Remove From My Forums

Event ID 10016 at 10 minute intervals: help in id'ing the App, resolve/remove pls?

Question
0

Sign in to vote

greetings

I have the same event id 10016 repeating at regular 10 minute intervals, everything except the timestamp identical. I'm pasting it here. I have a cbs.log fresh if it is of use. I don't know how to run down the actual troubled app but I'm guessing its a permissions issue??

thank you for helping - and if I need to go to an established thread, pls advise

twest

paste:

Log Name:      System

Source:        Microsoft-Windows-DistributedCOM

Date:          12/18/2012 10:31:59 AM

Event ID:      10016

Task Category: None

Level:         Error

Keywords:      Classic

User:          SYSTEM

Computer:      Samwise-PC

Description:

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}

and APPID

{344ED43D-D086-4961-86A6-1106F4ACAD9B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

    <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />

    <EventID Qualifiers="49152">10016</EventID>

    <Version>0</Version>

    <Level>2</Level>

    <Task>0</Task>

    <Opcode>0</Opcode>

    <Keywords>0x80000000000000</Keywords>

    <TimeCreated SystemTime="2012-12-18T16:31:59.000000000Z" />

    <EventRecordID>122589</EventRecordID>

    <Correlation />

    <Execution ProcessID="0" ThreadID="0" />

    <Channel>System</Channel>

    <Computer>Samwise-PC</Computer>

  <Security UserID="S-1-5-18" />

</System>

<EventData>

    <Data Name="param1">application-specific</Data>

    <Data Name="param2">Local</Data>

    <Data Name="param3">Launch</Data>

    <Data Name="param4">{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}</Data>

    <Data Name="param5">{344ED43D-D086-4961-86A6-1106F4ACAD9B}</Data>

    <Data Name="param6">NT AUTHORITY</Data>

    <Data Name="param7">SYSTEM</Data>

    <Data Name="param8">S-1-5-18</Data>

    <Data Name="param9">LocalHost (Using LRPC)</Data>

</EventData>

</Event>

Techwest Resources

Wednesday, December 19, 2012 5:31 PM

All replies

0

Sign in to vote

Hi,

I suggest you refer to the following thread:

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

http://social.technet.microsoft.com/Forums/en-IE/configmgrgeneral/thread/dfc465bc-7bbd-483e-b98b-2ba56fa98313

Also, more reference:

Event ID 10016 — COM Security Policy Configuration

http://technet.microsoft.com/en-us/library/cc726313(v=WS.10).aspx

Windows Server 2008: Event ID 10016 — COM Security Policy Configuration

http://social.technet.microsoft.com/wiki/contents/articles/1333.windows-server-2008-event-id-10016-com-security-policy-configuration.aspx

Hope this helps.

Vincent Wang
TechNet Community Support

Friday, December 21, 2012 2:50 AM
0

Sign in to vote

thank you vincent. was christmasing this weekend but will read those and attempt the registry permissions change
Techwest Resources

Sunday, December 23, 2012 10:02 PM
0

Sign in to vote

hello vincent et al.

as reminder this client is running Win7 Home Premium x64.

this has morph'd now into a hydra .. I followed the links you guys provided, and more, as one fail invited another fix. Basically the appid itself refers to a ipbusenumerator - I locate the key and set about changing permissions but all such attempts were denied - insufficient access. so I decided to enable my administrator account, login there, and fix everything.

enabled the builtin administrator and rebooted and the administrator login, i noticed, did not challenge for its password, and was unable to load the correct profile, instead resorting to a default profile which is useless for doing any work. so effectively I no longer have an administrator account. that fail produced as you would expect a list of new Errors in the Event log. I have been through this twice before in recent times on two other Windows 7 clients, in those cases both were Windows 7 Ultimate x64 clients. In all three cases now one common trait is that .NET 4.0 [in two cases IIRC .net 4 full package, in this case client profile only]. In all cases, I had no logon services violations or errors until after .net 4 was installed. in the other two cases all attempted fixes using scannow or Repair install failed to correct the situation so everything had to be nuked, reinstall.

I would really like to understand this issue and resolve it the right way instead of the "reinstall and hope" way. I have a fresh cbs log [windows resource protection found integrity violations] and screenshots of the various ills pulled from the event logs. Could someone direct me to the right forum/folder/subforum to get some real help with that?

Thanks so much

Techwest Resources

Wednesday, December 26, 2012 6:48 PM
0

Sign in to vote

Hi ,

The issue can only be solved by changing the security settings for the corresponding registry entries. Please locate the following registry:

HKLM\SOFTWARE\Classes\AppID\{AppID of the event log}

Right click andselect Permissions, set yourself as owner (via Advanced) and afterwards grant yourself full permissions to this entry. If you afterwards go to the properties of this DCOM object, you can edit the settings.

If the issue persists, please check if the following article is helpful.

http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows+Operating+System&ProdVer=5.2&EvtID=10016&EvtSrc=DCOM&LCID=1033

Best Regards,

Vincent Wang
TechNet Community Support

Thursday, December 27, 2012 5:55 AM
0

Sign in to vote
OK. Got the owner changed and full permissions granted, apparently.

I'll go through the article you suggested.

Regarding the inability to load the Administrator profile, would you suggest I treat that separately, and in which sub-forum? I would really love to know what is at the root of these issues and how to correct them short of the shotgun approach of wiping the drive and reinstalling 7.

++++++++++++++++++

Hi ,

The issue can only be solved by changing the security settings for the corresponding registry entries. Please locate the following registry:

HKLM\SOFTWARE\Classes\AppID\{AppID of the event log}

Right click andselect Permissions, set yourself as owner (via Advanced) and afterwards grant yourself full permissions to this entry. If you afterwards go to the properties of this DCOM object, you can edit the settings.

If the issue persists, please check if the following article is helpful.

http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows+Operating+System&ProdVer=5.2&EvtID=10016&EvtSrc=DCOM&LCID=1033

Best Regards,

Vincent Wang
TechNet Community Support

Techwest Resources
- Edited by Techwest Thursday, December 27, 2012 10:54 PM
Thursday, December 27, 2012 10:42 PM
0

Sign in to vote

hello again.

just one remaining question, the last article you suggested: http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows+Operating+System&ProdVer=5.2&EvtID=10016&EvtSrc=DCOM&LCID=1033

the instruction regarding the Registry action is left hanging and I do not want to assume anything. step 2 is to open the troubled CLSID default string and leave the entry open while the other operation is executed. I did that. then merely close the Registry with no changes?? the writer did not say how to exit/complete
Techwest Resources

Tuesday, January 1, 2013 3:30 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Asked by:

Event ID 10016 at 10 minute intervals: help in id'ing the App, resolve/remove pls?

Question

All replies