Mike H. - Another Geek In Need...

WebLog
  Home  |   Contact  |   Syndication    |   Login
  58 Posts | 6 Stories | 194 Comments | 294 Trackbacks

News

Archives

Post Categories

Image Galleries

Development

Favorite Blogs

Hosting

User Groups

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited

You may see this error - more than once - when working with your Microsoft Office SharePoint Server (MOSS) 2007 deployment. This animal / error generally shows itself after you have applied an upgrade to an existing deployment. For example, when upgrading from B2 MOSS to B2TR MOSS - or when applying a special service pack from MSFT - you may begin to see a lot of these errors pop up in the SYSTEM event log.

The error CLSID is followed by a class ID for the DCOM+ application that the service account trying to activate that application - does NOT have permission to activate.

For example, let's say I installed MOSS on a server, and used the account mossService as the service account (a least privileged, user account you created to run the MOSS service(s))., when I get this error, I could very well see an error like the following:

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{61738644-F196-11D0-9953-00C04FD919C1}

to the user <serverName>\mossService SID (S-1-5-21-<serviceSID>). This security permission can be modified using the Component Services administrative tool.

Copy the GUID following the CLSID above, and Start-->Run-->regedit

With the registry editor open, ensure that your cursor is on the computer at the beginning of the tree (make sure you are not in the middle of some previous edit session in the registry editor).

Edit-->Find and paste in the GUID. It'll stop at the application entry - and you will want to note the application name on the right side pane. In this example, it was the IIS WAMREG admin service that popped up.

Now, open Component Services (typically, from the server - Start-->Administrative Tools-->Component Services), expand Component Services, Computers, My Computer, DCOM Config. Scroll down and find the application (IIS WAMREG in this case). Right-Click-->Properties and select the Security tab. You'll have some options here - the first block Launch and Activation Permissions - ensure that the Customize radio button is selected, and click Edit. Now, add your service account - giving it launch and activate - and in some requirements - remote launch / activate permission.

Restart IIS and continue on.

NOTE: This is not applicable to MOSS setups only - and hopefully this will help someone else that sees these annoying DCOM errors in their SYSTEM event log.

Regards...
posted on Tuesday, December 19, 2006 5:47 AM

Feedback

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited 12/31/2006 10:12 AM John
Thanks! I had the exact same errors on my MOSS (clean install).

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited 1/3/2007 1:16 PM Mark Van Dyke
Thanks Mike! I had the same issue. I found your posting via google even though we are in the same office...lol

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited 1/3/2007 9:35 PM Harpreet
Thanks.. Your post was of Great help to me.. I had a similar issue


# Backup and Restore with WSS3 1/8/2007 3:55 PM Eben's blog
Have you ever had one of those easy jobs that just turned into a gigantic mess?Haven't we all...The new...

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited 1/16/2007 4:50 PM Ken
Ditto the thanks, fixed an identical problem in WSS 3.0

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited 1/19/2007 11:25 AM John Sussenberger
This helped us with a wierd SMS Management Point issue we were seeing in our virtual lab.

Thanks :)

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited 1/21/2007 8:11 PM Wilkin
The problem is almost fixed. I'm not sure which account should I give the permission to. In my event log it is saying NT Authority\Network service SID. How can I tell what user account has been used to run this?

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited 1/21/2007 9:13 PM MikeH
Hey Wilkin,

The user account is the one you're actually seeing in the event log. NETWORK SERVICE is being used and you are apparently receiving an error that it does not have the permissions for the DCOM application.

First, identify which application is in question. If it is something like SQL Server or BizTalk Server - you may have a issue that goes beyond the scope of my post. Please let me explain...

The NETWORK SERVICE and often local SERVICE accounts are used to execute services - like SQL Server, BTS, and very commonly, IIS application pools (AppPool). If these applications need to access remote servers - then you will need to create a specific service account to run that service. For example, if you have an IIS application that needs to connect to SQL Server on a remote server - NETWORK SERVICE will fail in this context because it is not allowed to access remote servers - this is by design. This is why it is a best practice to plan the accounts for the services that will be running.

