Event ID 10009 DCOM

Question

We have a Server 2008 R2 DC that is generating Event ID 10009 - "DCOM was unable to communicate with the computer X using any of the configured protocol." I found this question: Event ID 10009 on Server 2008 R2 DCOM was unable to communicate with computer X. The only difference for me is that I know what the "computers" are. They are all our networking gear: switches, routers, firewall, WAPs etc.

Why would our DC being trying to contact network equipment via DCOM? And is there any way to stop it? It's really annoying seeing thousands of errors a day in the event log.

Answer 1

I did a bit of research and found an interesting technet blog article from MS about the ID 10009 DCOM Troubleshooting. It does give the reason of the DCOM attempts, but explains you what is triggering the DCOM call and gives tips on getting rid of it.

In the same article (comments section from the blog team), it's suggested to run tools like Network Monitor and Process Monitor, look at which process keeps sending failured RPC requests to identify which application is culprit in your scenario.

Hope it helps

sources : http://blogs.msdn.com/b/asiatech/archive/2010/03/16/how-to-troubleshoot-dcom-10009-error-logged-in-system-event.aspx

Answer 2

The possible causes explained above are valid and useful in common troubleshootings. Also duplicated/obsolete DNS records or firewall misconfigurations at the workstation level could lead to DCOM event ID 10009. In my case, this type of error started to appear every 30 minutes (01:00, 01:30 and so on, the whole day) and most of the workstations that the server failed to connect to were powered off. After digging a lot and by chance, I just find a simple solution: Stop (and set to manual startup) the Windows SBS Manager service. Server is SBS 2011 with Exchange/DC/DNS/DHCP but I really don’t use the SBS Console, so finally no more polling errors.