Pages

Monday, January 31, 2011

DistributedCOM Event ID: 10016 error logged on Windows Server 2008 R2 64-bit

I was recently made aware that Event ID: 10016 errors were logged on a server every time it was rebooted and was asked to have a look at it to see if I could quickly fix it.  Taking a look at the System logs on the server shows the following:

image

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

and APPID

{B292921D-AF50-400C-9B75-0C57A7F29BA1}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

image

Since I’ve come across similar errors such as these in the past with SharePoint deployments, I began the troubleshooting by trying to figure out exactly which DCOM object this CLSID and APPID belonged to.  To do this, copy either of the identifiers (CLSID or APPID) because they reference the same object, open up the registry editor with (regedit), then do a search for the string:

image

image

Once the find completes, you’ll be at the location: Computer\HKEY_CLASSES_ROOT\Wow6432Node\CLSID\<identifier>

Notice how the left window pane has the CLSID and the right window pane has the APPID listed?  As the window shows, this is actually the DCOM object: Quarantine Private SHA Binding class

image

What’s special about this DCOM object is that you won’t find it listed when you open up Component Services from the Administrative Tools under the DCOM Config folder:

image

To find the DCOM object that maps to Quarantine Private SHA Binding class, you need to take the APPID unique identifier from the registry and map it to the APPID in Component ServicesDCOM Config folder.  As shown in the screenshot above, the DCOM object is actually named NAP Agent Service under Component Services:

image

Unfortunately, there isn’t much you can do if you open up the properties of the DCOM object as all the settings are grayed out:

image

After some research on this, the fix is to change the service’s startup property to Automatic instead of Manual.

image

image

So why does this happen?  While there are various reasons that can cause this, it’s usually because you have some other application that relies on this service and hence causes this error to be thrown when that application makes an attempt to launch this object (in our case, an application was trying to launch this object during startup).  For more information about this service, see the following link: http://technet.microsoft.com/en-us/network/bb545879.

20 comments:

Anonymous said...

Thanks you. This is the exact issue I was having and it's fixed.

Shannon said...

I had this same exact problem as well, and your instructions were "spot on." Thanks for taking the time to post this.

SENSATIONAL said...

Many Thanks Terence! This worked for me.

Sussex County GOTR said...

Thank you!

Mostafa said...

Really, Thanks god for reaching this post, Thank you very much for great effort.

Anonymous said...

if you have Kaspersky, the problem may come from there

http://support.kaspersky.com/ak8/troubleshooting?qid=208280868

Eric said...

thanks alot for the fix. It saved me countless hours when i already need a 30 day.

Your the man!!

LZRO said...

Maximum Kudos to terrence,

Anonymous said...

thank you sooooooooo much Terence,you saved us:):):)
keep on

Anonymous said...

"Unfortunately, there isn’t much you can do if you open up the properties of the DCOM object as all the settings are grayed out."

You can edit the registry so that the properties are no longer grayed out. Open up REGEDIT and browse to "HKEY_CLASSES_ROOT\AppID\{B292921D-AF50-400C-9B75-0C57A7F29BA1}" key. Right-click on the {B292921D-AF50-400C-9B75-0C57A7F29BA1} key and select Permissions. Click the Advanced button in Permissions window and select the local Administrators group and click on Apply, then OK. Then under Permissions tab, select the local Administrators group and choose 'Full Control' as the permission setting, click Apply, then OK. Rerun component services and you should be able to get into the properties screen with full access now.

Unknown said...

This Blog Provides Very Useful and Important Information. I just Want to share this blog with my friends and family members. Tibco Certification Training

Alex Jones said...
This comment has been removed by the author.
ram said...
This comment has been removed by a blog administrator.
Mathew Williams said...
This comment has been removed by a blog administrator.
Marcel Mikaelson said...
This comment has been removed by a blog administrator.
Mark Spencer said...

I will always let you and your words become part of my day because you never know how much you make my day happier and more complete. There are even times when I feel so down but I will feel better right after checking your blogs. You have made me feel so good about myself write my dissertation for me all the time and please know that I do appreciate everything that you have

zetsu said...

It was a nice article and very helpful
Sap Hana Training in Chennai/
Sap mm Training in Chennai
Sap Erp Training in Chennai
Blue Prism Training in Chennai
Microsoft Training in Chennai

Shalini pandian said...

It was a nice article and very helpful

SAS Training in Chennai
Scrum Master Training in Chennai
Informatica MDM Training in Chennai
Informatica Data Quality Training in Chennai
Ajax Training in Chennai

Kajal said...

Great article
cyber security course in chennai
embbeded system training in chennai
android app development course in chennai
rpa training in chennai
ios training in chennai

Tamil novels said...

Very nice article.
tamil novels pdf
Tamil novel writers
crime novels pdf free download
Historic novels pdf free download
romantic novels pdf free download
Ponniyin selvan book pdf tamil download