Fix for DCOM 10009 Errors in Exchange 2010 SP1

You may notice DistributedCOM 10009 errors in the Windows Server 2008 R2 System Event Log whenever you run any of the following Exchange 2010 SP1 cmdlets:

  • Get-OWAVirtualDirectory
  • Get-WebServicesDirectory
  • Get-ActiveSyncVirtualDirectory




The DCOM 10009 error reads as follows:



Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Date:          7/1/2011 10:16:11 AM
Event ID:      10009
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      CAS01.domain.com
Description:
DCOM was unable to communicate with the computer CAS02.domain.com using any of the configured protocols.
This happens because of an security context error when invoking an RPC call to the remote CAS server.  The fix is to direct the RPC Runtime to ignore delegation failures.  This can be done by configuring the registry on both the source and target machines, but is more easily done using Group Policy.



To configure Ignore Delegation Failures manually:

  • Run REGEDIT on the source computer
  • Navigate to HKLM\Software\Policies\Microsoft\Windows NT\Rpc
  • Create a new DWORD value called IgnoreDelegationFailure with the value of 1
  • Restart the computer
  • Repeat for each Exchange 2010 SP1 Client Access Server

 To configure this setting using Group Policy:

  • Open the Group Policy Management Console
  • Edit the Group Policy Object (GPO) that applies to the Exchange 2010 SP1 servers.  I usually use the Default Domain Policy.
  • Navigate to Computer Configuration > Policies > Administrative Templates > System > Remote Procedure Call
  • Double-click Ignore Delegation Failure.
  • Enable the policy and set the Ignoring Delegation Failure setting to ON.
  • Restart the Exchange 2010 SP1 Client Access Servers

This DCOM 10009 error does not seem to affect Windows Server 2008 servers, only Windows Server 2008 R2.