Console issue - DCOM

Question

Hi,
A recent issue has popped up as a result of DCOM hardening - see KB Article 5004442: https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c)

MEMCM ver 2107
Server 2016 14393.5246

Some MEMCM admins are unable to connect via their consoles remotely, and the Primary Site server Event Logs duly show ID 10036. I understand there is a temporary registry workaround (other than removing the patch..). The workaround will stop working come March 2023.
According to the KB, Microsoft advises by that time "...you must resolve any compatibility issues with the hardening changes and applications in your environment."

Am I right that the compatibility issue is with the MEMCM console application?

I'm not sure what other remediation I can make if that's the case. Would upgrading to 2203 resolve the issue? Am I missing something obvious? Happy to provide more info.
Thanks!
Nickcx

Answer 1

Quick follow up here, are the remote systems having issues running a supported version of Windows and are they fully up to date with their CU level?

Answer 2

If adding the registry value does address the issue, please open a support case as we have done testing and not found any issues but that doesn't mean you didn't find one.

Answer 3

Hi Jason,
Those computers are running Windows 10 20H2 Enterprise with May's CU.

We have just updated to June's CU - we update a little behind monthly quality CU GA releases... and feature updates for that matter - and the issue no longer occurs. The console now connects without any DCOM error.

(We didn't test the adding reg entry)
Thanks,