Overview
When sending Live Alerts manually from Author Center it results in HTTP Error 500 or a "Failed to Send Real Time Alert" message is encountered.
Uninstalling and reinstalling MTS does not resolve the issue.
In the EventLogs of the IIS server DistributedCOM errors are listed:
The application-specific permission settings do not grant Local Activation permissions for the COM Server application CSLID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user UserName SID {S-1-5-21-...
Solution
Root Cause
The interpretation of the Event Log error message is: The service account does not have the proper permissions to use the RuntimeBorker.
The solution is to grant Local Activation permission to the given user for the RuntimeBroker.
The meaning of the CLSID, APPID, and SID found in the error message is the following
- {D63B10C5-BB46-4990-A94F-E40B9D520160} - is the CLSID (class ID) of the RuntimeBroker. This is the same on every Windows machine.
- {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} - is the APPID (application ID) of the RuntimeBroker. This is the same on every Windows machine.
- SID {S-1-5-21-... - is the SID (unique ID) of the service user, typically sprtWebuser, that is trying to use the RuntimeBroker)
Here is an exampe of the error message seen in the Event Log on the server running the IIS:
Updating the security permissions
The required security permission can be configured using the Component Services administrative tool.
- Open the Component Services as Administrator (Start Menu > type "component")
- Expand Component Services > Computers > My Computer > DCOM Config
- Right-click RuntimeBroker> Click Properties
- Go to the Security tab. If the Edit buttons on the Security tab is disabled, execute the step listed in the chapter Updating registry permission to enable Security settings on RuntimeBroker
- In the Launch and Activation Permissions section > Click Edit.
- Click Remove if you get a warning dialogue.
- Click Add > Advanced > Find Now and add the service account, usually sprtWebUser (if you are using a custom account/user add that instead of sprtWebUser)
- Press OK
- Select Allow for all permissions in the Security Tab.
- Press OK/Apply.
- If the issue is not solved, you might need to restart the server to have the security settings applied.
Updating registry permission to enable Security settings on RuntimeBroker
If the Edit mode is not available as seen in the screenshot, that is because your user does not have the proper rights over the CLSID and APPID of the RuntimeBroker. This can happen even if you are logged in with the Administrator user. This is because the owner of the registry items is assigned to the TrustedInstaller as described in this TechNet article from Microsoft.
You will need to change ownership and rights of the APPID and CLSID registry entries pertaining to the RuntimeBroker.
The following steps need to be applied for each of the following 4 registry entries:
- HKEY_CLASSES_ROOT\AppID\{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}
- HKEY_CLASSES_ROOT\AppID\RuntimeBroker.exe
- HKEY_CLASSES_ROOT\CLSID\{D63B10C5-BB46-4990-A94F-E40B9D520160}
- HKEY_CLASSES_ROOT\CLSID\{D63B10C5-BB46-4990-A94F-E40B9D520160}\LocalServer32
Start the Registry Editor as administrator (Windows start, type "regedit")
- Backup the given registry key (Right-click > Export)
- Right-click > Permissions, then click Advanced
- At the top click Change Owner.
- Click Advanced > Find Now > Select the Administrators group (or any user that should have the right to update the DCOM security settings for the RuntimeBroker). Click OK to save it.
- Click OK to save the Ownership change.
- You should be back to the Permissions tab, but this time you should already have the ability to change permissions.
- Select the Administrator user, check the Allow next to Full Controll
- Click Apply (don't click OK yet), to have the settings applied.
- Select Advanced again.
- Select the "Replace all child object permission entries with inheritable permission entries from this object" and click OK, to have the permissions replaced on the child entries. Confirm the change by clicking OK on the pop-up message.
- Now you can click OK on the Permission page to have the settings saved.
After updating the settings on all 4 registry entries, restart the server to have the permissions reread/reapplied by all services. Once server restarted you can go back to updating the DCOM security permissions for the RuntimeBroker.
Comments
0 comments
Article is closed for comments.