The error message the server {3D14228D-FBE1-11D0-995D-00C04FD919C1} did not register with DCOM within the required timeout has started appearing in my IIS 5.0 server's event logs. Before the message started appearing, the server was working; now, it can't deliver content. What's causing this problem, and how can I fix it?
The error message tells you that the object's globally unique identifier (GUID), which is the number enclosed in the curly brackets ({}), and that Distributed COM (DCOM) is causing the problem. For this error message to make sense, you have to understand COM and its relationship to IIS—a difficult topic to teach IIS administrators, who aren't interested in programming technology until an error message like this one appears in their event logs and the Web server is down. Suddenly, COM gets very interesting!
Let's start with the GUID. If you're trying to hunt down information about a GUID, the first place to check is the registry. However, in this case, the GUID is special, and you won't find it in a typical search. This GUID is assigned to an entry associated with the Service Control Manager (SCM—i.e., services.exe), whose registry information resides in the HKEY_LOCAL_MACHINE\SECURITY subkey. By default, administrators don't have access to this registry subkey. Even if the Administrators' group has Full Control permission on the subkey, the information isn't readily apparent. You must drill down to the HKEY_LOCAL_MACHINE\SECURITY\Policy\Secret registry subkey and look for the name SCM: {3d14228D-fbe1-11d0-995d00c04fd919c1}.
The SCM launches services for IIS and is involved in many internal operations. If you examine the COM+ applications in the Microsoft Management Console (MMC) Components Services snap-in, you'll find the connection. From the Component Services snap-in, expand the Computer, My Computer, COM+ Applications node. Then, right-click IIS Out-of-Process Pooled Applications and Select Properties. Click the General tab, which Figure 1 shows.
Notice that the application ID (i.e., the GUID) is the same as that reported in the event logs. Thus, you know that your system is having trouble launching an instance of dllhost.exe in which it can load applications set to run in the Medium (Pooled) application-protection mode. (For more information about application-protection modes, see "Determining the Process in Which an Application Is Running," March 2002, InstantDoc ID 23815.)
Often, other event-log error messages accompany this DCOM problem. In particular, you might find an entry such as the one that Figure 2 shows.
One key diagnostic test you can perform is to run your application in Low (In Process) application-protection mode and see whether the new setting works. If your application runs, you know that your system is unable to create an instance of dllhost.exe in which to place applications marked for Medium protection. If the application fails to run in Medium application-protection mode, it will probably also fail in High (Isolated) application-protection mode.
All processes (and dllhost.exe is a process) must run in the context of a user account. Inetinfo.exe runs under the System account. Dllhost.exe runs under the IWAM_servername account. Consequently, IIS must know the password for the IWAM_servername account, which resides in three places:
- the LM/W3SVC/WAMUserPass IIS metabase key
- the Component Services snap-in
- the local SAM or Active Directory (AD)
If a password in any one of these locations fails to agree with the passwords in the other locations, you'll see error messages similar to the one in the above question.
Now that you know that the problem lies with the IWAM_servername password, you can fix it. To do so, follow these steps:
- Stop IIS by typing
iisreset /stop
at the command line.
- In the MMC Local Users and Groups snap-in or the MMC Active Directory Users and Computers snap-in, change the IWAM_servername account's password to a known value.
- At the command line, type
cscript.exe :
\inetpub\adminscripts adsutil.vbs set w3svc/
wamuserpass ""
where newpassword is the password you entered in Step 2.
- At the command line, type
cscript.exe :
\inetpub\adminscripts
run synciwam.vbs -v
to configure the IWAM_servername account with the new password.
- Open the DCOM Configuration Tool (dcomcnfg.exe). Click the Default Security tab, then click Edit under Default Launch Permissions. Make sure the IWAM user listed has Allow Launch permission.
- Restart IIS by typing
iisreset /start
at the command line.
In addition to the IWAM password becoming out of sync, two other problems can cause the error message in the above question to appear. First, registry ACLs that don't allow access to required registry keys can result in the error message. If you use Sysinternals' Regmon tool, you can see a list of the registry keys that a server has accessed. If, when you launch your Web application, you see any entries showing Access Denied, you've probably found the problem. Second, changing the IWAM_servername account's group membership (e.g., making the IWAM_servername account a member of a restricted group) can cause the error message.
RIGHT ON THE MONEY! You just saved my butt from another long night of figuring out why when I would iissync between servers, suddenly one of the 3 would not serve up pages and only returned a 500 internal server error. I was using a network/domain iwam account and this still worked. The key for me seemed to be the synciwam script which is not mentioned anywhere else for this issue.
Worked like a charm!
This is my 2nd week of trouble with DCOM and IIS.
even thaught of reinstalling the OS...
Thank you !
my servers was hacked few days ago. Web server has the mentioned records of dcomscm and lm... and only server html pages, in mmc i can't start iis out-of-p poold app, and sql server was attacked thru sa and sqlserveragent account;
which kind of attack i received ? it is possible to determine it ? thanks
When I try step 4, I get
Out of process applications defined:
Count: 1
{3D14228D-FBE1-11d0-995D-00C04FD919C1}
Error: 1AD: ActiveX compenet can't create object
I must have another underlying problem. Things I've noticed are that asp doesn't work and when i try to go into "Administrative Tools" then "Component Services" then "Computers" the app dies and disappears without an error.
Wonderful! Solved my problems right away, once I figured out the somewhat cryptic command text (hard to tell where spaces go, references to words not used anywhere else, etc.) included in the description (if you could fix this, this page would be perfect).
Everytime I try to launch my AD-Aware to scan for viruses theres an error box that says DCOM serverprocess launcher has terminated unexpectedly and theres a timer that makes my PC restart this has happend several times how do I fix it (I dont know PC language either)
Everytime I try to launch my AD-Aware to scan for viruses theres an error box that says DCOM serverprocess launcher has terminated unexpectedly and theres a timer that makes my PC restart this has happend several times how do I fix it (I dont know PC language either)
pass 3 shoud be:
cscript.exe c:\inetpub\adminscripts\adsutil.vbs set w3svc/wamuserpass "newpassword"
Look at this post in Google groups:
"IIS doesn't display ASP pages, COM+ damaged" if you have problems runing "synciwam.vbs -v"
Link:
http://groups-beta.google.com/group/
microsoft.public.windowsxp.general/browse_thread/
thread/ 5b4b9872a8c5052f/87d89f6c3174d566?
q=IIS+doesn%27t+display+ASP+pages,+COM%2B+damaged&rnum=1&hl=en#87d89f6c3174d566
Thanks, solved my problem.
Awesome!
Most helpfull post ive read in a while! saved me a few missing heair.
Thanks muchly
Performed the opns as advised. Got error msg :
Updating Applications:
Name: IIS Out-Of-Process Pooled Applications Key: {3D14228D-FBE1-11D0-995D-00C04
FD919C1}
Error: 80110414:
*********************** IIS was operational before but could not host any sites, thought problem was DCOM. Any idea why it failed? Thanks!
Attempting start...
Start attempt failed.
IIS Admin Service is disabled
Register
