FSAE collectoragent.exe DCOM errors Event ID 10028
But I have noticed DCOM errors in the Event Log on the main DC, such as the following:
Event ID = 10028
Source = DistributedCOM
Message = DCOM was unable to communicate with the computer 10.20.30.40 using any of the configured protocols; requested by PID 999 (C:\Program Files (x86)\Fortinet\FSAE\collectoragent.exe).
Investigations of the IP Addresses reported show that these errors occur in 2 specific scenarios:
(1) when one of our Fuji Xerox printers is used by a staff member to Scan a document which is saved to an SMB File Share on a server (there is a domain user account used by the printer to authenticate access to the share); or
(2) when our Barracuda Message Archiver checks user mailboxes in Exchange to synchronise the list of mailbox folders (this runs under a specific domain user account each evening)
I have tried excluding the 2 x domain user accounts used by those processes, so that the collector 'ignores' them. This has NOT fixed the Event Log errors.
Q. is there any way to tell the Collector to ignore specific IP Addresses on the network? (there is no point it trying a DCOM connection to the BMA or to a Printer).
post edited by Frosty - 2019/04/04 14:09:55