| Groups | Blog | Home |
iis security : Cannot Re-Enable DCOM...Machine Hanging
Apparently IIS uses it heavily and after a reboot the machine is hanging and the desktop does not draw for any user including administrator. I disabled DCOM by using DCOMCNFG and unchecking the enable DCOM on this computer checkbox. I cannot reenable DCOM by the same application because upon reboot it behaves abnormally and crashes in many places. I tried to enabled DCOM manually changing the following registry to the value Y: HKLM\Software\Microsoft\OLE\EnableDCOM On reboot, the problem does not go away. Further, the DCOMCNFG application still does not have the enabled checkbox showing as enabled, so apparently more steps are required. What is the most reliable way to guarantee re-initialization of the DCOM environment? -- Will
Can you go into Safe Mode to do what you need?
FYI: IIS6 on Windows Server 2003 does not use DCOM. Only if you switch it into IIS5 Compatibility Mode since by definition that must use DCOM for compatibility. Also, Windows Server 2003 runs without DCOM enabled. However, you may be running other 3rd party software on the server with NT Services that require DCOM. These services would be running on reboot, before and during your user login, so they may be breaking/ hanging and causing your issues. //David http://w3-4u.blogspot.com http://blogs.msdn.com/David.Wang // [quoted text, click to view] On Feb 17, 12:34 am, "Will" <westes-...@noemail.nospam> wrote: > I have messed up a Windows 2003 Web Edition server by turning off DCOM. > Apparently IIS uses it heavily and after a reboot the machine is hanging and > the desktop does not draw for any user including administrator. > > I disabled DCOM by using DCOMCNFG and unchecking the enable DCOM on this > computer checkbox. > > I cannot reenable DCOM by the same application because upon reboot it > behaves abnormally and crashes in many places. I tried to enabled DCOM > manually changing the following registry to the value Y: > > HKLM\Software\Microsoft\OLE\EnableDCOM > > On reboot, the problem does not go away. Further, the DCOMCNFG application > still does not have the enabled checkbox showing as enabled, so apparently > more steps are required. > > What is the most reliable way to guarantee re-initialization of the DCOM > environment? > > -- > Will
[quoted text, click to view]
"David Wang" <w3.4you@gmail.com> wrote in message news:1171706125.392056.84070@t69g2000cwt.googlegroups.com... > Can you go into Safe Mode to do what you need? I guess my question was what do I need to do to reinitialize DCOM. It's not clear that safe mode helps here since it's not about stopping some rogue service (for example). I already enabled the registry option (per my original post) that is required to "enable" DCOM, and yet DCOMCNFG doesn't show DCOM enabled after a reboot. [quoted text, click to view] > IIS6 on Windows Server 2003 does not use DCOM. Only if you switch it > into IIS5 Compatibility Mode since by definition that must use DCOM > for compatibility. Okay, I sense an educational moment coming on. :) First it appears our developers had inadvertently installed IIS 5 when they installed an older Visual Interdev. At least when I start IIS admin on the affected machine it shows version 5.0. So it looks like this is involved somehow with this problem, although even then I am unclear on why turning off DCOM broke the entire computer, not just IIS 5.0. [quoted text, click to view] > Also, Windows Server 2003 runs without DCOM enabled. Just to be more elaborated on this point, every Windows 2003 standard and web edition server I have installed leaves DCOM on. I trust your point is that it is safe to turn it off, and that makes sense, which is why the result I got is all the more puzzling. [quoted text, click to view] > However, you may be running other 3rd party software on the server > with NT Services that require DCOM. These services would be running on > reboot, before and during your user login, so they may be breaking/ > hanging and causing your issues. It really appears to involve the core desktop functionality, as the desktop takes a very long time to draw on startup (maybe 10 minutes), and some applications take a while to startup. Perhaps Interdev overwrote some key functionality for the desktop? -- Will
[quoted text, click to view]
"Will" <westes-usc@noemail.nospam> wrote in message news:xcSdnZ8aBtNhJUrYnZ2dnUVZ_ompnZ2d@giganews.com... > > IIS6 on Windows Server 2003 does not use DCOM. Only if you switch it > > into IIS5 Compatibility Mode since by definition that must use DCOM > > for compatibility. > > Okay, I sense an educational moment coming on. :) First it appears our > developers had inadvertently installed IIS 5 when they installed an older > Visual Interdev. At least when I start IIS admin on the affected machine > it shows version 5.0. So it looks like this is involved somehow with > this problem, although even then I am unclear on why turning off DCOM broke > the entire computer, not just IIS 5.0. I spoke too soon. IIS 6.0 is installed on the computer that is hanging after DCOM was enabled. If you start IIS Admin as a non administrative user, it (incorrectly) reports that it is running IIS 5.0. I guess that is a bug. Running it as administrative user reports IIS 6.0. So, since IIS 6.0 and W2K3 do not depend on DCOM, it's a mystery why disabling DCOM and rebooting broke the computer. Equally a mystery is why DCOM cannot now be re-enabled in a straightforward way, by the usual registry change. -- Will
