Event ID 10009


Problem: The DCOM event ID 10009 will occur when a client workstation has a misconfigured firewall or other issues affecting its network communications within the domain. For example, if the workstation is not managed by an SBS GPO. In this scenario, the DCOM event ID 10009 will happen repeatedly, potentially hundreds per day.

Resolution: To attempt to resolve configuration issues with the firewall try the following:


  • Make sure to allow remote management exception. Depending on your firewall solution this might be implemented or might require opening several ports. Unfortunately, this means opening common ports like TCP/135, TCP/139 but also a range of dynamic ports that cannot easily be defined and start at 1025. Check with your firewall manufacturer for the proper ways of allowing dynamic RPC traffic.
  • If the workstation is on a different subnet than the SBS server and it is running Windows XP SP2 or higher, the firewall exceptions provided by the SBS group policies will not properly allow the required connectivity. You should edit the Client XP GPO and change the scope of the rules to allow subnet + the internal IP of the server. Follow the extra steps below to properly monitor XP SP2 (or higher) machines running in the SBS domain on different subnets than the SBS server, and prevent the DCOM event ID 10009 errors if that is the case.

  1. Click Start, click Run, type GPMC.MSC, and click OK.
  2. Click Continue on the UAC prompt.
  3. Expand Forest: Domain.local, Domains, Domain.local and select Group Policy Objects. (Replace Domain.local with your domain)
  4. Right-click the Windows SBS Client – Windows XP Policy and click Edit.
  5. Expand Computer Configuration, Policies, Administrative Templates, Network, Network Connections, Windows Firewall, Domain Profile.
  6. Find the IP Address of the server: Open a command prompt window (cmd.exe) from the Start menu. In the command prompt window type IPConfig and press return. Make note of the IPv4 address listed.
  7. In the Group Policy Management Editor, double click Windows Firewall: Allow inbound file and printer sharing exception
  • In the text box labeled Allow unsolicited incoming messages from these IP addresses, add the IP (IPv4) of the server. For example, if the IP of the server is 192.168.1.2, the text box should read: localsubnet,192.168.1.2.
  • Click OK.
  • Repeat Steps 7.a and 7.b for the following rules:
    • Windows Firewall: Allow inbound remote administration exception
    • Windows Firewall: Allow inbound remote desktop exceptions