Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 23181 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Many Errors Event ID 10028

alejandro solar

Hi, my problem is in the DC Server the event log show in tha last hour 10210 log of event id 10028, for me it's too many.

Please, help me, how can i resolve this or what trigger this.

Thanks



This thread was automatically locked due to age.
  • 0

    Alejandro,

    I advice you to open a ticket with Support. Can you translate what the error message is saying?

    Thanks

  • 0 in reply to lferrara

    Coloco a continuacion lo que me da el DC:

    Nombre de registro:System
    Origen:        Microsoft-Windows-DistributedCOM
    Fecha:         16/03/2017 16:02:40
    Id. del evento:10028
    Categoría de la tarea:Ninguno
    Nivel:         Error
    Palabras clave:Clásico
    Descripción:
    DCOM no pudo comunicarse con el equipo 212.252.97.110 usando ninguno de los protocolos configurados; solicitado por PID      6f4 (C:\Program Files (x86)\Sophos\Sophos Transparent Authentication Suite\stas.exe).
    XML de evento:
    <Event xmlns="schemas.microsoft.com/.../event">
      <System>
        <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
        <EventID Qualifiers="0">10028</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <EventRecordID>351170</EventRecordID>
        <Correlation />
        <Execution ProcessID="656" ThreadID="4416" />
        <Channel>System</Channel>
        <Security UserID="S-1-5-21-4210473518-416093976-3590475133-500" />
      </System>
      <EventData>
        <Data Name="param1">212.252.97.110</Data>
        <Data Name="param2">     6f4</Data>
        <Data Name="param3">C:\Program Files (x86)\Sophos\Sophos Transparent Authentication Suite\stas.exe</Data>
        <Binary>3C5265636F726423313A20436F6D70757465723D286E756C6C293B5069643D3635363B332F31362F323031372032303A323A34303A3337323B5374617475733D313732323B47656E636F6D703D323B4465746C6F633D313731303B466C6167733D303B506172616D733D313B7B506172616D23303A307D3E3C5265636F726423323A20436F6D70757465723D286E756C6C293B5069643D3635363B332F31362F323031372032303A323A34303A3337323B5374617475733D313732323B47656E636F6D703D31383B4465746C6F633D313434323B466C6167733D303B506172616D733D313B7B506172616D23303A3231322E3235322E39372E3131307D3E3C5265636F726423333A20436F6D70757465723D286E756C6C293B5069643D3635363B332F31362F323031372032303A323A34303A3337323B5374617475733D313732323B47656E636F6D703D31383B4465746C6F633D3332333B466C6167733D303B506172616D733D303B3E3C5265636F726423343A20436F6D70757465723D286E756C6C293B5069643D3635363B332F31362F323031372032303A323A34303A3337323B5374617475733D313233373B47656E636F6D703D31383B4465746C6F633D3331333B466C6167733D303B506172616D733D303B3E3C5265636F726423353A20436F6D70757465723D286E756C6C293B5069643D3635363B332F31362F323031372032303A323A34303A3337323B5374617475733D31303036303B47656E636F6D703D31383B4465746C6F633D3331313B466C6167733D303B506172616D733D333B7B506172616D23303A3133357D7B506172616D23313A307D7B506172616D23323A3078366536316663643430303030303030307D3E3C5265636F726423363A20436F6D70757465723D286E756C6C293B5069643D3635363B332F31362F323031372032303A323A34303A3337323B5374617475733D31303036303B47656E636F6D703D31383B4465746C6F633D3331383B466C6167733D303B506172616D733D303B3E</Binary>
      </EventData>
    </Event>

  • 0 in reply to alejandro solar

    Something is not working correctly because from the error there is a Public IP.

    Did you follow all the steps from this KB?

    https://community.sophos.com/kb/en-us/123156

    Thanks

  • 0 in reply to lferrara

    Yes, that is a public ip but in every event log is diferent public ip.

    And, yes I follow the steps of the link that you indicate.

    Any other possible solution to this.

  • 0 in reply to alejandro solar

    Open a ticket with support and let us know!

    Thanks

  • 0

    Hi Alejandro,

    Those are DCOM errors which might be caused due to failed WMI queries. Perform WMI\Registry read access verification to user’s IP address. If the query fails then follow the steps:

    • Windows firewall or Antivirus could block WMI\Registry read access query. Add exception for TCP port 445 and 135 in client machine.
    • Make sure that RPC, RPC locator, DCOM, WMI services are enabled in the system.
    • Client machine should resolve AD FQDN, if not add host entry into machine or use AD IP as primary DNS.
    • If there is any router/firewall in between, make sure that port 135 and 445 is open.
    • Ensure that administrator account used in STAS is having administrator rights on client system.

    Hope that helps.