上一篇
下一篇
DCOM 遇到错误“登录失败: 未知的用户名或错误密码。 ”并且无法登录到 .\McAfee...
作者:Richard 日期:2010-07-16
DCOM 遇到错误“登录失败: 未知的用户名或错误密码。 ”并且无法登录到 .\McAfeeMVSUser 上以运行服务器:
{2242B406-90A2-4EF9-BC19-492D477F7914}
Corporate KnowledgeBase
ERROR: DCOM Error Event ID 10001 (using Total Protection Services on Domain Controllers)
Printer Friendly Rate this Page
Corporate KnowledgeBase ID: KB58633
Last Modified: March 12, 2010
Environment
Microsoft Windows Server (Domain Controllers)
Summary
In previous versions of Total Protection, if no one was logged on, the computer would not update. To address this issue for those with unattended servers, mvsuser was introduced. This acts as a user for updating purposes in the absence of a actual logged on user. This feature works on many platforms and servers with the exception of Domain Controllers, because these require a domain user and, for security reasons, mvsuser only installs as a local user.
Problem
Total Protection fails to update on Domain Controllers when no users are logged in.
Account lockout errors are generated for McAfeeMVSUser on domain controllers.
The following error is displayed in the Windows System Event Viewer:
DCOM Error Event ID 10001 / 10004: Unable to start a DCOM Server: {427D6FE2-4FA4-B65C-AC7E2VF0B976} as ./ McAfeeMVSUser. The Error: "Access is denied." Happened while starting this command: "C:\Program Files\McAfee\Managed VirusScan\Agent\MyUsrSrv3.5.0.exe" -Embedding
The following error is displayed in the Windows Security Event Viewer:
Security 529 Logon Failure:
Reason: Unknown user name or bad password
User Name: McAfeeMVSUser
The following event 10004 error is logged on the domain controllers:
DCOM got error "Logon failure: user account restriction. "and was unable to logon .\McAfeeMVSUser in order to run the server:{2242B406-90A2-4EF9-BC19-492D477F7914}
Cause
These events are informational and are non-critical errors. They are generated when the default McAfeeMVSUser account attempts to automatically update on a Domain Controller when a user is not logged in.
Total Protection is unable to automatically create a user account with sufficient privileges to update on a Domain Controller when no user is logged in. This is to avoid creating any unnecessary security risks on a critical network component.
On most computers, the McAfeeMVSUser account has sufficient privileges to update without a user logged in. When a user is logged in, the privileges of the logged in user allow the updates to occur.
Solution 1
A user account with sufficient permissions to update must be logged in to the Domain Controller to allow Managed VirusScan / Total Protection Services to update.
To stop these errors, disable the McAfeeMVSUser account from an Administrator account:
Step 1 - Create a new group for the Domain Controller
Log in to: http://www.mcafeeasap.com.
At the top of the page, click Groups + Policies.
Click Add Group, type a name for the new group (for example, Domain Controller), then click Save.
Step 2 - Create a new Policy to disable the McAfeeMVSUser account
Click Add Policy.
Enter a name for the new policy (for example, Domain Controller).
Click the Advanced Settings tab.
Deselect Update client computers where users are not logged in.
Click Save.
Step 3 - Apply the new policy to the Domain Controller
On the Groups + Policies page, locate the new group and select Edit / Assign Policy.
From the drop-down menu, select the new Policy and click Save.
At the top of the page, click Computers.
In the list of computers, select your Domain Controller.
At the bottom of the page, from the Move to drop-down menu, select the new group, then click Move.
The Domain Controller will receive the updated policy at the next update interval.
Solution 2
Manually disable the McAfeeMVSUser account on the Domain Controller.
Click Start, Run, type cmd and click OK.
Go to C:\Program Files\McAfee\Managed VirusScan\Agent.
Type the following command, then press ENTER:
myUsrSrv4.0.0.358.exe /UnregServer
NOTE :
This only disables the McAfeeMVSUser account. An account with the correct permissions must still be logged in to allow updating.
You can create an acount for updating purposes only and leave this logged on while locking the DC server screen.
