Blog of Steven Tapping, containing my thoughts, comments and questions. RSS Feed


SharePoint 2007 SPSearch Repeating Local Activation Error in Event Logs

Problem:

Analyzing the event logs of several of our SharePoint servers, I found the following error repeating in two logs:

Application event:

Event Type:    Error

Event Source:    Windows SharePoint Services 3

Event Category:    (964)

Event ID:    6398

Date:        3/29/2007

Time:        11:30:00 AM

User:        N/A

Computer:    xxxxxxxxxxxxxx

Description:

The Execute method of job definition Microsoft.SharePoint.Search.Administration.SPSearchJobDefinition (ID c5427b38-db0b-49da-86af-06db6b579744) threw an exception. More information is included below.

Retrieving the COM class factory for component with CLSID {629DA12E-9AD5-4FEC-B886-42C5982C5109} failed due to the following error: 80070005.

 

System Event:

Event Type:    Error

Event Source:    DCOM

Event Category:    None

Event ID:    10016

Date:        3/29/2007

Time:        11:30:00 AM

User:        xxxxxxxxxxxxxx

Computer:    xxxxxxxxxxxxxx

Description:

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{629DA12E-9AD5-4FEC-B886-42C5982C5109}

to the user xxxxxxxxxxxxxx SID (S-1-5-21-1850885132-1290235432-1578531482-4359). This security permission can be modified using the Component Services administrative tool.

 

Cause (with Photos!):

After a little digging in the registry, I found the user account the spsearch service (Windows SharePoint Services Search Gathering Manager) ran under did not have local activation rights. In other words, the user did not have the rights to start the search crawler service.

Doing a search in the registry of the SharePoint server for the CLSID, I found: HKEY_CLASSES_ROOT\CLSID\{629DA12E-9AD5-4FEC-B886-42C5982C5109} .

Now let's look at the Component Services manager for the AppID…Found the ID! This is the component missing local activation rights.

You'll even find the service it's trying to launch. The user in this service needs local activation rights:

 

Resolution:

  1. Click Start, click Run, type dcomcnfg in the Open box, and then click OK.
  2. Expand Component Services, expand Computers, expand My Computer, and then click DCOM Config.
  3. Right-click SPSearch, and then click Properties.
  4. Click the Security tab.
  5. Under Launch and Activation Permissions, click Edit.
  6. In the Launch Permission dialog box, click Add.
  7. In the Select Users, Computers, or Groups dialog box, type the domain user account that you specified as the Windows SharePoint Services 3.0 service account, click Check Names, and then click OK.
  8. In the Permissions for UserName list, click to select the Allow check box that is next to Local Activation, and then click OK two times.
 
Posted by Steven Tapping | 16 Comments | Trackback Url | Bookmark with:        
Tags:

