locked
Event ID 10016 at 10 minute intervals: help in id'ing the App, resolve/remove pls? RRS feed

  • Question

  • greetings

    I have the same event id 10016 repeating at regular 10 minute intervals, everything except the timestamp identical.  I'm pasting it here.  I have a cbs.log fresh if it is of use.  I don't know how to run down the actual troubled app but I'm guessing its a permissions issue?? 

    thank you for helping - and if I need to go to an established thread, pls advise

    twest

    paste:

    Log Name:      System

    Source:        Microsoft-Windows-DistributedCOM

    Date:          12/18/2012 10:31:59 AM

    Event ID:      10016

    Task Category: None

    Level:         Error

    Keywords:      Classic

    User:          SYSTEM

    Computer:      Samwise-PC

    Description:

    The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

    {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}

     and APPID

    {344ED43D-D086-4961-86A6-1106F4ACAD9B}

     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    Event Xml:

    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

      <System>

        <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />

        <EventID Qualifiers="49152">10016</EventID>

        <Version>0</Version>

        <Level>2</Level>

        <Task>0</Task>

        <Opcode>0</Opcode>

        <Keywords>0x80000000000000</Keywords>

        <TimeCreated SystemTime="2012-12-18T16:31:59.000000000Z" />

        <EventRecordID>122589</EventRecordID>

        <Correlation />

        <Execution ProcessID="0" ThreadID="0" />

        <Channel>System</Channel>

        <Computer>Samwise-PC</Computer>

        <Security UserID="S-1-5-18" />

      </System>

      <EventData>

        <Data Name="param1">application-specific</Data>

        <Data Name="param2">Local</Data>

        <Data Name="param3">Launch</Data>

        <Data Name="param4">{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}</Data>

        <Data Name="param5">{344ED43D-D086-4961-86A6-1106F4ACAD9B}</Data>

        <Data Name="param6">NT AUTHORITY</Data>

        <Data Name="param7">SYSTEM</Data>

        <Data Name="param8">S-1-5-18</Data>

        <Data Name="param9">LocalHost (Using LRPC)</Data>

      </EventData>

    </Event>


    Techwest Resources

    Wednesday, December 19, 2012 5:31 PM

All replies

  • Hi,


    I suggest you refer to the following thread:


    The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 

    http://social.technet.microsoft.com/Forums/en-IE/configmgrgeneral/thread/dfc465bc-7bbd-483e-b98b-2ba56fa98313


    Also, more reference:


    Event ID 10016 — COM Security Policy Configuration

    http://technet.microsoft.com/en-us/library/cc726313(v=WS.10).aspx


    Windows Server 2008: Event ID 10016 — COM Security Policy Configuration

    http://social.technet.microsoft.com/wiki/contents/articles/1333.windows-server-2008-event-id-10016-com-security-policy-configuration.aspx


    Hope this helps.


    Vincent Wang
    TechNet Community Support

    Friday, December 21, 2012 2:50 AM
  • thank you vincent.  was christmasing this weekend but will read those and attempt the registry permissions change

    Techwest Resources

    Sunday, December 23, 2012 10:02 PM
  • hello vincent et al.

    as reminder this client is running Win7  Home Premium x64.

    this has morph'd now into a hydra ..  I followed the links you guys provided, and more, as one fail invited another fix. Basically the appid itself refers to a ipbusenumerator - I locate the key and set about changing permissions but all such attempts were denied - insufficient access.  so I decided to enable my administrator account, login there, and fix everything.

    enabled the builtin administrator and rebooted and the administrator login, i noticed, did not challenge for its password, and was unable to load the correct profile, instead resorting to  a default profile which is useless for doing any work. so  effectively I no longer have an administrator account.  that fail produced as you would expect a list of new Errors in the Event log.  I have been through this twice before in recent times on two  other Windows 7 clients, in those cases both were Windows 7 Ultimate x64 clients. In all three cases now one common trait is that .NET 4.0 [in two cases IIRC .net 4 full package, in this case client profile only].  In all cases, I had no logon  services violations or errors until after .net 4 was installed.  in the other two cases all attempted fixes using scannow or Repair install failed to correct the situation so everything had to be nuked, reinstall.

    I would really like to understand this issue and resolve it the right way instead of the "reinstall and hope" way. I have a fresh cbs log [windows resource protection found integrity violations] and screenshots of the various ills pulled from the event logs.  Could someone direct me to the right forum/folder/subforum to get some real help with that?

    Thanks so much


    Techwest Resources

    Wednesday, December 26, 2012 6:48 PM
  • Hi ,


    The issue can only be solved by changing the security settings for the corresponding registry entries. Please locate the following registry:


    HKLM\SOFTWARE\Classes\AppID\{AppID of the event log}


    Right click andselect Permissions, set yourself as owner (via Advanced) and afterwards grant yourself full permissions to this entry. If you afterwards go to the properties of this DCOM object, you can edit the settings.


    If the issue persists, please check if the following article is helpful.

    http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows+Operating+System&ProdVer=5.2&EvtID=10016&EvtSrc=DCOM&LCID=1033


    Best Regards,


    Vincent Wang
    TechNet Community Support

    Thursday, December 27, 2012 5:55 AM
  • OK. Got the owner changed and full permissions granted, apparently.

    I'll go through the article you suggested.

    Regarding the inability to load the Administrator profile, would you suggest I treat that separately, and in which sub-forum?  I would really love to know what is at the root of these issues and how to correct them short of the shotgun approach of wiping the drive and reinstalling 7.

    ++++++++++++++++++

    Hi ,


    The issue can only be solved by changing the security settings for the corresponding registry entries. Please locate the following registry:


    HKLM\SOFTWARE\Classes\AppID\{AppID of the event log}


    Right click andselect Permissions, set yourself as owner (via Advanced) and afterwards grant yourself full permissions to this entry. If you afterwards go to the properties of this DCOM object, you can edit the settings.


    If the issue persists, please check if the following article is helpful.

    http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows+Operating+System&ProdVer=5.2&EvtID=10016&EvtSrc=DCOM&LCID=1033


    Best Regards,


    Vincent Wang
    TechNet Community Support



    Techwest Resources



    • Edited by Techwest Thursday, December 27, 2012 10:54 PM
    Thursday, December 27, 2012 10:42 PM
  • hello again.

    just one remaining question, the last article you suggested: http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows+Operating+System&ProdVer=5.2&EvtID=10016&EvtSrc=DCOM&LCID=1033

    the instruction regarding the Registry action is left hanging and I do not want to assume anything. step 2 is to open the troubled CLSID default string and leave the entry open while the other operation is executed. I did that. then merely close the Registry with no changes??  the writer did not say how to exit/complete


    Techwest Resources

    Tuesday, January 1, 2013 3:30 PM