none
DCOM Errors on clean install Windows Server 2016

    Question

  • Hello,

    after clean install WS2016 w/all available update i have in System vent log:

    The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}

    and APPID

    {F72671A9-012C-4725-9D2F-2A4D32D65169}

    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    +

    The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

    {D63B10C5-BB46-4990-A94F-E40B9D520160}

    and APPID

    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Why and how please resolve it this problem ?

    Thanks,

    SnakeAG

    Sunday, January 15, 2017 5:34 AM

Answers

All replies

  • Hi Snakeag,

    >>after clean install WS2016 w/all available update i have in System vent log

    Could you please provide details information of update to here for further troubleshooting?

    Please open component Services, and then expand Component Services-->Computers-->My Computer, and then right-click application that you installed, click properties, select security tab, and change Authentication level for calls to be packet.

    Please check link below for further understanding:

    Setting an Authentication Level for a Server Application

    https://msdn.microsoft.com/en-us/library/windows/desktop/ms685130(v=vs.85).aspx

    Best Regards

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by John Lii Tuesday, February 07, 2017 2:22 AM
    Monday, January 16, 2017 3:06 AM
  • Really on clean install any hands on ?

    8D8F4F83-3594-4F07-8369-FC3C3CAE4919

    is CDP Activity Store

    and

    D63B10C5-BB46-4990-A94F-E40B9D520160

    is RuntimeBroker

    All setting in Security tab is hidden:

    Best Regards,

    SnakeAG

    Monday, January 16, 2017 6:20 AM
  • Hi Snakeag,

    >>The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

    According to this error information, please check link below to fix issue:

    Set Computer-wide Launch and Activation Permissions

    https://technet.microsoft.com/en-us/library/cc771689%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396

    Best Regards

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by SnakeAG Thursday, February 09, 2017 4:25 AM
    Tuesday, January 17, 2017 8:27 AM
  • Hi Snakeag,

    Have you successfully resolved issue?

    If there is anything we can do for you, please feel free to post in the forum.

    Best Regards

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, February 07, 2017 2:23 AM
  • >>The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

    According to this error information, please check link below to fix issue:

    Set Computer-wide Launch and Activation Permissions

    https://technet.microsoft.com/en-us/library/cc771689%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396

    It is not generally recommended to change the computer-wide permissions to fix problems on just a couple DCOM objects.  You see, you would be granting permissions to ALL objects that way.  You should only change permissions on individual APPIDs that need them.

    To fix your original problem, do the following:

    1. Download the DCOMPermissions.psm1 PowerShell module
    2. Open an administrative command prompt and run these commands:

    Import-Module .\DCOMPermissions Grant-DCOMPermission -ApplicationID "{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}" -Account "SYSTEM" -Type Launch -Permissions LocalLaunch,LocalActivation -OverrideConfigurationPermissions Grant-DCOMPermission -ApplicationID "{F72671A9-012C-4725-9D2F-2A4D32D65169}" -Account "SYSTEM" -Type Launch -Permissions LocalLaunch,LocalActivation -OverrideConfigurationPermissions


    If you receive no errors, then the change was successful.  No reboot needed.

    These commands grants SYSTEM permission to launch and activate RuntimeBroker & CDP*.  The existing permissions and callbacks are preserved, and the registry permissions are not changed from defaults


    -Tony

    • Proposed as answer by Tony MCP Saturday, September 16, 2017 1:15 AM
    Saturday, September 16, 2017 1:14 AM