DCOM Communication Error to Decommissioned server

A

AmongTheChosenX

Supreme [H]ardness
Joined
Sep 24, 2007
Messages
7,151
In short, we deleted this server over a year ago but DCOM is still attempting to communicate with it.


I've cleared AD, DNS, ADSIEDIT (I think... didn't know where specifically to look), Sites and Services, and reviewed Domains and Trusts.


Please Advise!


- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">


- <System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10028</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2015-12-08T14:32:03.409827500Z" />
<EventRecordID>206348</EventRecordID>
<Correlation />
<Execution ProcessID="924" ThreadID="11176" />
<Channel>System</Channel>
<Computer>DC.domain.com</Computer>
<Security UserID="S-1-5-18" />
</System>


- <EventData>
<Data Name="param1">oldserver.domain.com</Data>
<Data Name="param2">379c</Data>
<Data Name="param3">C:\Windows\system32\taskhost.exe</Data>
<Binary>3C5265636F726423313A20436F6D70757465723D286E756C6C293B5069643D3932343B31322F382F323031352031343A33323A333A3430393B5374617475733D313732323B47656E636F6D703D323B4465746C6F633D313731303B466C6167733D303B506172616D733D313B7B506172616D23303A307D3E3C5265636F726423323A20436F6D70757465723D286E756C6C293B5069643D3932343B31322F382F323031352031343A33323A333A3430393B5374617475733D313732323B47656E636F6D703D31383B4465746C6F633D313434323B466C6167733D303B506172616D733D313B7B506172616D23303A6D706F7765726D61696C2E686F72697A6F6E70726163746963652E636F6D7D3E3C5265636F726423333A20436F6D70757465723D286E756C6C293B5069643D3932343B31322F382F323031352031343A33323A333A3430393B5374617475733D313732323B47656E636F6D703D31383B4465746C6F633D3332323B466C6167733D303B506172616D733D303B3E3C5265636F726423343A20436F6D70757465723D286E756C6C293B5069643D3932343B31322F382F323031352031343A33323A333A3430393B5374617475733D31313030313B47656E636F6D703D31383B4465746C6F633D3332303B466C6167733D303B506172616D733D313B7B506172616D23303A6D706F7765726D61696C2E686F72697A6F6E70726163746963652E636F6D7D3E</Binary>
</EventData>


</Event>
Click to expand...


The Service is scvhost.exe, also known as NETWORK SERVICE by the CMD utility
"query process".


I'm running out of answers and would really like it fixed.


I did recently convert it (today) to DFSR from FRS, and that seems to have stopped most of the issues that were incurring during sites replication.
 
This isn't my area of expertise, but I've had to fiddle with DCOM before.

I know that svchost.exe is a container for processess. It can run many different processes, so you can't just go stopping that process. You'd need to find the actual service making the DCOM call and stop that.



Start > Run > dcomcnfg

Expand Console Root > Component Services > Computers > My Computer > DCOm Config. Now right click in the middle frame and change the view to details. Look for the GUID specified in your event log in the NAME and APPLICATION ID fields. View the properties and see if it gives you any insight into what this component is.

The GUID you're looking for is {1B562E86-B7AA-4131-BADC-B6F3A001407E}
 
You must log in or register to reply here.
Back
Top