Will,
With IIS 6 (the only IIS one can install on W2k3) one has the option on installing the IIS5 mgmt interface in order to manage IIS5 elsewhere. There is also ability to run in IIS5 compatibility mode. Make sure you are not confusion either of these. The reg key you mention, HKLM\Software\Microsoft\OLE\EnableDCOM is the only thing in the reg that I am seeing altered when one toggles that checkbox in the properties of the My Computer node in Component services. Have you attempted inventorying of what all else is installed on the machine? It is quite unlikely the an Interdev install did what you hypothesize, but then, it has been many, many years since I had an install of Interdev around. Roger [quoted text, click to view] "Will" <westes-usc@noemail.nospam> wrote in message news:SeudnUphr9GseUrYnZ2dnUVZ_sKunZ2d@giganews.com... > "Will" <westes-usc@noemail.nospam> wrote in message > news:xcSdnZ8aBtNhJUrYnZ2dnUVZ_ompnZ2d@giganews.com... >> > IIS6 on Windows Server 2003 does not use DCOM. Only if you switch it >> > into IIS5 Compatibility Mode since by definition that must use DCOM >> > for compatibility. >> >> Okay, I sense an educational moment coming on. :) First it appears our >> developers had inadvertently installed IIS 5 when they installed an older >> Visual Interdev. At least when I start IIS admin on the affected > machine >> it shows version 5.0. So it looks like this is involved somehow with >> this problem, although even then I am unclear on why turning off DCOM > broke >> the entire computer, not just IIS 5.0. > > I spoke too soon. IIS 6.0 is installed on the computer that is hanging > after DCOM was enabled. If you start IIS Admin as a non administrative > user, it (incorrectly) reports that it is running IIS 5.0. I guess that > is > a bug. Running it as administrative user reports IIS 6.0. > > So, since IIS 6.0 and W2K3 do not depend on DCOM, it's a mystery why > disabling DCOM and rebooting broke the computer. > > Equally a mystery is why DCOM cannot now be re-enabled in a > straightforward > way, by the usual registry change. > > -- > Will > >
What happens if you go into SafeMode to run dcomcnfg to re-enable
DCOM. I suspect it is some auto-start NT Service that requires DCOM and is now "hanging" and preventing you from fixing the situation. If so, you want to run in safe-mode to not have those extraneous services start, so that you can re-enable DCOM without their hinderance. Yes, Windows Server 2003 defaults with DCOM enabled, but it can be installed with DCOM disabled, and it is also user-configurable. [quoted text, click to view] > It really appears to involve the core > desktop functionality, as the desktop > takes a very long time to draw on startup What you can observe is very different from what is going on. I tend to agree with Roger about your hypothesis. //David http://w3-4u.blogspot.com http://blogs.msdn.com/David.Wang // [quoted text, click to view] On Feb 17, 6:24 pm, "Will" <westes-...@noemail.nospam> wrote:
> "David Wang" <w3.4...@gmail.com> wrote in message > > news:1171706125.392056.84070@t69g2000cwt.googlegroups.com... > > > Can you go into Safe Mode to do what you need? > > I guess my question was what do I need to do to reinitialize DCOM. It's > not clear that safe mode helps here since it's not about stopping some rogue > service (for example). I already enabled the registry option (per my > original post) that is required to "enable" DCOM, and yet DCOMCNFG doesn't > show DCOM enabled after a reboot. > > > IIS6 on Windows Server 2003 does not use DCOM. Only if you switch it > > into IIS5 Compatibility Mode since by definition that must use DCOM > > for compatibility. > > Okay, I sense an educational moment coming on. :) First it appears our > developers had inadvertently installed IIS 5 when they installed an older > Visual Interdev. At least when I start IIS admin on the affected machine > it shows version 5.0. So it looks like this is involved somehow with > this problem, although even then I am unclear on why turning off DCOM broke > the entire computer, not just IIS 5.0. > > > Also, Windows Server 2003 runs without DCOM enabled. > > Just to be more elaborated on this point, every Windows 2003 standard and > web edition server I have installed leaves DCOM on. I trust your point is > that it is safe to turn it off, and that makes sense, which is why the > result I got is all the more puzzling. > > > However, you may be running other 3rd party software on the server > > with NT Services that require DCOM. These services would be running on > > reboot, before and during your user login, so they may be breaking/ > > hanging and causing your issues. > > It really appears to involve the core desktop functionality, as the desktop > takes a very long time to draw on startup (maybe 10 minutes), and some > applications take a while to startup. Perhaps Interdev overwrote some key > functionality for the desktop? > > -- > Will
