After installing SP2 I received the following error "The
class is configured to run as a security id different
from the caller" whenever I try to start the Windows
firewall on a domain. I created a test domain and
recreated the problem with another workstation. The
Firewall starts after the first reboot, but after that
group policy seems to apply, which on the test domain I
only configured the new windows firewall settings to
enable it. I have seen a couple of posts on the Internet
with the same issue, but none of them had any resolutions
listed. To get by for now I have to disable the Windows
Firewall. I am thinking that I am missing something in
Group policy, but I can't find it. Any ideas?

Thanks Lyle

Click Start, Run and enter SERVICES.MSC Locate the Windows =
Firewall/Internet Connection Sharing service and double click it. Go to =
the Logon tab and make sure its set to log on as the Local System =
Account. Allow this service to interact with the desktop should be =
Unchecked.

--=20
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.
=20
"Lyle" > wrote in message =
...
> After installing SP2 I received the following error "The=20
> class is configured to run as a security id different=20
> from the caller" whenever I try to start the Windows=20
> firewall on a domain. I created a test domain and=20
> recreated the problem with another workstation. The=20
> Firewall starts after the first reboot, but after that=20
> group policy seems to apply, which on the test domain I=20
> only configured the new windows firewall settings to=20
> enable it. I have seen a couple of posts on the Internet=20
> with the same issue, but none of them had any resolutions=20
> listed. To get by for now I have to disable the Windows=20
> Firewall. I am thinking that I am missing something in=20
> Group policy, but I can't find it. Any ideas?
>=20
> Thanks Lyle

It is set to Local System Account and the check box is
cleared. That is the default setting I had,
unfortunately that didn't resolve the issue. We did
notice that by switching to a workgroup the firewall did
run, but when we joined the domain again the problem
reoccured. That is why I was thinking it might be
related to a group policy setting that I was missing.

Thanks Lyle

>-----Original Message-----
>Click Start, Run and enter SERVICES.MSC Locate the
Windows Firewall/Internet Connection Sharing service and
double click it. Go to the Logon tab and make sure its
set to log on as the Local System Account. Allow this
service to interact with the desktop should be Unchecked.
>
>--
>Doug Knox, MS-MVP Windows Media Center\Windows Powered
Smart Display
>Win 95/98/Me/XP Tweaks and Fixes
>http://www.dougknox.com
>--------------------------------
>Per user Group Policy Restrictions for XP Home and XP Pro
>http://www.dougknox.com/xp/utils/xp_securityconsole.htm
>--------------------------------
>Please reply only to the newsgroup so all may benefit.
>Unsolicited e-mail is not answered.
>
>"Lyle" > wrote in
message ...
>> After installing SP2 I received the following
error "The
>> class is configured to run as a security id different
>> from the caller" whenever I try to start the Windows
>> firewall on a domain. I created a test domain and
>> recreated the problem with another workstation. The
>> Firewall starts after the first reboot, but after that
>> group policy seems to apply, which on the test domain
I
>> only configured the new windows firewall settings to
>> enable it. I have seen a couple of posts on the
Internet
>> with the same issue, but none of them had any
resolutions
>> listed. To get by for now I have to disable the
Windows
>> Firewall. I am thinking that I am missing something
in
>> Group policy, but I can't find it. Any ideas?
>>
>> Thanks Lyle
>.
>

I posted this exact same question last Friday on this
message board. I never recieved any kind of response so
I'd be real interested, too, in any resolution that is
available. There is nothing that I could find in the KB.
That error is referenced but it applies to CA in W2K.

Thanks for the tip about joining a workgroup. That gives
me something to work with to maybe track down a permanent
fix. I'll start digging through our group policies to see
if I can find something.

