Saturday, June 12, 2010

FIM 2010 – Using PowerShell to Set DCOM and WMI permissions for Self-Service Password Reset

I posted two PowerShell scripts thanks to some work Karl Mitschke did on his blog. These scripts focus on automating the tedious manual tasks necessary to set DCOM and WMI permissions when deploying FIM Self-Service Password Reset. Digging out all of the places and bits to set is not fun especially when you have multiple environments and servers to run it on.

The scripts will only add the ACE if it's not present and will update an existing ACE for the same security principal; it will also tell you if the existing permissions are correct!

The posts are in the FIM 2010 TechNet Forum, enjoy!

Friday, June 04, 2010

Fix the SharePoint DCOM 10016 error on Windows Server 2008 R2

So, you may be getting this error in your System Event Log:

Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Date:          6/4/2010 4:32:13 AM
Event ID:      10016
Task Category: None
Level:         Error
Keywords:      Classic
User:          MYDOMAIN\svc_fimwssfarm
Computer:      fimapp02.mydomain.com
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{61738644-F196-11D0-9953-00C04FD919C1}
and APPID
{61738644-F196-11D0-9953-00C04FD919C1}
to the user MYDOMAIN\svc_fimwssfarm SID (S-1-5-21-4260336858-993826399-1961165941-22596) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

If you are deploying the FIM Portal on a shiny new Windows Server 2008 R2 web server then you will face a new challenge when attempting to solve the DCOM 10016 error. Previously you just needed to add Local Launch and Local Activation permissions to your local WSS_ADMIN_WPG and WSS_WPG as shown here:

With Windows Server 2008 R2 this is protected by the Trusted Installer account and there are additional steps required for you to take ownership of the key in the registry and then assign permissions. Rather than rehashing it here, I'll redirect you to where I found my solution, over at Wictor Wilén's blog (click the link below).

Fix the SharePoint DCOM 10016 error on Windows Server 2008 R2

Newer Posts Older Posts Home