Links to this Post

Comments

Monday, 2 Apr 2007 08:35 by Thank you!
Thanks for the step-by-step. You should write KB articles for Microsoft. Much appreciated.
Thursday, 5 Apr 2007 04:56 by Better to ensure account is in WSS_WPG - then you don't need to open up DCOMconfig
yup -seen that one a bunch of times also, although not since RTM - the WSS Search account *should* be added to WSS_WPG when it's assigned in central admin. You shouldn't need to add it explicitly in DCOMconfig. trouble is, central admin sometimes craps out at this stage. I recommend *not* adding accounts explicitly - very bad infosec practice - add the account to WSS_WPG as this is assigned correctly by the SP Config Wizard.
Thursday, 12 Apr 2007 02:31 by Thank you!
Thank you for that description. That is solution I have search.
Wednesday, 30 May 2007 05:43 by still getting the error message
I'm getting the error message stated above. I did this and the ID I specified was listed with Launch and Activated persmissions checked. I removed the username and readded it but I'm still getting the error message. Any other suggestions?
Wednesday, 30 May 2007 09:29 by Re: SharePoint 2007 SPSearch Repeating Local Activation Error in Event Logs
I would suggest adding WSS_WPG or even IIS_WPG and see if this works. You might be adding the wrong username.
Thursday, 31 May 2007 08:20 by Re: SharePoint 2007 SPSearch Repeating Local Activation Error in Event Logs
I've added both and still getting the error message. Could there be something I'm missing? I just took on this project and my first thing was to change the password for every service including all sharepiont services. I checked and rechecked that the passwords are correct. Could there be a spot I missed such as in sharepoint itself? If so where? I'm fairly new to the sharepoint admin thing.
Thursday, 31 May 2007 09:25 by Re: SharePoint 2007 SPSearch Repeating Local Activation Error in Event Logs
You can try two things: 1) yes there are many places in the SharePoint central admin web site where passwords are specified. Changing the Windows Service password isn't going to be enough...Try "central admin"->"Operations"->"Services on server"->"Office SharePoint Server Search"->"Farm Search Service Account". 2) Go through this list of accounts to make sure you have changed the passwords in all SPS accounts. This is a list of all accounts SharePoint uses: http://technet2.microsoft.com/Office/f/?en-us/library/f07768d4-ca37-447a-a056-1a67d93ef5401033.mspx
Thursday, 31 May 2007 10:08 by Re: SharePoint 2007 SPSearch Repeating Local Activation Error in Event Logs
When I go to: "->"Operations"->"Services on server"->"Office SharePoint Server Search"->"Farm Search Service Account". the password field is always blank. I enter in the password I need to use but it remains blank. is there a way I can verify that the password i entered is the correct one, or that the service is using the correct pwd?
Thursday, 31 May 2007 10:23 by Re: SharePoint 2007 SPSearch Repeating Local Activation Error in Event Logs
OK, I changed every SPS service password on the server that is giving me the error and I'm still getting the error. I even did a IISRESET when I changed the passwords. What else can it be? What am I missing? I've been trying to figure this out for 2 days and googled until my eyes popped. The error: The SSP Timer Job Distribution List Import Job was not run. Reason: Logon failure: unknown user name or bad password Technical Support Details: System.ComponentModel.Win32Exception: Logon failure: unknown user name or bad password at Microsoft.Office.Server.Utilities.WindowsSecurity.GetUserTokenFromCredentials(String userDomainName, String password, LogonType logonType) at Microsoft.Office.Server.Utilities.WindowsSecurity.GetUserTokenFromCredentials(String userDomainName, String password) at Microsoft.Office.Server.Administration.JobHandler.Execute(Object state, Boolean timedOut)
Monday, 30 Jul 2007 10:28 by TechNet Article: Change passwords used for administration accounts (Office SharePoint Server)
A great resource for changing passwords is on TechNet: Microsoft Office SharePoint Server 2007 Change passwords used for administration accounts (Office SharePoint Server) http://technet2.microsoft.com/Office/en-us/library/4f52688f-7c27-41b7-8e28-c532d0e93e4d1033.mspx Windows SharePoint Service 3.0 Change passwords used for administration accounts (Windows SharePoint Services) http://technet2.microsoft.com/windowsserver/WSS/en/library/91746936-a420-4b6c-bfd3-7f42f5e4e2ac1033.mspx
Friday, 10 Aug 2007 03:20 by Re: SharePoint 2007 SPSearch Repeating Local Activation Error in Event Logs
Thanks for the links! It's quite hard to figure out where all these passwords are stored. I had to create 13 AD machine accounts to support 1 MOSS installation in production.
Friday, 21 Sep 2007 11:49 by Sr Systems Engineer
HI, I have several WSS installations that all suffer the same problem, not DCOM necessarily but search just doesn;t work unless I make the content access account and the search account administrators of the machine, I have followed MS guidelines for least privilege implementation and it just doesn;t work. Any ideas?
Monday, 24 Sep 2007 04:12 by Re: SharePoint 2007 SPSearch Repeating Local Activation Error in Event Logs
I talked to the MSFT search folks at TechEd 2007 and we concluded the "Default content access account" needed to be a site administrator. The guidelines don't mention this but it has little risk and saves you a lot of time! Steven.
Thursday, 1 Nov 2007 02:02 by Re: SharePoint 2007 SPSearch Repeating Local Activation Error in Event Logs
but how do you shut the thing off all together... i dont want it indexing period as this is my dev box only...
Wednesday, 19 Dec 2007 12:47 by works for OSearch, too
After installing Sharepoint SP1 i had a similar error in the event-log, and thanks to you i found it was die DCOM-config of the component "OSearch" that needed Launch and Activation Permission for the service-account
Tuesday, 4 Aug 2009 01:30 by
thanks for this article, it is realy helped me a lot, thank you verymuch
Name:
URL:
Email:
Comments:

CAPTCHA Image Validation