Previous Document ID
KB47500
我这边使用办法一还是报错,使用办法二有效,只是最后那个命令是 myUsrSrv5.0.0.811.exe 这个版本的。
{2242B406-90A2-4EF9-BC19-492D477F7914}
Corporate KnowledgeBase
ERROR: DCOM Error Event ID 10001 (using Total Protection Services on Domain Controllers)
Printer Friendly Rate this Page
Corporate KnowledgeBase ID: KB58633
Last Modified: March 12, 2010
Environment
Microsoft Windows Server (Domain Controllers)
Summary
In previous versions of Total Protection, if no one was logged on, the computer would not update. To address this issue for those with unattended servers, mvsuser was introduced. This acts as a user for updating purposes in the absence of a actual logged on user. This feature works on many platforms and servers with the exception of Domain Controllers, because these require a domain user and, for security reasons, mvsuser only installs as a local user.
Problem
Total Protection fails to update on Domain Controllers when no users are logged in.
Account lockout errors are generated for McAfeeMVSUser on domain controllers.
The following error is displayed in the Windows System Event Viewer:
DCOM Error Event ID 10001 / 10004: Unable to start a DCOM Server: {427D6FE2-4FA4-B65C-AC7E2VF0B976} as ./ McAfeeMVSUser. The Error: "Access is denied." Happened while starting this command: "C:\Program Files\McAfee\Managed VirusScan\Agent\MyUsrSrv3.5.0.exe" -Embedding
The following error is displayed in the Windows Security Event Viewer:
Security 529 Logon Failure:
Reason: Unknown user name or bad password
User Name: McAfeeMVSUser
The following event 10004 error is logged on the domain controllers:
DCOM got error "Logon failure: user account restriction. "and was unable to logon .\McAfeeMVSUser in order to run the server:{2242B406-90A2-4EF9-BC19-492D477F7914}
Cause
These events are informational and are non-critical errors. They are generated when the default McAfeeMVSUser account attempts to automatically update on a Domain Controller when a user is not logged in.
Total Protection is unable to automatically create a user account with sufficient privileges to update on a Domain Controller when no user is logged in. This is to avoid creating any unnecessary security risks on a critical network component.
On most computers, the McAfeeMVSUser account has sufficient privileges to update without a user logged in. When a user is logged in, the privileges of the logged in user allow the updates to occur.
Solution 1
A user account with sufficient permissions to update must be logged in to the Domain Controller to allow Managed VirusScan / Total Protection Services to update.
To stop these errors, disable the McAfeeMVSUser account from an Administrator account:
Step 1 - Create a new group for the Domain Controller
Log in to: http://www.mcafeeasap.com.
At the top of the page, click Groups + Policies.
Click Add Group, type a name for the new group (for example, Domain Controller), then click Save.
Step 2 - Create a new Policy to disable the McAfeeMVSUser account
Click Add Policy.
Enter a name for the new policy (for example, Domain Controller).
Click the Advanced Settings tab.
Deselect Update client computers where users are not logged in.
Click Save.
Step 3 - Apply the new policy to the Domain Controller
On the Groups + Policies page, locate the new group and select Edit / Assign Policy.
From the drop-down menu, select the new Policy and click Save.
At the top of the page, click Computers.
In the list of computers, select your Domain Controller.
At the bottom of the page, from the Move to drop-down menu, select the new group, then click Move.
The Domain Controller will receive the updated policy at the next update interval.
Solution 2
Manually disable the McAfeeMVSUser account on the Domain Controller.
Click Start, Run, type cmd and click OK.
Go to C:\Program Files\McAfee\Managed VirusScan\Agent.
Type the following command, then press ENTER:
myUsrSrv4.0.0.358.exe /UnregServer
NOTE :
This only disables the McAfeeMVSUser account. An account with the correct permissions must still be logged in to allow updating.
You can create an acount for updating purposes only and leave this logged on while locking the DC server screen.
Previous Document ID
KB47500
我这边使用办法一还是报错,使用办法二有效,只是最后那个命令是 myUsrSrv5.0.0.811.exe 这个版本的。
文章来自: 
引用通告: 
Tags: 评论: 1 | 引用: 0 | 查看次数: -
回复
Richard[2011-09-08 09:13 AM | 
]myUsrSrv5.2.2.121.exe 升级到这个版本的时候系统错误日志里头又开始报这个错误了,重复了解决办法二之后就又正常了!!
发表评论