>-----Original Message-----
>It is set to Local System Account and the check box is
>cleared. That is the default setting I had,
>unfortunately that didn't resolve the issue. We did
>notice that by switching to a workgroup the firewall did
>run, but when we joined the domain again the problem
>reoccured. That is why I was thinking it might be
>related to a group policy setting that I was missing.
>
>Thanks Lyle
>
>>-----Original Message-----
>>Click Start, Run and enter SERVICES.MSC Locate the
>Windows Firewall/Internet Connection Sharing service and
>double click it. Go to the Logon tab and make sure its
>set to log on as the Local System Account. Allow this
>service to interact with the desktop should be Unchecked.
>>
>>--
>>Doug Knox, MS-MVP Windows Media Center\Windows Powered
>Smart Display
>>Win 95/98/Me/XP Tweaks and Fixes
>>http://www.dougknox.com
>>--------------------------------
>>Per user Group Policy Restrictions for XP Home and XP
Pro
>>http://www.dougknox.com/xp/utils/xp_securityconsole.htm
>>--------------------------------
>>Please reply only to the newsgroup so all may benefit.
>>Unsolicited e-mail is not answered.
>>
>>"Lyle" > wrote in
>message ...
>>> After installing SP2 I received the following
>error "The
>>> class is configured to run as a security id different
>>> from the caller" whenever I try to start the Windows
>>> firewall on a domain. I created a test domain and
>>> recreated the problem with another workstation. The
>>> Firewall starts after the first reboot, but after
that
>>> group policy seems to apply, which on the test domain
>I
>>> only configured the new windows firewall settings to
>>> enable it. I have seen a couple of posts on the
>Internet
>>> with the same issue, but none of them had any
>resolutions
>>> listed. To get by for now I have to disable the
>Windows
>>> Firewall. I am thinking that I am missing something
>in
>>> Group policy, but I can't find it. Any ideas?
>>>
>>> Thanks Lyle
>>.
>>
>.
>

The trick is that you have to delete the following key
per MS support.
HKeyLocalMachine-Software-Classes-AppID-{ce166e40-1e72-
45b9-94c9-3b2050e8f180}
After deleting the key reboot and this should resolve
your issue. I have reproduced this on my system also.

This is currently being reviewed before being put into
the knowledge base.

See the following link for more information:

http://x220.minasi.com/forum/topic.asp?
TOPIC_ID=10029&#42277

Thanks for your help.
Lyle

>-----Original Message-----
>I posted this exact same question last Friday on this
>message board. I never recieved any kind of response so
>I'd be real interested, too, in any resolution that is
>available. There is nothing that I could find in the KB.
>That error is referenced but it applies to CA in W2K.
>
>Thanks for the tip about joining a workgroup. That gives
>me something to work with to maybe track down a
permanent
>fix. I'll start digging through our group policies to
see
>if I can find something.
>
>>-----Original Message-----
>>It is set to Local System Account and the check box is
>>cleared. That is the default setting I had,
>>unfortunately that didn't resolve the issue. We did
>>notice that by switching to a workgroup the firewall
did
>>run, but when we joined the domain again the problem
>>reoccured. That is why I was thinking it might be
>>related to a group policy setting that I was missing.
>>
>>Thanks Lyle
>>
>>>-----Original Message-----
>>>Click Start, Run and enter SERVICES.MSC Locate the
>>Windows Firewall/Internet Connection Sharing service
and
>>double click it. Go to the Logon tab and make sure its
>>set to log on as the Local System Account. Allow this
>>service to interact with the desktop should be
Unchecked.
>>>
>>>--
>>>Doug Knox, MS-MVP Windows Media Center\Windows Powered
>>Smart Display
>>>Win 95/98/Me/XP Tweaks and Fixes
>>>http://www.dougknox.com
>>>--------------------------------
>>>Per user Group Policy Restrictions for XP Home and XP
>Pro
>>>http://www.dougknox.com/xp/utils/xp_securityconsole.htm
>>>--------------------------------
>>>Please reply only to the newsgroup so all may benefit.
>>>Unsolicited e-mail is not answered.
>>>
>>>"Lyle" > wrote in
>>message ...
>>>> After installing SP2 I received the following
>>error "The
>>>> class is configured to run as a security id
different
>>>> from the caller" whenever I try to start the Windows
>>>> firewall on a domain. I created a test domain and
>>>> recreated the problem with another workstation. The
>>>> Firewall starts after the first reboot, but after
>that
>>>> group policy seems to apply, which on the test
domain
>>I
>>>> only configured the new windows firewall settings to
>>>> enable it. I have seen a couple of posts on the
>>Internet
>>>> with the same issue, but none of them had any
>>resolutions
>>>> listed. To get by for now I have to disable the
>>Windows
>>>> Firewall. I am thinking that I am missing something
>>in
>>>> Group policy, but I can't find it. Any ideas?
>>>>
>>>> Thanks Lyle
>>>.
>>>
>>.
>>
>.
>

Thanks for passing this on, Lyle. You may also want to look in =
Administrative Tools, Component Services, My Computer, DCOM Config, =
SharedAccess for the normal settings here. Its possible that there is =
some conflict with the users/groups that are assigned permissions. =
Possibly the difference between Administrators and Domain =
Administrators.

--=20
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.
=20
"Lyle" > wrote in message =
...
> The trick is that you have to delete the following key=20
> per MS support.
> HKeyLocalMachine-Software-Classes-AppID-{ce166e40-1e72-
> 45b9-94c9-3b2050e8f180}
> After deleting the key reboot and this should resolve=20
> your issue. I have reproduced this on my system also.
>=20
> This is currently being reviewed before being put into=20
> the knowledge base.
>=20
> See the following link for more information:
>=20
> http://x220.minasi.com/forum/topic.asp?
> TOPIC_ID=3D10029&#42277
>=20
> Thanks for your help.
> Lyle
>=20
>>-----Original Message-----
>>I posted this exact same question last Friday on this=20
>>message board. I never recieved any kind of response so=20
>>I'd be real interested, too, in any resolution that is=20
>>available. There is nothing that I could find in the KB.=20
>>That error is referenced but it applies to CA in W2K.=20
>>
>>Thanks for the tip about joining a workgroup. That gives=20
>>me something to work with to maybe track down a=20
> permanent=20
>>fix. I'll start digging through our group policies to=20
> see=20
>>if I can find something.
>>
>>>-----Original Message-----
>>>It is set to Local System Account and the check box is=20
>>>cleared. That is the default setting I had,=20
>>>unfortunately that didn't resolve the issue. We did=20
>>>notice that by switching to a workgroup the firewall=20
> did=20
>>>run, but when we joined the domain again the problem=20
>>>reoccured. That is why I was thinking it might be=20
>>>related to a group policy setting that I was missing.
>>>
>>>Thanks Lyle
>>>
>>>>-----Original Message-----
>>>>Click Start, Run and enter SERVICES.MSC Locate the=20
>>>Windows Firewall/Internet Connection Sharing service=20
> and=20
>>>double click it. Go to the Logon tab and make sure its=20
>>>set to log on as the Local System Account. Allow this=20
>>>service to interact with the desktop should be=20
> Unchecked.
>>>>
>>>>--=20
>>>>Doug Knox, MS-MVP Windows Media Center\Windows Powered=20
>>>Smart Display
>>>>Win 95/98/Me/XP Tweaks and Fixes
>>>>http://www.dougknox.com
>>>>--------------------------------
>>>>Per user Group Policy Restrictions for XP Home and XP=20
>>Pro
>>>>http://www.dougknox.com/xp/utils/xp_securityconsole.htm
>>>>--------------------------------
>>>>Please reply only to the newsgroup so all may benefit.
>>>>Unsolicited e-mail is not answered.
>>>>=20
>>>>"Lyle" > wrote in=20
>>>message ...
>>>>> After installing SP2 I received the following=20
>>>error "The=20
>>>>> class is configured to run as a security id=20
> different=20
>>>>> from the caller" whenever I try to start the Windows=20
>>>>> firewall on a domain. I created a test domain and=20
>>>>> recreated the problem with another workstation. The=20
>>>>> Firewall starts after the first reboot, but after=20
>>that=20
>>>>> group policy seems to apply, which on the test=20
> domain=20
>>>I=20
>>>>> only configured the new windows firewall settings to=20
>>>>> enable it. I have seen a couple of posts on the=20
>>>Internet=20
>>>>> with the same issue, but none of them had any=20
>>>resolutions=20
>>>>> listed. To get by for now I have to disable the=20
>>>Windows=20
>>>>> Firewall. I am thinking that I am missing something=20
>>>in=20
>>>>> Group policy, but I can't find it. Any ideas?
>>>>>=20
>>>>> Thanks Lyle
>>>>.
>>>>
>>>.
>>>
>>.
>>

Can you be more specific, please. (i.e. What are
the 'normal' settings in DCOM config? What differences
should I look for between the admin accounts?)

I tried Lyle's fix and it worked but I don't want to have
to hack the registry on all 250+ computers on my domain
before I can safely install SP2.

Thanks
Ken

>-----Original Message-----
>Thanks for passing this on, Lyle. You may also want to
look in Administrative Tools, Component Services, My
Computer, DCOM Config, SharedAccess for the normal
settings here. Its possible that there is some conflict
with the users/groups that are assigned permissions.
Possibly the difference between Administrators and Domain
Administrators.
>
>--
>Doug Knox, MS-MVP Windows Media Center\Windows Powered
Smart Display
>Win 95/98/Me/XP Tweaks and Fixes
>http://www.dougknox.com
>--------------------------------
>Per user Group Policy Restrictions for XP Home and XP Pro
>http://www.dougknox.com/xp/utils/xp_securityconsole.htm
>--------------------------------
>Please reply only to the newsgroup so all may benefit.
>Unsolicited e-mail is not answered.
>
>"Lyle" > wrote in
message ...
>> The trick is that you have to delete the following key
>> per MS support.
>> HKeyLocalMachine-Software-Classes-AppID-{ce166e40-1e72-
>> 45b9-94c9-3b2050e8f180}
>> After deleting the key reboot and this should resolve
>> your issue. I have reproduced this on my system also.
>>
>> This is currently being reviewed before being put into
>> the knowledge base.
>>
>> See the following link for more information:
>>
>> http://x220.minasi.com/forum/topic.asp?
>> TOPIC_ID=10029ꔥ
>>
>> Thanks for your help.
>> Lyle
>>
>>>-----Original Message-----
>>>I posted this exact same question last Friday on this
>>>message board. I never recieved any kind of response
so
>>>I'd be real interested, too, in any resolution that is
>>>available. There is nothing that I could find in the
KB.
>>>That error is referenced but it applies to CA in W2K.
>>>
>>>Thanks for the tip about joining a workgroup. That
gives
>>>me something to work with to maybe track down a
>> permanent
>>>fix. I'll start digging through our group policies to
>> see
>>>if I can find something.
>>>
>>>>-----Original Message-----
>>>>It is set to Local System Account and the check box
is
>>>>cleared. That is the default setting I had,
>>>>unfortunately that didn't resolve the issue. We did
>>>>notice that by switching to a workgroup the firewall
>> did
>>>>run, but when we joined the domain again the problem
>>>>reoccured. That is why I was thinking it might be
>>>>related to a group policy setting that I was missing.
>>>>
>>>>Thanks Lyle
>>>>
>>>>>-----Original Message-----
>>>>>Click Start, Run and enter SERVICES.MSC Locate the
>>>>Windows Firewall/Internet Connection Sharing service
>> and
>>>>double click it. Go to the Logon tab and make sure
its
>>>>set to log on as the Local System Account. Allow
this
>>>>service to interact with the desktop should be
>> Unchecked.
>>>>>
>>>>>--
>>>>>Doug Knox, MS-MVP Windows Media Center\Windows
Powered
>>>>Smart Display
>>>>>Win 95/98/Me/XP Tweaks and Fixes
>>>>>http://www.dougknox.com
>>>>>--------------------------------
>>>>>Per user Group Policy Restrictions for XP Home and
XP
>>>Pro
>>>>>http://www.dougknox.com/xp/utils/xp_securityconsole.h
tm
>>>>>--------------------------------
>>>>>Please reply only to the newsgroup so all may
benefit.
>>>>>Unsolicited e-mail is not answered.
>>>>>
>>>>>"Lyle" > wrote
in
>>>>message ...
>>>>>> After installing SP2 I received the following
>>>>error "The
>>>>>> class is configured to run as a security id
>> different
>>>>>> from the caller" whenever I try to start the
Windows
>>>>>> firewall on a domain. I created a test domain and
>>>>>> recreated the problem with another workstation.
The
>>>>>> Firewall starts after the first reboot, but after
>>>that
>>>>>> group policy seems to apply, which on the test
>> domain
>>>>I
>>>>>> only configured the new windows firewall settings
to
>>>>>> enable it. I have seen a couple of posts on the
>>>>Internet
>>>>>> with the same issue, but none of them had any
>>>>resolutions
>>>>>> listed. To get by for now I have to disable the
>>>>Windows
>>>>>> Firewall. I am thinking that I am missing
something
>>>>in
>>>>>> Group policy, but I can't find it. Any ideas?
>>>>>>
>>>>>> Thanks Lyle
>>>>>.
>>>>>
>>>>.
>>>>
>>>.
>>>
>.
>

