much of a fan I didn’t get excited about it, but I went anyway and enjoyed the vibe, catering and conversations with other attendees.

WP_000167WP_000170

The ending fireworks were a real blast Glimlach

WP_000175WP_000182

The meetup with fellow Belgian attendees was real fun. Got to meet new and familiar faces.

Finally, I took both SharePoint 2013 beta exams. They put a real focus on Office 365 which is not my real area of expertise. But I’ll have to wait for a few more weeks to know the result. We’ll see Glimlach

Cheers!


SharePoint Conference 2012 Report - Viva Las Vegas


November 12, 2012 - 15:47, by Steven Van de Craen - 1 Comments

My colleague Dimitri and I got the opportunity to go to this year’s SharePoint Conference (#SPC12) in Las Vegas. I have to admit that I had mixed feelings at the beginning; I’m not much of a traveler to begin with and also leaving my wife and kids didn’t sound too appealing. But of course we’re taking Vegas here, pretty much a once in a lifetime opportunity! So along with the thousands of other attendees, excitement began to grow when the conference got closer and closer.

Brussels – London – Las Vegas

We departed from Brussels Airport yesterday in an Airbus A321 from British Airways, destination London Heathrow. I have taken this trip before on preious occasions, so no suprises there. The trip took about 40 minutes if I recall correctly.

At Heathrow we got our connection to Las Vegas with minimal waiting time. At least it didn’t seem a very long wait to me. Probably the excitement.

DSCF4841

DSCF4843DSCF4857

We flew in a Boeing 747 in economy class. I’m a pretty tall guy and have to admit that I did expect more leg room in a transatlantic flight, but I managed. The entertainment system was a cool bonus for me. I got to see a lot of pretty new movie releases during flight.

I managed to do a few naps along the way. Of course there’s the jet lag that one needs to take into account. My biological clock refuses to let me sleep here in Vegas during night time, this first night. So I’ve been awake since 11PM (local time) and finally decided to get up to write this little report.

By the way: I don’t look my best in this particular picture Knipogende emoticon

Luxor

We’re staying in the Luxor. Didn’t have time to take a lot of pictures because I wanted to settle in first, but the Luxor hotel -and all others- are really amazing. Huge, spectacular and packed with a certain energy and atmosphere that makes up Vegas (I guess).

DSCF4863

I did a bit of late night gambling yesterday, before turning to bed, but had no luck on the slots. They’re not my type of gambling anyway but I was too tired to join in a poker game. Might do that tonight or else another day.

Conference

There are still a few hours to go until the Conference kicks off, and I’ve run out of battery on my laptop, so I’ll leave it to this for now and am going downstairs to see if anything’s happening for the moment.

If you bump into Dimi or me, say hi Glimlach

Until later!

Steven