Now, in scope of my original post - the issue is that a user account or even NETWORK SERVICE or local SYSTEM does not have launch or activate permissions - for one reason or another. You have to determine which application is in question, and follow the post to add the account to the launch/activate permissions.

If you have not resolved the issue - then it is very likely you are dealing with my previous desciption - a service / application that is needing to access a remote server.

Please feel free to ping me with details / particulars if you still cannot resolve the issue - and I will be more than happy to try and help.

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited 2/5/2007 9:20 AM simflex
hi Mike, great article, thanks very much.

I am getting the *exact* same error and the user that needs authorization is NT AUTHORITY\NETWORK SERVICE.

I copied the GUID which is {0C0A3666-30C9-11D0-8F20-00805F2CD064}, following your instructions, the service that popped up on right side pane is appid followed by a long character starting with 9209B1A6-xxxx.
I could not find either the appid or this long character in Component Services. Any idea what I could be doing wrong?

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited 2/5/2007 11:47 AM MikeH
Hi Simflex,

The AppId is representative of the application and on the right side you should see more information. If all you are seeing IS the app ID on the right side - that's a pain!.

It is possible that the DCOM application is Network Connection Manager. I have seen this periodically when I have run into a server that has a group policy that is broke / disconnected.

Is IIS running on this host? If it is, open inetmgr (IIS Admin Console), epand web application pools, select the DefaultWebApp - right-click -> Properties - and under identity - change it from NETWORK SERVER to LOCAL SERVICE - you'll receive a warning - but proceed anyway.

Stop and re-start the application pool. Now, change it back to NETWORK SERVICE.

Now restart the computer.

Check and see if you're still getting the same errors.

It is very likely that you have a disconnect between a service / user account that 'was' being allowed to run a service - and it no longer is.

Let me know.

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited 2/5/2007 12:51 PM simflex
Thank you mightily for your response Mike. It was indeed very nice of you.

I have done *exactly* as you have suggested but but the problem persists.

This is the more frequent occurrance now:

Driver Microsoft Office Document Image Writer Driver required for printer Microsoft Office Document Image Writer is unknown. Contact the administrator to install the driver before you log in again.

Thanks again for your response.

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited 2/11/2007 7:27 PM Anthony
Hi

I am having exactly the same error. I am currently looking further into this problem and I am curious as to what this service does, and why it is using the network service account. It appears to me that this problem is using the account that is entered into the "Security account for this Application Pool" when the web application is created.

Any thoughts/comments would be greatly appreciated.

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited 2/15/2007 11:31 AM MikeH
Hi Anthony,

I apologize for not being able to get back to you sooner.

'What' the WEGRAM Admin service does it not very well documented - and you would likely find many at MSFT that simply would not know either.

Suffice to say, without it you can connect individually, or register another service with IIS.

There are times - when you're installing a server product, or even 3rd party add-on product - that the configuration for the launch/activation of this service can get buggered up.

For MOSS - it was simply enough to solve - but this may not always be the case.

Researching issues with the service reveals that 90%+ of those blogged issues has to do with ASP/ASP.Net applications - and not specific DCOM configuration issues that get hosed up like I ran into.

Please feel free to share anything more you find out about the service - I know that many in the community would appreciate that.

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited 3/30/2007 10:51 PM Mbt
Thanks for clearing the error. It really helps.

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CL 11/13/2007 9:04 PM your conscience
Looks like you copied this straight from: http://programminggems.blogspot.com/2007/02/application-specific-permission.html


# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CL 1/11/2008 5:04 PM Get a life
"your conscience" - Did you bother to check the dates of the posts? The post on blogspot.com was 2 months after Mike's. Get a life.

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CL 2/4/2008 1:49 AM Eugene
Thanks a lot, your post helped us a lot!
Regards, Eugene

# re: SharePoint 2007 Server Issues Revisited 3/20/2008 1:48 AM JT
Awesome, big help! If you haven't already done so you should report the problem you used in the example as a bug in sharepoint services to microsoft. I had the same problem. Thanks for sharing the information.

Post Feedback

Title:
Name:
Email: (never displayed)
Url:
Comments: 
Please add 4 and 1 and type the answer here: