Oct2

Another step closer to the 100% scripted SharePoint installation with DcomPerm.exe

 Categories:

I have just completed my most recent MOSS scripted install which included a slipstream install of the IU + latest hot fixes as described here. One of the few things that I still have to do manually is fix the DCOM errors that seem to very consistent.
SharePoint DCOM error 10016
According to http://support.microsoft.com/kb/920783 the 10016 & 7 errors do not impact SharePoint operation but I don't like to see any errors in the Windows Event Logs so today I set about finding a solution to automate the manual dcomcnfg.exe tasks required to fix this error (annoying when you have 9 MOSS servers in the solution) and succeeded. The solution was in a Windows SDK sample application http://msdn.microsoft.com/en-us/library/aa242178(VS.60).aspx

Thanks to one of my colleagues who compiled the c++ code for me, you can now add a command to your build script to fix this problem.

C:\Software\SharePoint>dcomperm -al {61738644-F196-11D0-9953-00C04FD919C1} set YourDomain\svc-moss-ssp permit level:l

Download dcomperm from here http://cid-62b84429c3a8a991.skydrive.live.com/self.aspx/SharePoint/DComPerm.zip

Syntax: dcomperm <option> [...]
Options:

Modify or list the machine access permission list
-ma <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r"]
-ma list

Modify or list the machine launch permission list
-ml <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r,ll,la,rl,ra"]
-ml list

Modify or list the default access permission list
-da <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r"]
-da list

Modify or list the default launch permission list
-dl <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r,ll,la,rl,ra"]
-dl list

Modify or list the access permission list for a specific AppID
-aa <AppID> <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r"]
-aa <AppID> default
-aa <AppID> list

Modify or list the launch permission list for a specific AppID
-al <AppID> <"set" or "remove"> <Principal Name> ["permit" or "deny"] ["level:l,r,ll,la,rl,ra"]
-al <AppID> default
-al <AppID> list

level: 
    ll - local launch (only applies to {ml, dl, al} options) 
    rl - remote launch (only applies to {ml, dl, al} options) 
    la - local activate (only applies to {ml, dl, al} options) 
    ra - remote activate (only applies to {ml, dl, al} options) 
    l - local (local access - means launch and activate when used with {ml, dl, al} options) 
    r - remote (remote access - means launch and activate when used with {ml, dl, al} options)

 
Trackback Url
 

Links to this post

Welcome to the Hotel...

Trackback from Woody Windischman - The Sanity Point on 25 Oct 2008 12:31

Comments

On 04 Oct 2008 03:43, Matthew Chestnut said:

I've been looking for a solution to this problem, too, since I don't like to see any errors in the Windows Event Logs either. Thank you for sharing.

On 07 Nov 2008 07:59, Matthew Chestnut said:

As a followup to my earlier comment, here is how I implemented this dcomperm.exe in my installation scripts. The values for %DOMAIN%\WSS_WPG, %USR_FARM%, %USR_SEARCH% are dependent on your installation, but you get the idea. echo [dcomSet] Set DCOM permissions for Local Launch and Local Activation... echo. echo IIS WAMREG admin Service for %%u in (%DOMAIN%\WSS_WPG) do ( echo User: %%u dcomperm.exe -al {61738644-F196-11D0-9953-00C04FD919C1} set %%u permit level:l echo. ) echo. echo OSearch for %%u in (%DOMAIN%\WSS_WPG %USR_FARM%) do ( echo User: %%u dcomperm.exe -al {58F1D482-A132-4297-9B8A-F8E4E600CDF6} set %%u permit level:l echo. ) echo. echo SPSearch for %%u in (%DOMAIN%\WSS_WPG %USR_FARM% %USR_SEARCH%) do ( echo User: %%u dcomperm.exe -al {6002D29F-1366-4523-88C1-56D59BFEF8CB} set %%u permit level:l echo. )

Leave a comment





CAPTCHA Image Validation