Monday, July 2, 2012

Permission settings do not grant Local Activation permission

Q: We are setting this message in our Event logs
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {61738644-F196-11D0-9953-00C04FD919C1} and APPID {61738644-F196-11D0-9953-00C04FD919C1} to the user DOMAIN\USERNAME SID (S-1-5-21-1832317618-3868561790-2811425143-7650) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
A: We've seen this for years and the fix is always the same:

  1. Open Regedit, to identify which program the CLSID is referring.
  2. Search for {61738644 (the first part of the string above, you can also search for the entire string).
  3. You'll find the (Default) Value for this registry key is "IIS WAMREG admin Service"
  4. Open DCOMCNFG
    1. Expand "Component Service"
    2. Expand "Computers"
    3. Expand "My Computer"
    4. Expand "DCOM Config"
    5. Locate "IIS WAMREG admin Service"
    6. Right click on "IIS WAMREG admin Service" and select Properties
    7. Click on the Security Tab
    8. In the "Launch and Activation Permissions section, be sure (X) Customize is selected & click EDIT
    9. In the "Launch Permission" window click "Add" to add the account mentioned in the error message above.
    10. The complaint is that the account does not have "Local Activation permission" so simply make sure the account has that Permission enabled.
    11. NOTE: We usually enable "Local Launch" as well as "Local Activation" for this account.
  5. Then you're done. Reboot or IISRESET and try the site again and look for that message.