Sysadminsblog.com Anything for sysadmins!

22Mar/116

Unable to edit the DCOM settings

Recently I had a couple of DCOM errors in my event log for APPID {61738644-F196-11D0-9953-00C04FD919C1} (IIS WAMREG admin Service. It was again a classic case of Local Activation permissions that were missing. Normally one would fix that by going to DCOMcnfg.exe and editing the settings as indicated in this article. However this time it was a bit different as the settings were disabled.

Obviously this is a permission problem. The solution is to do the following:

  1. Run Regedit.exe and browse to “HKEY_CLASSES_ROOT\AppID\{61738644-F196-11D0-9953-00C04FD919C1}” key
  2. Right-click the key and select Permissions
  3. Click the Advanced button in the permissions window and select the Owner tab. Under Change owner select the local Administrators group and click on OK.
  4. Then on the permissions window, select the local Administrators group and assign it Full Control. Don’t change the permissions for the TrustedInstaller account.
  5. Click on Apply (keep this window open as you’ll have to restore the permissions when you’re done)
  6. Rerun the DCOMCNFG.exe. You should now be able to change the DCOM settings for the IIS WAMREG admin service.
  7. Go back to the permissions window of the registry key and remove the check in Full Control of the local Administrators group (this results in only Read permissions)
  8. Go to the Owner tab and make “NT Service\TrustedInstaller” of the local computer owner of the key again.

Quite a hassle, but it works!

Be Sociable, Share!

Posted by Mischa Oudhof

Comments (6) Trackbacks (1)
  1. Ok nice, but what is DCOM permissions and why is it required.

    • Here’s a small excerpt of the TechNet article:
      The Microsoft Component Object Model (COM) is a platform-independent, distributed, object-oriented system for creating binary software components that can interact. The Distributed Component Object Model (DCOM) allows applications to be distributed across locations that make the most sense to you and to the application. The DCOM wire protocol transparently provides support for reliable, secure, and efficient communication between COM components. For more information, see “Component Object Model” on the Microsoft Web site at http://go.microsoft.com/fwlink/?LinkId=20922.

      Also there’s a wikipedia page about DCOM: http://en.wikipedia.org/wiki/Distributed_Component_Object_Model

      The reason the account needs permissions is to be able to actualy start the DCOM object and have it do it’s thing!

  2. That is great but what if there isn’t a key in the registry “61738644-F196-11D0-9953-00C04FD919C1” what do you do then? This is a windows 2008 R2 and I don’t see that key and running searches, it comes up empty. What do I have to modify in order to edit the DCOM?

  3. Thank you very much. It helps. 🙂


Leave a comment