Server Management - Systems Insight Manager
cancel
Showing results for 
Search instead for 
Did you mean: 

ANONYMOUS LOGON DCOM/WMI 10016 errors

 
SOLVED
Go to solution
fishmn
Regular Advisor

ANONYMOUS LOGON DCOM/WMI 10016 errors

Greetings,

Normally I don't pay much heed to DCOM errors. However I have some application folks getting heartburn over some recent dl380G5 servers running win2k3 sp1+ that have the following system error logged every 10-15 minutes.

"The application-specific permission settings do not grant Remote Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user NT AUTHORITY\ANONYMOUS LOGON SID (S-1-5-7). This security permission can be modified using the Component Services administrative tool."

Most of my servers will log this error once/day during my Daily System ID task. The problem servers however appear to be logging these all day long during Hardware status polling as well.

Anybody know how to nip this in the bud?

Running HPSIM 5.1 sp1.

Thank you
5 REPLIES
David Claypool
Honored Contributor

Re: ANONYMOUS LOGON DCOM/WMI 10016 errors

If you aren't using WMI then you can disable it in global settings.
fishmn
Regular Advisor

Re: ANONYMOUS LOGON DCOM/WMI 10016 errors

Oh but we are using WMI and the mapper with SIM. To my knowledge WMI uses the WBEM credentials specified in global protocol settings to authenticate?

I just can't figure out why the previously mentioned error is logged so often on one set of servers and not on most others.. and for that matter why is the user logged as anonymous rather than the account specified in global settings.

The following is part of a sys id output and seems to be common for ALL our servers (may be a seperate issue)

Checking for WBEM support on system.
This system does not have any SMI-S CIMOM installed
This system doesn´t have a server CIMOM installed, or cannot connect to it using all credentials specified
Running WBEM rules based identification.
Cannot get ComputerSystem WBEM/WMI data from the system

Thanks again
David Claypool
Honored Contributor
Solution

Re: ANONYMOUS LOGON DCOM/WMI 10016 errors

If you're using ProLiant servers on Windows then there is no real reason to use WMI--all of the ProLiant instrumentation is in SNMP. HP SIM really only uses WMI today for gathering data on non-HP systems and Windows virtual machine guests.
fishmn
Regular Advisor

Re: ANONYMOUS LOGON DCOM/WMI 10016 errors

David, thanks for your replies. Do you know how I can disable WMI queries from SIM to physical proliants only? We've got another 600 vm's that we don't want to disable WMI on.

Note that I did set system protocol settings on one server to WBEM "use certificate instead" and "do not run system identification". This seems to have reduced the error frequency.
NJK-Work
Honored Contributor

Re: ANONYMOUS LOGON DCOM/WMI 10016 errors

Hello,

Just curious, how does one use Certificates with WBEM? We currently use an AD user account and password for all of our Virtual Machines - which is a pain, since we have it disabled on all physical machines and need to manually type it in for each individual VM.

Anyway, I never knew about the certificates until I read your post. So now you got me thinking :). What certificate does it use to perform the authentication? Any other info you have?

Thanks
Nelson