Error message when you try to view certain Windows Server 2003 components and snap-ins: "error code 80040153 - Invalid value for registry"


Symptoms


When you try to view certain Microsoft Windows Server 2003 components and snap-ins, some information may not appear correctly. For example, you may experience any of the following symptoms:
  • When you try to view the Disk Management Microsoft Management Console (MMC) snap-in, you receive the following error message:
    error code 80040153 - Invalid value for registry
  • When you try to expand COM+ programs in Component Services, you receive the following error message:
    error code 80040153 - Invalid value for registry
  • When you view the Services MMC snap-in, the details pane is empty.
  • When you double-click an event in Event Viewer, the event does not open.
  • When a program is minimized, the program does not appear on the taskbar.
  • When you click About Internet Explorer on the Help tab in Internet Explorer, the version and the product information does not appear.
  • Other snap-ins and utilities display blank areas in which you expect configuration information to appear.
When this issue occurs, error events that resemble one or more of the following may be logged in the System log:

Error event 1
Event ID 10022

Source: COM

Description: The machine-default access security descriptor for the COM Server application D:\exchsrvr\bin\mad.exe is invalid. It contains access control entries with permissions that are invalid. This security permission can be corrected using the Component Services administrative tool.
Error event 2
Type: Error

Date: 03/14/2006

Time: 12:42:45 PM

Event ID: 10022

Source: COM

User: N/A

Computer: Computer_Name
Details: machine-default C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe
Error event 3
Type: Error

Date: 03/14/2006

Time: 12:42:31 PM

Event ID: 10022

Source: COM

User: N/A

Computer: Computer_Name
Details: machine-default C:\WINDOWS\Explorer.EXE
Error event 4
Type: Error

Date: 03/14/2006

Time: 12:35:43 PM

Event ID: 10022

Source: COM

User: N/A

Computer: Computer_Name
Details: machine-default \??\C:\WINDOWS\system32\winlogon.exe

Cause


This issue may occur when DCOM permissions are incorrect. However, you may be unable to modify those permissions by using the Dcomcnfg utility. The Dcomcnfg utility cannot open the properties for a local computer.

Resolution


To resolve this issue, modify DCOM permissions by using the Dcomcnfg utility on a different Windows Server 2003-based computer on the network. To do this, follow these steps:
  1. On another Windows Server 2003-based computer, start the Dcomcnfg utility.
  2. Expand Component Services, and then expand Computers.
  3. Right-click Computers, point to New, and then click Computer.
  4. In the Browse box, type the name of the computer that you want to modify, and then click
    OK.
  5. Double-click the new computer, and then click Edit Default under Access Permissions on the COM Security tab.

  6. Make sure that the following user permissions are configured, and then click OK:
    • Your username: Allow Local Access and Remote Access
    • SYSTEM: Allow Local Access only
  7. Under Launch and Activation Permissions, click Edit Default.
  8. Make sure that the following user permissions are configured, and then click OK:
    • Administrators (LocalSystem\Administrators) with Allow: Local Launch, Remote Launch, Local Activation and Remote Activation
    • INTERACTIVE with Allow: Local Launch, Remote Launch, Local Activation and Remote Activation
    • SYSTEM with Allow: Local Launch, Remote Launch, Local Activation and Remote Activation

    Note There may be third-party applications that require an account included in the Access Permissions dialog box. However, unknown accounts or security identifiers (SID) should not be included.

  9. Click OK, and then exit the Dcomcnfg utility.