Posts Tagged ‘Windows server 2008’

Joining domain fails when domain suffix isn’t supplied

So I’ve got my own Active Directory server at home w/ multiple network segments. On one of these network segments, I’ve got a Win2008R2 server w/ a static IP address that needs to join the domain but isn’t on the same network segment as the AD server. When I attempt to join the domain I get the following error message.

Once I get the error message and do a reboot I’ve joined the domain w/ no perceivable errors except the one shown above. I can log into the server w/o any issues using domain user accounts and everything appears fine. Obviously not satisfied w/ this conclusion I start doing some searches and remove the server from the domain to see if I can repeat the above error message.

Finally after searching for an hour I stumble upon a similar domain joining error on Lumbgaps blog and add a domain suffix to my server via the advanced settings on my network card. Once joined, I remove the domain suffix w/o any issues. Seems the server was having a domain searching issue and wasn’t appending the right FQDN on the end of whatever it was doing. This fixed it.

Link to Lumbgaps blog:

SharePoint DCOM issue appearing in the System Event logs

At work, we’ve installed SharePoint servers a couple of times. A reoccurring issue, is a permissions issue that appears in the event logs as Event ID: 10016 or 10017 but doesn’t seem to effect SharePoint performance. We just recently installed SharePoint 2010 and I decided to chase these errors down since it’s annoying and fills up the log files. Seems the local domain account you create to run specific SharePoint services during the initial installation don’t have specific permissions for local activation.

The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
to the user SOMEDOMAIN\SOMEUSERACCOUNT_SVC SID (S-1-5-21-BLAHBLAHBALHBLAH) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

So if you run off to the Component Services, find the offending CLSID object and right click->properties, hit the Security tab to allow this account to run this DCOM object it’s greyed out!

You’ve apparently got to find it in the registry first (should be “Computer\HKEY_CLASSES_ROOT\AppID\YOUR_CLASSID_HERE.”)

Once found, right click the key in the left pane and goto permissions. From there, you’ll want to take ownership of the registry object from the Trusted Installer which will allow you, the admin, to change its’ security permissions w/in the dcomcnfg application.

Now that’s done, open up the “DCOM Config” node of the local computer, find your AppID GUID, right click and select properties. Now select the Security tab and change your Launch & Activation Permissions for your domain account that’s generating your error.

As always, here’s some links to explain:

Return top
Icons made by Freepik from is licensed by CC BY 3.0