Win7 DCOM 配置中我的电脑出现红色箭头并且无属性显示的解决方法

近日在虚拟机装了win7 32位操作系统，测试DCOM程序，当准备用dcomcnfg配置dcom server时，发现配置中我的电脑出现红色箭头并且点右键无属性显示，

在国内网上查了许多文章，无非都是有四个服务未启动，但我的都启动了，最终在外网上找到了一篇技术文章，很详细的阐述了遇到此种情况的解决方法，原来我的是因为com+ system application服务没有启动，再看与此服务的依赖组件，最终发现是system event notification service没有启动，害得我折腾了大半天。看来，技术方面的文章还是国外的比较有参考性。以下是转载的那篇文章：

In distributed environment, when we meet problems to call DCOM components or COM+ application, the first thing is to open the Components Manager to check or reconfigure COM+/DCOM settings.  However,  it is possible that when we open the Component Services, a "Red Arrow" displays on the "My Computer" node:

 

 If we try to expand the "My Computer" node, various error messages can pop up.

To resolve such a kind of problem, we can follow below check list and most similar issues can be fixed by one of them:

1.  Ensure the MSDTC service is in started status:

2. The Users group has permission to read subkeys under HKEY_CLASSES_ROOT\CLSID. If the Users group has no permission to read the subkeys, the COM+ System Application service may have difficulties to start and cause the same "Red Arrow" problem. To grand the Read permission to Users group, we can follow (should backup HKEY_CLASSES_ROOT\CLSID first):

a. Open Regedt32, locate HKEY_CLASSES_ROOT\CLSID

b. Select the CLSID, click  Security -> Permission in the menu bar

c. In the Security tab, add USERS in the permission list, give it Read permission.

d. Click the Advanced button, select the "Replace permissions entries on all child objects with entries shown here that apply to child objects" option. Click Apply.

3. Everyone has Read permission on C:\Windows\Registration and its sub objects, we can use the command ""cacls" to configure this, refer to (the article is for WIn2003, but the NTFS file permission is required the same as Win2008/Win7):

909444  You may experience various problems after you install the Microsoft Security Bulletin MS05-051 for COM+ and MS DTC

http://support.microsoft.com/default.aspx?scid=kb;EN-US;909444

4. Ensure the COM+ System Application service is in started status:

5. The MSDTC service allows Authenticated Users to query service status. To check this, we can run this command in the Command window:

sc sdshow msdtc

If the Authenticated Users group doesn't have query permission on the MSDTC service object, this means most users have no permission to get the MSDTC service status, for example:

(A;;CR;;;AU)

We need to run this command to grant enough permission for the Authenticated user, and then restart DLLHOST.exe (before do this, please backup the output information of "sc sdshow msdtc"):

sc sdset msdtc D:(A;;CCLCSWRPLOCRRC;;;S-1-2-0)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCLCSWRPLORC;;;NS)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

Note: the key part is:  (A;;CCLCSWLOCRRC;;;AU), Other strings is taken from the "sc sdshow msdtc" result. If your envionrment is Domain, should check with AD admin team that if any Group Policy restricted the MSDTC service object access permission. If yes, please ensure the "Authentication User" has "Read" permission on the service status. This requirement (giving Authentication user Read permission on MSDTC service object) is true for WIn2003/2008/7.

For more information about the Description of ACL, please refer to:

914392  Best practices and guidance for writers of service discretionary access control lists

http://support.microsoft.com/default.aspx?scid=kb;EN-US;914392

Note: this permission change is for Service Object ACL, will not affect NTFS file properties.

This configuration point has been elaborated in our previous blogs before, please check:

http://blogs.msdn.com/asiatech/archive/2009/05/22/security-audit-failure-560-caused-by-permission-setting-of-msdtc-service.aspx

http://blogs.msdn.com/asiatech/archive/2009/04/13/cannot-expand-the-com-list-in-the-component-services-ui-error-0x8004e00f-or-0x8004d01b.aspx

6. If above steps don't help, we need to check the Application and System event log. Sometime we will consider rebuilding the COM+ system. This step is somehow risky, if you have many COM+ applications installed before, after rebuilding the COM+ system will require you to reinstall those COM+ applications:

How to clean up a damaged COM+ catalog on Win2003

http://support.microsoft.com/?id=315296

For more details on this rebuild, look at:

How to troubleshoot the "Red Arrow" issue in Component Services (II)
http://blogs.msdn.com/b/asiatech/archive/2011/01/18/how-to-troubleshoot-the-red-arrow-issue-in-component-services-ii.aspx

It's better to consult with your Application team and Microsoft Support before you start this item.

Best Regards,

Freist Li