How to troubleshoot DCOM 10009 error logged in system event?

Symptom:

 

Sometimes, we may see below DCOM 10009 errors in our system event, or we may receive the exception code 0x800706ba in our DCOM client application:

Event Type: Error
Event Source: DCOM|
Event Category: None
Event ID: 10009
Date: 2010-2-22
Time: 10:02:07
User: N/A
Computer: <Computer Name>
Description:
DCOM was unable to communicate with the computer <Target Computer Name> using any of the configured protocols.

Simply speaking, DCOM 10009 indicates that the DCOM client located on this <Computer Name> can’t communicate with the DCOM|COM+ server located on that <Target Computer Name>.

How this happens:

 

When a client calls CoGetClassObject or CoCreateInstance (CreateObject or new in VB) to activate a component, the COM runtime contacts its local SCM COM activator (RPCSS service) in order to launch the corresponding COM server that will host the desired component.

 

If the component is remote, the local RPCSS service will forward the request to the RPCSS service of the remote machine.

 

However, if the RPCSS service of remote target server is not available, DCOM 10009 will be logged locally to notify administrator. The typical call stack is as follows:
ChildEBP RetAddr

006df364 757f8b72 ADVAPI32!ReportEventW-> then DCOM 10009 is logged.

006df3a0 757f6542 rpcss!LogRemoteSideUnavailable+0x63 ->here we don’t found the server.

006df40c 757f6781 rpcss!CRemoteMachine::Activate+0x294

006df648 757f6861 rpcss!RemoteActivationCall+0xf2

006df664 757edb5c rpcss!ActivateRemote+0x8e

006df6c0 757d629c rpcss!Activation+0x343

006df718 757d7680 rpcss!ActivateFromProperties+0x1c2

006df724 757d76c0 rpcss!CScmActivator::CreateInstance+0xd

Why this happens:

 

Totally speaking, the reason why DCOM 10009 is logged is that: local RPCSS service can’t reach the remote RPCSS service of remote target server. There are many possibilities which can cause this issue.

  • Scenario 1:
     The remote target server happens to be offline for a short time, for example, just for maintenance.
  • Scenario 2:
    Both servers are online. However, there RPC communication issue exists between these two servers, for example: server name resolvation failure, port resources for RPC communication exhaustion, firewall configuration.
  • Scenario 3:

Even though the TCP connection to remote server has no any problem, but if the communication of RPC authentication gets problem, we may get the error status code like 0x80070721 which means “A security package specific error occurred” during the communication of RPC authentication, DCOM 10009 will also be logged on the client side.

  • Scenario 4:

The target DCOM |COM+ service failed to be activated due to permission issue. Under this kind of situation, DCOM 10027 will be logged on the server side at the same time.

 

How to troubleshoot:

 

As I mentioned above, there are many possibilities which can cause DCOM 10009 being logged. Some scenarios are normal while others are abnormal. We should deal with the DCOM 10009 in different ways.

  • · For scenario 1
    if DCOM 10009 is logged during the period of maintenance of remote target server, it’s an expected behaviour because the remote target server is offline. We can verify it by ping <remote server>
  • · For Scenario 2
    If the remote target server is online while DCOM 10009 is still logged, then we can perform below tests:

1) Ping <remote server> & IP Address of remote server to make sure network traffic is fine.

2) Telnet <remote server> 135 to make sure the Port 135 is not blocked by firewall.

3) If we have configured dynamic port for RPC communication, we can check what status the port resources are on both servers using below command:

netstat –anb

if all dynamic ports are used , or only few left, you can consider expanding the dynamic port.

How to configure RPC dynamic port allocation to work with firewalls

https://support.microsoft.com/?id=154596

DCOM port range configuration problems

https://support.microsoft.com/kb/217351/en-us

4) If all above tests are fine, we can use DTCPing tool to verify if the DCOM communication between two servers is fine.

How to troubleshoot connectivity issues in MS DTC by using the DTCPing tool
https://support.microsoft.com/kb/918331/en-us

Note: DTCPing tool is not specific for troubleshooting MSDTC issue, it can be used to troubleshooting all DCOM communication issues.

    • For scenario 3:
      Need capture more resources like Network traffic, or even iDNA trace to further investigate how this failure happens. 
    • For scenario 4:

Grant the specific account mentioned in DCOM event 10027 with corresponding permission through “Component Services MMC”

 

References:

FIX: You cannot obtain detailed error information about DCOM 10009 errors in Windows Server 2003
https://support.microsoft.com/kb/910695

Winston from APGC DSI Team