Cannot Re-Enable DCOM...Machine Hanging -- iis security

Psst! Did you know DevelopmentNow is a mobile web site design agency?

Contact us for help mobilizing your site, or to sign up for our beta Mobile Web SDK!

iis security : Cannot Re-Enable DCOM...Machine Hanging

Will
2/17/2007 12:34:19 AM

I have messed up a Windows 2003 Web Edition server by turning off DCOM.
Apparently IIS uses it heavily and after a reboot the machine is hanging and
the desktop does not draw for any user including administrator.

I disabled DCOM by using DCOMCNFG and unchecking the enable DCOM on this
computer checkbox.

I cannot reenable DCOM by the same application because upon reboot it
behaves abnormally and crashes in many places. I tried to enabled DCOM
manually changing the following registry to the value Y:

HKLM\Software\Microsoft\OLE\EnableDCOM

On reboot, the problem does not go away. Further, the DCOMCNFG application
still does not have the enabled checkbox showing as enabled, so apparently
more steps are required.

What is the most reliable way to guarantee re-initialization of the DCOM
environment?

--
Will

David Wang
2/17/2007 1:55:25 AM

Can you go into Safe Mode to do what you need?

FYI:

IIS6 on Windows Server 2003 does not use DCOM. Only if you switch it
into IIS5 Compatibility Mode since by definition that must use DCOM
for compatibility.

Also, Windows Server 2003 runs without DCOM enabled.

However, you may be running other 3rd party software on the server
with NT Services that require DCOM. These services would be running on
reboot, before and during your user login, so they may be breaking/
hanging and causing your issues.

//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

[quoted text, click to view]

Will
2/17/2007 6:24:59 PM

[quoted text, click to view]

I guess my question was what do I need to do to reinitialize DCOM. It's
not clear that safe mode helps here since it's not about stopping some rogue
service (for example). I already enabled the registry option (per my
original post) that is required to "enable" DCOM, and yet DCOMCNFG doesn't
show DCOM enabled after a reboot.

[quoted text, click to view]

Okay, I sense an educational moment coming on. :) First it appears our
developers had inadvertently installed IIS 5 when they installed an older
Visual Interdev. At least when I start IIS admin on the affected machine
it shows version 5.0. So it looks like this is involved somehow with
this problem, although even then I am unclear on why turning off DCOM broke
the entire computer, not just IIS 5.0.

[quoted text, click to view]

Just to be more elaborated on this point, every Windows 2003 standard and
web edition server I have installed leaves DCOM on. I trust your point is
that it is safe to turn it off, and that makes sense, which is why the
result I got is all the more puzzling.

[quoted text, click to view]

It really appears to involve the core desktop functionality, as the desktop
takes a very long time to draw on startup (maybe 10 minutes), and some
applications take a while to startup. Perhaps Interdev overwrote some key
functionality for the desktop?

--
Will

Will
2/17/2007 9:29:20 PM

[quoted text, click to view]

I spoke too soon. IIS 6.0 is installed on the computer that is hanging
after DCOM was enabled. If you start IIS Admin as a non administrative
user, it (incorrectly) reports that it is running IIS 5.0. I guess that is
a bug. Running it as administrative user reports IIS 6.0.

So, since IIS 6.0 and W2K3 do not depend on DCOM, it's a mystery why
disabling DCOM and rebooting broke the computer.

Equally a mystery is why DCOM cannot now be re-enabled in a straightforward
way, by the usual registry change.

--
Will

Roger Abell [MVP]
2/17/2007 11:30:40 PM

Will,

With IIS 6 (the only IIS one can install on W2k3) one has the
option on installing the IIS5 mgmt interface in order to manage
IIS5 elsewhere. There is also ability to run in IIS5 compatibility
mode. Make sure you are not confusion either of these.

The reg key you mention,
HKLM\Software\Microsoft\OLE\EnableDCOM
is the only thing in the reg that I am seeing altered when one
toggles that checkbox in the properties of the My Computer
node in Component services.

Have you attempted inventorying of what all else is installed
on the machine? It is quite unlikely the an Interdev install did
what you hypothesize, but then, it has been many, many years
since I had an install of Interdev around.

Roger

[quoted text, click to view]

David Wang
2/19/2007 11:40:24 AM

What happens if you go into SafeMode to run dcomcnfg to re-enable
DCOM.

I suspect it is some auto-start NT Service that requires DCOM and is
now "hanging" and preventing you from fixing the situation. If so, you
want to run in safe-mode to not have those extraneous services start,
so that you can re-enable DCOM without their hinderance.

Yes, Windows Server 2003 defaults with DCOM enabled, but it can be
installed with DCOM disabled, and it is also user-configurable.

[quoted text, click to view]

What you can observe is very different from what is going on. I tend
to agree with Roger about your hypothesis.

//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

[quoted text, click to view]

Roger Abell [MVP]
2/20/2007 6:34:41 PM

I suppose it is possible that use of the dcomcnfg interface does
touch some settings other than the reg key, such as in the comadmin
catalog, so this recommendation to try safe mode is very good idea.

Will? have you discovered anything? found a way ?

Roger

[quoted text, click to view]

Will
2/20/2007 8:02:18 PM

[quoted text, click to view]

Unfortunately, even in safe mode, DCOMCNFG is throwing a null pointer error
when you try to re-enable DCOM using that application (it does look like
that much is a Microsoft bug).

So guess it's time to pay a visit to Microsoft Shanghai again. We'll open
up a ticket.

--
Will

Roger Abell [MVP]
2/22/2007 1:49:42 AM

[quoted text, click to view]

Thanks for the info/post-back.

It must be due to some interaction with another latch-down in
effect on the box, or a peculiarity of the web sku of Windows,
as I have toggled that many times on W2k3 servers without
running into what you have happening.

Roger

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages about iis security

View Other Months
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008

iis security : Cannot Re-Enable DCOM...Machine Hanging

About

Services

Portfolio

Blog

Products

Discuss

Contact