I suppose it is possible that use of the dcomcnfg interface does
touch some settings other than the reg key, such as in the comadmin catalog, so this recommendation to try safe mode is very good idea. Will? have you discovered anything? found a way ? Roger [quoted text, click to view] "David Wang" <w3.4you@gmail.com> wrote in message news:1171914024.127903.211040@a75g2000cwd.googlegroups.com... > What happens if you go into SafeMode to run dcomcnfg to re-enable > DCOM. > > I suspect it is some auto-start NT Service that requires DCOM and is > now "hanging" and preventing you from fixing the situation. If so, you > want to run in safe-mode to not have those extraneous services start, > so that you can re-enable DCOM without their hinderance. > > Yes, Windows Server 2003 defaults with DCOM enabled, but it can be > installed with DCOM disabled, and it is also user-configurable. > >> It really appears to involve the core >> desktop functionality, as the desktop >> takes a very long time to draw on startup > > What you can observe is very different from what is going on. I tend > to agree with Roger about your hypothesis. > > > //David > http://w3-4u.blogspot.com > http://blogs.msdn.com/David.Wang > // > > > > > On Feb 17, 6:24 pm, "Will" <westes-...@noemail.nospam> wrote: >> "David Wang" <w3.4...@gmail.com> wrote in message >> >> news:1171706125.392056.84070@t69g2000cwt.googlegroups.com... >> >> > Can you go into Safe Mode to do what you need? >> >> I guess my question was what do I need to do to reinitialize DCOM. It's >> not clear that safe mode helps here since it's not about stopping some >> rogue >> service (for example). I already enabled the registry option (per my >> original post) that is required to "enable" DCOM, and yet DCOMCNFG >> doesn't >> show DCOM enabled after a reboot. >> >> > IIS6 on Windows Server 2003 does not use DCOM. Only if you switch it >> > into IIS5 Compatibility Mode since by definition that must use DCOM >> > for compatibility. >> >> Okay, I sense an educational moment coming on. :) First it appears our >> developers had inadvertently installed IIS 5 when they installed an older >> Visual Interdev. At least when I start IIS admin on the affected >> machine >> it shows version 5.0. So it looks like this is involved somehow with >> this problem, although even then I am unclear on why turning off DCOM >> broke >> the entire computer, not just IIS 5.0. >> >> > Also, Windows Server 2003 runs without DCOM enabled. >> >> Just to be more elaborated on this point, every Windows 2003 standard and >> web edition server I have installed leaves DCOM on. I trust your point >> is >> that it is safe to turn it off, and that makes sense, which is why the >> result I got is all the more puzzling. >> >> > However, you may be running other 3rd party software on the server >> > with NT Services that require DCOM. These services would be running on >> > reboot, before and during your user login, so they may be breaking/ >> > hanging and causing your issues. >> >> It really appears to involve the core desktop functionality, as the >> desktop >> takes a very long time to draw on startup (maybe 10 minutes), and some >> applications take a while to startup. Perhaps Interdev overwrote some >> key >> functionality for the desktop? >> >> -- >> Will >
[quoted text, click to view]
"Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message news:u5nL3hVVHHA.972@TK2MSFTNGP04.phx.gbl... > I suppose it is possible that use of the dcomcnfg interface does > touch some settings other than the reg key, such as in the comadmin > catalog, so this recommendation to try safe mode is very good idea. > > Will? have you discovered anything? found a way ? Unfortunately, even in safe mode, DCOMCNFG is throwing a null pointer error when you try to re-enable DCOM using that application (it does look like that much is a Microsoft bug). So guess it's time to pay a visit to Microsoft Shanghai again. We'll open up a ticket. -- Will
[quoted text, click to view] "Will" <westes-usc@noemail.nospam> wrote in message news:v8OdndO_ws7TWUbYnZ2dnUVZ_vqpnZ2d@giganews.com... > "Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message > news:u5nL3hVVHHA.972@TK2MSFTNGP04.phx.gbl... >> I suppose it is possible that use of the dcomcnfg interface does >> touch some settings other than the reg key, such as in the comadmin >> catalog, so this recommendation to try safe mode is very good idea. >> >> Will? have you discovered anything? found a way ? > > Unfortunately, even in safe mode, DCOMCNFG is throwing a null pointer > error > when you try to re-enable DCOM using that application (it does look like > that much is a Microsoft bug). > > So guess it's time to pay a visit to Microsoft Shanghai again. We'll > open > up a ticket. > Thanks for the info/post-back. It must be due to some interaction with another latch-down in effect on the box, or a peculiarity of the web sku of Windows, as I have toggled that many times on W2k3 servers without running into what you have happening. Roger
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |