Many Errors Event ID 10028

Hi, my problem is in the DC Server the event log show in tha last hour 10210 log of event id 10028, for me it's too many.

Please, help me, how can i resolve this or what trigger this.

Thanks

  • Alejandro,

    I advice you to open a ticket with Support. Can you translate what the error message is saying?

    Thanks

  • In reply to lferrara:

    Coloco a continuacion lo que me da el DC:

    Nombre de registro:System
    Origen:        Microsoft-Windows-DistributedCOM
    Fecha:         16/03/2017 16:02:40
    Id. del evento:10028
    Categoría de la tarea:Ninguno
    Nivel:         Error
    Palabras clave:Clásico
    Descripción:
    DCOM no pudo comunicarse con el equipo 212.252.97.110 usando ninguno de los protocolos configurados; solicitado por PID      6f4 (C:\Program Files (x86)\Sophos\Sophos Transparent Authentication Suite\stas.exe).
    XML de evento:
    <Event xmlns="schemas.microsoft.com/.../event">
      <System>
        <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
        <EventID Qualifiers="0">10028</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <EventRecordID>351170</EventRecordID>
        <Correlation />
        <Execution ProcessID="656" ThreadID="4416" />
        <Channel>System</Channel>
        <Security UserID="S-1-5-21-4210473518-416093976-3590475133-500" />
      </System>
      <EventData>
        <Data Name="param1">212.252.97.110</Data>
        <Data Name="param2">     6f4</Data>
        <Data Name="param3">C:\Program Files (x86)\Sophos\Sophos Transparent Authentication Suite\stas.exe</Data>
        <Binary>3C5265636F726423313A20436F6D70757465723D286E756C6C293B5069643D3635363B332F31362F323031372032303A323A34303A3337323B5374617475733D313732323B47656E636F6D703D323B4465746C6F633D313731303B466C6167733D303B506172616D733D313B7B506172616D23303A307D3E3C5265636F726423323A20436F6D70757465723D286E756C6C293B5069643D3635363B332F31362F323031372032303A323A34303A3337323B5374617475733D313732323B47656E636F6D703D31383B4465746C6F633D313434323B466C6167733D303B506172616D733D313B7B506172616D23303A3231322E3235322E39372E3131307D3E3C5265636F726423333A20436F6D70757465723D286E756C6C293B5069643D3635363B332F31362F323031372032303A323A34303A3337323B5374617475733D313732323B47656E636F6D703D31383B4465746C6F633D3332333B466C6167733D303B506172616D733D303B3E3C5265636F726423343A20436F6D70757465723D286E756C6C293B5069643D3635363B332F31362F323031372032303A323A34303A3337323B5374617475733D313233373B47656E636F6D703D31383B4465746C6F633D3331333B466C6167733D303B506172616D733D303B3E3C5265636F726423353A20436F6D70757465723D286E756C6C293B5069643D3635363B332F31362F323031372032303A323A34303A3337323B5374617475733D31303036303B47656E636F6D703D31383B4465746C6F633D3331313B466C6167733D303B506172616D733D333B7B506172616D23303A3133357D7B506172616D23313A307D7B506172616D23323A3078366536316663643430303030303030307D3E3C5265636F726423363A20436F6D70757465723D286E756C6C293B5069643D3635363B332F31362F323031372032303A323A34303A3337323B5374617475733D31303036303B47656E636F6D703D31383B4465746C6F633D3331383B466C6167733D303B506172616D733D303B3E</Binary>
      </EventData>
    </Event>

  • In reply to alejandro solar:

    Something is not working correctly because from the error there is a Public IP.

    Did you follow all the steps from this KB?

    https://community.sophos.com/kb/en-us/123156

    Thanks

  • In reply to lferrara:

    Yes, that is a public ip but in every event log is diferent public ip.

    And, yes I follow the steps of the link that you indicate.

    Any other possible solution to this.

  • In reply to alejandro solar:

    Open a ticket with support and let us know!

    Thanks

  • Hi Alejandro,

    Those are DCOM errors which might be caused due to failed WMI queries. Perform WMI\Registry read access verification to user’s IP address. If the query fails then follow the steps:

    • Windows firewall or Antivirus could block WMI\Registry read access query. Add exception for TCP port 445 and 135 in client machine.
    • Make sure that RPC, RPC locator, DCOM, WMI services are enabled in the system.
    • Client machine should resolve AD FQDN, if not add host entry into machine or use AD IP as primary DNS.
    • If there is any router/firewall in between, make sure that port 135 and 445 is open.
    • Ensure that administrator account used in STAS is having administrator rights on client system.

    Hope that helps.