Page 5 of 5 FirstFirst ... 345
  1.    06 Apr 2017 #41
    Join Date : Oct 2014
    Arnold, MD
    Posts : 30,472
    Triple boot - Win 10 Pro, Win 10 Pro Insider (2) - (and a sprinkling of VMs)

    Quote Originally Posted by ddelo View Post
    To resolve the EventID 513 CAPI2 errors, when making a backup or creating a restore point,
    In an elevated command prompt:

    1. Run: SC sdshow MSLLDP
    You will get an SDDL similar to that:
    DD;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BG)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPDTLOCRSDRCWDWO; ;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SO)(A;;LCRPWP;;;S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453)

    2. If it's not exactly the same as this one (it'll most probably be), make a note of your SDDL by copying and pasting the string you received.

    3. Apply an extra permission for the NT SERVICE\CryptSvc, by adding the string: (A;;CC;;;S-1-5-80-242729624-280608522-2219052887-3187409060-2225943459) to the existing MSLLDP, right after the (A;;LCRPWP;;;S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453) block

    4. To do that you should run the following command, making sure that there are no spaces or line breaks:
    sc sdset MSLLDP <Your SDDL>(A;;CC;;;S-1-5-80-242729624-280608522-2219052887-3187409060-2225943459)

    or in our example:
    Code:
    sc sdset MSLLDP D:(D;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BG)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SO)(A;;LCRPWP;;;S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453)(A;;CC;;;S-1-5-80-242729624-280608522-2219052887-3187409060-2225943459)
    That's it! No CAPI2 errors.
    There's a good TechNet article on the whole process, along with what to look for, and watch out for. Just FYI:

    Error source CAPI2 id 513 - Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object
      My ComputersSystem Spec
  2.    06 Apr 2017 #42
    Join Date : Dec 2015
    Athens, Greece
    Posts : 141
    Windows 10 Pro x64

    I've read it Dick and thanks a lot for pointing it out.

    The problem with the article (which works perfectly) is that for solving the issue provides a whole bunch of permissions to NT AUTHORITY\SERVICE, which is not necessary.

    We just need to provide SERVICE_QUERY_CONFIG permission to the NT SERVICE\CryptSvc. That's more efficient and lighter, does not open the whole thing to NT AUTHORITY\SERVICE, works as perfectly and there is no need to reapply the fix after a Windows update.

    You can take a look if you wish to Microsoft Community
      My ComputerSystem Spec
  3.    06 Sep 2017 #43
    Join Date : Jun 2015
    UK
    Posts : 2,263
    Windows 10 Home x64 (Laptop), Windows 10 Pro x64 (Desktop)

    I have the same error is listed below. I can usually fix these 10016 errors. I found APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} is associated with "Interactive User" but "Interactive User" is not listed in the DCOMCNFG DCOM Config window. Please advise how to proceed from here.

    Error 03/09/2017 07:15:11 Microsoft-Windows-DistributedCOM 10016 None
    "The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool."
      My ComputersSystem Spec
  4.    06 Sep 2017 #44
    Join Date : Jul 2015
    Posts : 3,964
    10 Pro

    did you see this post earlier in the thread? Local Activation Permission - Page 2 - Windows 10 Forums

    {F72671A9-012C-4725-9D2F-2A4D32D65169} is in DCOM as a GUID at the bottom - it is still there for me in 16281 insider build.
      My ComputerSystem Spec
  5.    06 Sep 2017 #45
    Join Date : Jun 2015
    UK
    Posts : 2,263
    Windows 10 Home x64 (Laptop), Windows 10 Pro x64 (Desktop)

    Quote Originally Posted by lx07 View Post
    did you see this post earlier in the thread? Local Activation Permission - Page 2 - Windows 10 Forums

    {F72671A9-012C-4725-9D2F-2A4D32D65169} is in DCOM as a GUID at the bottom - it is still there for me in 16281 insider build.
    OK, I've found it lurking there thanks. Why do some of these have meaningful titles and some gobbledegook titles?
      My ComputersSystem Spec
  6.    06 Sep 2017 #46
    Join Date : Jul 2015
    Posts : 3,964
    10 Pro

    Quote Originally Posted by Steve C View Post
    OK, I've found it lurking there thanks. Why do some of these have meaningful titles and some gobbledegook titles?
    Honestly? In my opinion it is because it doesn't matter what event viewer says..

    My concern is granting some DCOM authority for a process that we don't know what it does is a risk.

    Your issue was with CDPComActivityStore but what is that? God knows. Should SYSTEM have authority or not? If it should then why - for what purpose? If it should not then why give it the authority? Just to stop an event viewer entry?

    If we automatically grant DCOM authorities to match messages in the log saying "give me authority" then there is no point in having authority at all.

    Perhaps changing permissions to match errors is not necessarily correct. It could be the permissions are correct and the error messages are wrong. In that case granting permissions to get rid of event viewer log entries is in fact a bad idea.

    Thanks for the rep anyway
      My ComputerSystem Spec
  7.    06 Sep 2017 #47
    Join Date : Jun 2015
    UK
    Posts : 2,263
    Windows 10 Home x64 (Laptop), Windows 10 Pro x64 (Desktop)

    Quote Originally Posted by lx07 View Post
    Honestly? In my opinion it is because it doesn't matter what event viewer says..

    My concern is granting some DCOM authority for a process that we don't know what it does is a risk.

    Your issue was with CDPComActivityStore but what is that? God knows. Should SYSTEM have authority or not? If it should then why - for what purpose? If it should not then why give it the authority? Just to stop an event viewer entry?

    If we automatically grant DCOM authorities to match messages in the log saying "give me authority" then there is no point in having authority at all.

    Perhaps changing permissions to match errors is not necessarily correct. It could be the permissions are correct and the error messages are wrong. In that case granting permissions to get rid of event viewer log entries is in fact a bad idea.

    Thanks for the rep anyway
    Hmm. Excellent point!
      My ComputersSystem Spec

 
Page 5 of 5 FirstFirst ... 345


Similar Threads
Thread Forum
Local Permission Hang - Plz Assist me
Am on Win 10 (64 Bits) and whenever I am using IE it suddenly stops responding and then sometime I can close via task manager and everything works and sumtimes whole computer freezes with most icons on taskbar missing - then I have to restart the...
General Support
Solved Need Administrator Permission
I'm trying to replace calc.exe in the System 32 folder with a version from XP, but keep getting a notice that I don't have permission. I'm in as the Administrator, what more do I need to do? Thanks!
Performance & Maintenance
I do not have permission????
I created a new user profile in windows 10 with administrator permission. Now when I try to access a file on drive f, I am denied permission to even open the folder. l hate windows permission, since I am the only one that has access to my...
General Support
Permission Issues
Windows 10 seems to have developed an issue for me that is causing UAC-like prompts suggesting that I need Administrator permission. I should probably mention that I am actually using the real Administrator account (this was an upgrade installation...
General Support
Solved Activation woes - Windows needs activation to personalize
Hi there anybody else got this -- trying to personalize PC -got you need to activate windows before you can personalize PC. Now what do I do !!!!!?! Is this normal (I did an UPDATE rather than a new install BTW). Cheers
Windows Updates and Activation
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 21:02.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums