Event 10036, DistributedCOM

BM403
Comes here often

Event 10036, DistributedCOM

Hello,

 

Have an error that just started occurring last Tuesday, September 14th after updating my domain controllers. I'm getting the following error; 

 

The server-side authentication level policy does not allow the user domain\user SID (X-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXX-XXXXX) from address 10.0.100.254 to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application.

 

The IP address (10.0.100.254) is my MX IP Address. This error I believe has to do with Active Directory Authentication I have set up under Security & SD-WAN Active Directory. I'm getting the same error for all 3 sites each pointing to the IP address of the MX device. The error occurs roughly every 2 hours in my event log on my domain controllers.

 

In my test network, I disabled Active Directory Authentication on that MX and the errors stopped. I have googled my heart out for Event 10036, DistributedCOM, and can't find anything related to the above error. I did find one someone on Reddit who experienced the same issue but it was on a Palo Alto firewall. 

 

Does anyone else have this happen since last week's patch Tuesday? I'm not even sure how I would go about raising the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application.

 

Everything works fine and users can still login into the client VPN using their AD credentials. But, this error is really strange and is filling up my event logs. 

 

When I run a dcdiag everything passes, but the error shows up under SystemLog

 

Could this be a possible bug? 

 

5 REPLIES 5
PaulStanley
Conversationalist

Re: Event 10036, DistributedCOM

I just noticed this error this morning while looking for another issue. 

NetBeast33
New here

Re: Event 10036, DistributedCOM

Having the same issue. I raised the authentication level to Packet Integrity on a Server 2016 DC, rebooted and errors still present.


Checked my MX device and had a generic WMI error that referenced setting up MX device to authenticate to AD.

 

Configuring Active Directory with MX Security Appliances - Cisco Meraki

 

Read the link a bit and went back to the device and error is no longer present.

 

Looking into it further tomorrow. Will update if any progress.

ALibrarian
New here

Re: Event 10036, DistributedCOM

Hi! I've seen this error attributed to the September update - KB5005568: 

https://docs.microsoft.com/en-us/answers/questions/564347/server-2019-update-kb5005568-sept-2021-for... 

 

 

BM403
Comes here often

Re: Event 10036, DistributedCOM

I get those WMI errors on my MX every so often. I believe this is on MS to resolve and hopefully address the issue soon. No impact to my AD authentication because of the error, it's just really annoying seeing it fill up my event log. 

BM403
Comes here often

Re: Event 10036, DistributedCOM

Thanks for this link, ALibraian. I will continue to monitor that post and see if anyone comes up with a solution. I've tried a number of fixes for this and have come up empty. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels