2008-01-18

WinXP SP3 DCOM System Error {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

I slipstreamed SP3 on to my custom WinXP image because I found SP3 to perform admirably well.

Performance is subjective, but... my notebook was using 100% of CPU1 when playing ripped 1080p content and some it wouldn't even play at a reasonable frame rate. I tried everything with the player and drivers, but I didn't resolve the problem until installing SP3. After SP3 CPU1 was at 48%... same video drivers, same player... same XP image but with SP3 slipstreamed over SP2.



After installing SP3 I noticed the below error in the event log and tracing it back through the registry lead me to the NAP Service Agent.

Event Type: ErrorEvent Source: DCOMEvent

Category: None

Event ID: 10016

Date: 28/12/2007

Time: 10:44:58 AM

User: NT AUTHORITY\SYSTEM

Computer: RY4VM

Description:The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.




NAP is some *1/2 baked MS Security service used in Win2008 and Vi$ta networks (see below). So disable the service and then stop the COM component from running:

  1. Win + R services.msc
  2. Disable NAP service
  3. Win + R C:\WINDOWS\system32\Com\comexp.msc
  4. Expand Component Services > Computers > My Comp > DCOM Config
  5. Right Click NAP Agent Service
  6. Select Properties > Location
  7. Uncheck "Run application on this computer"




Network Access Protection. Network Access Protection (NAP) is a new client health policy creation, enforcement, and remediation technology that is included in the Windows Vista Business, Windows Vista Enterprise, and Windows Vista Ultimate operating systems, and in the Windows Server 2008 operating system. With NAP, administrators can establish and automatically enforce health policies which can include software requirements, security update requirements, required computer configurations, and other settings. See below for more information about NAP.

Exposure of client devices to malicious software, such as viruses and worms, continues to increase. These programs can gain entry to an unprotected or incorrectly configured host system, and then use this system as a staging point to propagate to other devices on the corporate network. Network administrators have a new platform to mitigate this threat with Network Access Protection (NAP) from Microsoft, a new set of operating system components included with Windows Server 2008 and Windows Vista that provides a platform to help ensure that client computers on a private network meet administrator-defined requirements for system health.

NAP enforces health requirements by monitoring and assessing the health of client computers when they attempt to connect or communicate on a network. Client computers that are not in compliance with the health policy can be provided with restricted network access until their configuration is updated and brought into compliance with policy. Depending on how NAP is deployed, noncompliant clients can be quarantined or automatically updated so that users can quickly regain full network access without manually updating or reconfiguring their computers.

With NAP, administrators can do the following:

  • Help ensure the ongoing health of desktop computers on the LAN that are configured for DHCP or that connect through 802.1X authenticating devices, or that have NAP IPsec policies applied to their communications.

  • Enforce health requirements for roaming laptops when they reconnect to the company network.

  • Verify the health and policy compliance of unmanaged home computers that connect to the company network through a VPN server running Routing and Remote Access (RRAS) service.

  • Determine the health and restrict access of visiting laptops brought to an organization by partners and other guests.

Designed for flexibility, NAP can interoperate with any vendor’s software that provides a System Health Agent (SHA) and System Health Validators (SHVs). NAP also includes an API set for developers and vendors to build their own components for network policy validation, ongoing compliance, and network isolation. Examples of third-party solutions that work with Network Access Protection would be antivirus, patch management, VPN, and networking equipment.

7 comments :

  1. THANK YOU SO MUCH!

    ReplyDelete
  2. Thanks alot. Your solution worked perfectly. What is this service actually supposed to do?

    ReplyDelete
  3. daniel: I've updated the post to reflect your query.

    ReplyDelete
  4. Ray

    Thank you! It was driving me nuts.

    Bob

    ReplyDelete
  5. I strongly recommend everybody spend 15 minutes using nlite to create your own XP build. With nlite you can completely remove the NAP service. My XP builds are down to 260MB iso image, 110MB ram usage, and super fast.
    www.nliteos.com the best thing for Windows.

    ReplyDelete
  6. Thank a lot. It's great that I could find the solution so easily. It was very helpful. Thanks for the explanations also.

    ReplyDelete
  7. Thanks Ray - I found Battlefield 2 kept crashing for no apparent reason - I checked for over-temp CPU, upgraded anti-virus and still it crashed!
    Now I'm going to be brave and try to learn about stripping out more XP bloatware!
    thanks again - richard N

    ReplyDelete