After I setup Kerberos yesterday, I was looking through the logs, and found this error coming up on a rather frequent basis:

“The application-specific permissions settings do not grant Local Activation permission for the COM Server application with CLSID {CLSID} to the user Domain\User SID {SID}. This security permission can be modified using the Component Services administration tool.”

 The associated Event ID is 10017.

Microsoft has provided a set of articles, and here are the step-by-step instructions:

  1. On the server that is running SharePoint Server 2007, click Start, click Run, type dcomcnfg in the Open box, and then click OK.
  2. Expand Component Services, expand Computers, right-click My Computer, and then click Properties.
  3. Do one of the following:
    • For Windows Server 2003, click the Default Properties tab, click Delegate in the Default Impersonation Level box, and then click OK.
    • For Windows Server 2008, click the Default Properties tab, click Identify in the Default Impersonation Level box, and then click OK.
  4. Expand Component Services, expand Computers, and then double-click My Computer.
  5. Double-click the DCOM Config folder, and then right-click IIS WAMREG admin Service.
  6. Click Properties, click the Security tab, and then under Launch and Activate Permissions, click Edit.
  7. In the Launch Permission dialog box, click Add.
  8. In the Select Users, Computers, or Groups dialog box, type the user account that you specified as the SharePoint Server 2007 application pool account, click Check Names, and then click OK.
  9. In the Permissions for UserName list, click to select the Allow check box that is next to Local Activation, and then click OK.
  10. If you have more than one application pool account, repeat steps 7 to 9 for each one.
  11. Click OK.
Advertisements