Monday, January 31, 2011

DistributedCOM Event ID: 10016 error logged on Windows Server 2008 R2 64-bit

I was recently made aware that Event ID: 10016 errors were logged on a server every time it was rebooted and was asked to have a look at it to see if I could quickly fix it.  Taking a look at the System logs on the server shows the following:

image

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

and APPID

{B292921D-AF50-400C-9B75-0C57A7F29BA1}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

image

Since I’ve come across similar errors such as these in the past with SharePoint deployments, I began the troubleshooting by trying to figure out exactly which DCOM object this CLSID and APPID belonged to.  To do this, copy either of the identifiers (CLSID or APPID) because they reference the same object, open up the registry editor with (regedit), then do a search for the string:

image

image

Once the find completes, you’ll be at the location: Computer\HKEY_CLASSES_ROOT\Wow6432Node\CLSID\<identifier>

Notice how the left window pane has the CLSID and the right window pane has the APPID listed?  As the window shows, this is actually the DCOM object: Quarantine Private SHA Binding class

image

What’s special about this DCOM object is that you won’t find it listed when you open up Component Services from the Administrative Tools under the DCOM Config folder:

image

To find the DCOM object that maps to Quarantine Private SHA Binding class, you need to take the APPID unique identifier from the registry and map it to the APPID in Component ServicesDCOM Config folder.  As shown in the screenshot above, the DCOM object is actually named NAP Agent Service under Component Services:

image

Unfortunately, there isn’t much you can do if you open up the properties of the DCOM object as all the settings are grayed out:

image

After some research on this, the fix is to change the service’s startup property to Automatic instead of Manual.

image

image

So why does this happen?  While there are various reasons that can cause this, it’s usually because you have some other application that relies on this service and hence causes this error to be thrown when that application makes an attempt to launch this object (in our case, an application was trying to launch this object during startup).  For more information about this service, see the following link: http://technet.microsoft.com/en-us/network/bb545879.

11 comments:

Anonymous said...

Thanks you. This is the exact issue I was having and it's fixed.

Shannon said...

I had this same exact problem as well, and your instructions were "spot on." Thanks for taking the time to post this.

SENSATIONAL said...

Many Thanks Terence! This worked for me.

Sussex County GOTR said...

Thank you!

jmmartin said...

YOU ARE THE FUCKING SHERIFF DUDE!!!!!!!!!!!!!!!!!!!!!!!!! AFTER HOURS AND HOURS YOU CAME AND GAVE THE KEY! Than you so much!!!

Mostafa said...

Really, Thanks god for reaching this post, Thank you very much for great effort.

Anonymous said...

if you have Kaspersky, the problem may come from there

http://support.kaspersky.com/ak8/troubleshooting?qid=208280868

Eric said...

thanks alot for the fix. It saved me countless hours when i already need a 30 day.

Your the man!!

LZRO said...

Maximum Kudos to terrence,

Anonymous said...

thank you sooooooooo much Terence,you saved us:):):)
keep on

Zak said...

"Unfortunately, there isn’t much you can do if you open up the properties of the DCOM object as all the settings are grayed out."

You can edit the registry so that the properties are no longer grayed out. Open up REGEDIT and browse to "HKEY_CLASSES_ROOT\AppID\{B292921D-AF50-400C-9B75-0C57A7F29BA1}" key. Right-click on the {B292921D-AF50-400C-9B75-0C57A7F29BA1} key and select Permissions. Click the Advanced button in Permissions window and select the local Administrators group and click on Apply, then OK. Then under Permissions tab, select the local Administrators group and choose 'Full Control' as the permission setting, click Apply, then OK. Rerun component services and you should be able to get into the properties screen with full access now.