Here's a new twist... On the machine where I made the
registry change to enable the SP2 firewall (don't know if
it would have happened BEFORE the change), I tried
accessing Administrative Tools, Component Services, My
Computer, DCOM Config, SharedAccess as Doug suggested.
However, whenever I clicked on My Computer, the program
shutdown. I received no error message but got this entry
in the event log:

Event Type: Error
Event Source: COM+
Event Category: (98)
Event ID: 4822
Date: 08/23/2004
Time: 8:23:58 AM
User: N/A
Computer: IS-SUPERVISOR
Description:
A condition has occurred that indicates this COM+
application is in an unstable state or is not functioning
correctly. Assertion Failure: SUCCEEDED(hr)

Server Application ID: {02D4B3F1-FD88-11D1-960D-
00805FC79235}
Server Application Instance ID:
{02729CD3-820A-4EB4-9CDD-DB48CD4D76A5}
Server Application Name: System Application
The serious nature of this error has caused the process
to terminate.
Error Code = 0x8000ffff : Catastrophic failure
COM+ Services Internals Information:
File:
d:\qxp_slp\com\com1x\src\comsvcs\tracker\trksvr\tr ksvrimpl
..cpp, Line: 3000
Comsvcs.dll file version: ENU 2001.12.4414.258 shp

Can't find anything in the KB. Any ideas?

