Therefore, Microsoft addressed this vulnerability with a phased approach, which is configurable by the RequireIntegrityActivationAuthenticationLevel registry key. However, some applications require a code change to comply with the new security level. Later, Microsoft released security updates that improved DCOM protocol hardening. In 2021, the Windows DCOM Server Security Feature Bypass vulnerability was discovered and released in CVE-2021-26414. The latest versions of Configuration Manager make security changes, so we recommend that you upgrade to Configuration Manager, version 2203 or a later version. Besides enhancing security, installing the update can ensure the same level of DCOM hardening and logging capabilities. To resolve these issues, install the latest cumulative update for Windows on both computers that initiate the connection (the remote console or site server) and receive it (the SMS Provider, distribution point, or remote client). (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))Īt ()Īt ()Īt ()Īt ()Īt .WqlConnectionManager.Connect(String configMgrServerPath)Īt .GetConnectionManagerInstance(String connectionManagerInstance) Resolution (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))'Īccess is denied. Insufficient privilege to connect, error: 'Access is denied. When the Configuration Manager administrator connects remotely to client computers, the same issue (under any user account, the remote connection fails, but the local connection is successful) occurs for Configuration Manager tools like Support Center or Policy Spy.Ĭontent fails to be distributed to a remote distribution point.Įrror codes that are recorded in the respective log files or client applications may resemble the following: Error codeįor example, when the administrator tries to open a console remotely, the SmsAdminUI.log file displays the following error message: However, under the same credential, a local connection to the SMS Provider is successful. The Configuration Manager console fails to access the SMS Provider remotely under any user account. SymptomsĪfter installing the June 2022 security updates for Windows or later, a Configuration Manager administrator encounters one of the following issues: This article provides solutions for issues that may occur in Configuration Manager after the June 2022 security updates for Windows are installed. With the June 2022 security updates for Windows, hardening changes in DCOM are enabled by default. Microsoft Endpoint Configuration Manager uses the Distributed Component Object Model (DCOM) Remote Protocol at multiple parts of functionality. This is the recommend action for these events.Applies to: Configuration Manager (current branch) These events can be safely ignored because they do not adversely affect functionality and are by design. The reason why it does not skip the first attempt is because there are scenarios where it can succeed. If the first attempt is unsuccessful, it tries again with another set of parameters. A coding pattern has been implemented where the code first tries to access the DCOM components with one set of parameters. In this case, this is expected and by design. These 10016 events are recorded when Microsoft components tries to access DCOM components without the required permissions. #New-PSDrive -Name HKCR -PSProvider Registry -Root HKEY_CLASSES_ROOT | Out-Null # New-PSDrive Creates temporary and persistent mapped network drives. $logEntry = Get-WinEvent -FilterHashTable LogName = 'System ' Level = 2} | Where-Object " # Search for System event log ERROR entries starting with the specified EVT_MSG $EVT_MSG = "The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID " #$logs = Get-EventLog -LogName "System" -EntryType Error -Source "DCOM" -Newest 1 -Message "The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID*" # The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID # Get-EventLog Application -EntryType Error -Source "DistributedCOM" # Get-EvengLog doesn't quite work I guess:
0 Comments
Leave a Reply. |