A
Amir
Hi,
On our VPN server - which is a RAS server -, I just
noticed DCOM errors ID 10003. The description
reads, "Access denied attempting to launch a DCOM Server
using DefaultLaunchPermssion. The server is:
{00020906-0000-0000-C000-000000000046}
The user is Unavailable/Unavailable, SID=Unavailable."
I read that the DCOM server is Machine Debug Manager.
That this error appears when the client's identity differs
from the server's. Does this mean that someone has been
trying to access the DCOM server? Could it be someone
from outside of our company? I also read that when IIS is
running in-process, the System account allows RPC Endpoint
Mapper access to the DCOM server. When I noticed RPC, I
thought of the new Security issue with RPC vulnerability.
Could this error message have anything to do with this new
threat and the Blaster worm?
Thanks
On our VPN server - which is a RAS server -, I just
noticed DCOM errors ID 10003. The description
reads, "Access denied attempting to launch a DCOM Server
using DefaultLaunchPermssion. The server is:
{00020906-0000-0000-C000-000000000046}
The user is Unavailable/Unavailable, SID=Unavailable."
I read that the DCOM server is Machine Debug Manager.
That this error appears when the client's identity differs
from the server's. Does this mean that someone has been
trying to access the DCOM server? Could it be someone
from outside of our company? I also read that when IIS is
running in-process, the System account allows RPC Endpoint
Mapper access to the DCOM server. When I noticed RPC, I
thought of the new Security issue with RPC vulnerability.
Could this error message have anything to do with this new
threat and the Blaster worm?
Thanks