Thanks
Ken

>-----Original Message-----
>Can you be more specific, please. (i.e. What are
>the 'normal' settings in DCOM config? What differences
>should I look for between the admin accounts?)
>
>I tried Lyle's fix and it worked but I don't want to
have
>to hack the registry on all 250+ computers on my domain
>before I can safely install SP2.
>
>Thanks
>Ken
>
>>-----Original Message-----
>>Thanks for passing this on, Lyle. You may also want to
>look in Administrative Tools, Component Services, My
>Computer, DCOM Config, SharedAccess for the normal
>settings here. Its possible that there is some conflict
>with the users/groups that are assigned permissions.
>Possibly the difference between Administrators and
Domain
>Administrators.
>>
>>--
>>Doug Knox, MS-MVP Windows Media Center\Windows Powered
>Smart Display
>>Win 95/98/Me/XP Tweaks and Fixes
>>http://www.dougknox.com
>>--------------------------------
>>Per user Group Policy Restrictions for XP Home and XP
Pro
>>http://www.dougknox.com/xp/utils/xp_securityconsole.htm
>>--------------------------------
>>Please reply only to the newsgroup so all may benefit.
>>Unsolicited e-mail is not answered.
>>
>>"Lyle" > wrote in
>message ...
>>> The trick is that you have to delete the following
key
>>> per MS support.
>>> HKeyLocalMachine-Software-Classes-AppID-{ce166e40-
1e72-
>>> 45b9-94c9-3b2050e8f180}
>>> After deleting the key reboot and this should resolve
>>> your issue. I have reproduced this on my system also.
>>>
>>> This is currently being reviewed before being put
into
>>> the knowledge base.
>>>
>>> See the following link for more information:
>>>
>>> http://x220.minasi.com/forum/topic.asp?
>>> TOPIC_ID=10029ꔥ
>>>
>>> Thanks for your help.
>>> Lyle
>>>
>>>>-----Original Message-----
>>>>I posted this exact same question last Friday on this
>>>>message board. I never recieved any kind of response
>so
>>>>I'd be real interested, too, in any resolution that
is
>>>>available. There is nothing that I could find in the
>KB.
>>>>That error is referenced but it applies to CA in W2K.
>>>>
>>>>Thanks for the tip about joining a workgroup. That
>gives
>>>>me something to work with to maybe track down a
>>> permanent
>>>>fix. I'll start digging through our group policies to
>>> see
>>>>if I can find something.
>>>>
>>>>>-----Original Message-----
>>>>>It is set to Local System Account and the check box
>is
>>>>>cleared. That is the default setting I had,
>>>>>unfortunately that didn't resolve the issue. We did
>>>>>notice that by switching to a workgroup the firewall
>>> did
>>>>>run, but when we joined the domain again the problem
>>>>>reoccured. That is why I was thinking it might be
>>>>>related to a group policy setting that I was missing.
>>>>>
>>>>>Thanks Lyle
>>>>>
>>>>>>-----Original Message-----
>>>>>>Click Start, Run and enter SERVICES.MSC Locate
the
>>>>>Windows Firewall/Internet Connection Sharing service
>>> and
>>>>>double click it. Go to the Logon tab and make sure
>its
>>>>>set to log on as the Local System Account. Allow
>this
>>>>>service to interact with the desktop should be
>>> Unchecked.
>>>>>>
>>>>>>--
>>>>>>Doug Knox, MS-MVP Windows Media Center\Windows
>Powered
>>>>>Smart Display
>>>>>>Win 95/98/Me/XP Tweaks and Fixes
>>>>>>http://www.dougknox.com
>>>>>>--------------------------------
>>>>>>Per user Group Policy Restrictions for XP Home and
>XP
>>>>Pro
>>>>>>http://www.dougknox.com/xp/utils/xp_securityconsole.
h
>tm
>>>>>>--------------------------------
>>>>>>Please reply only to the newsgroup so all may
>benefit.
>>>>>>Unsolicited e-mail is not answered.
>>>>>>
>>>>>>"Lyle" > wrote
>in
>>>>>message news:0a6001c4854c$19be09f0
...
>>>>>>> After installing SP2 I received the following
>>>>>error "The
>>>>>>> class is configured to run as a security id
>>> different
>>>>>>> from the caller" whenever I try to start the
>Windows
>>>>>>> firewall on a domain. I created a test domain
and
>>>>>>> recreated the problem with another workstation.
>The
>>>>>>> Firewall starts after the first reboot, but after
>>>>that
>>>>>>> group policy seems to apply, which on the test
>>> domain
>>>>>I
>>>>>>> only configured the new windows firewall settings
>to
>>>>>>> enable it. I have seen a couple of posts on the
>>>>>Internet
>>>>>>> with the same issue, but none of them had any
>>>>>resolutions
>>>>>>> listed. To get by for now I have to disable the
>>>>>Windows
>>>>>>> Firewall. I am thinking that I am missing
>something
>>>>>in
>>>>>>> Group policy, but I can't find it. Any ideas?
>>>>>>>
>>>>>>> Thanks Lyle
>>>>>>.
>>>>>>
>>>>>.
>>>>>
>>>>.
>>>>
>>.
>>
>.
>