Windows 10: Windows 10 Event ID 10010 and 10016 Errors With DistributedCOM

Page 2 of 21 FirstFirst 123412 ... LastLast
  1.    04 Jan 2016 #11

    glnz said: View Post
    Sorry, Vaio 7's suggestions above did not work for me for 10016. In DCOM, the entries on the Security Tab remained greyed out, even after the regedit changes. I even tried in Win 10's Safe Mode - same thing.
    Also, "HKEYLocalMachine\Appid" isn't a complete guide. There's another level in between.
    Still looking for an answer to this. Thanks.
    Same here, I followed the steps and the DCOM security tab options are grayed out.

    I tried to restore my registry back but it is not letting me because I changed the permissions for the two entries to Administrator and Admin does not have full permissions.

    Is there any way for me to revert back or restore my registry?

    Thanks,

    Rick
      My ComputerSystem Spec

  2.    05 Jan 2016 #12

    C5Longhorn said: View Post
    Same here, I followed the steps and the DCOM security tab options are grayed out.

    I tried to restore my registry back but it is not letting me because I changed the permissions for the two entries to Administrator and Admin does not have full permissions.

    Is there any way for me to revert back or restore my registry?

    Thanks,

    Rick
    You had to change the ownership to Administrators (with an s) not Administrator (which is the built in administrator account and not the same thing).

    This powershell script will take ownership of the 2 keys for the 10016 RuntimeBroker error, grant authority to Administrators group and then change the ownership back to TrustedInstaller (which it what it should be).

    To do this open an elevated powershell window (right click and run as administrator). Then copy everything in the box below, paste it into the powershell window and press enter.

    You can select everything in the box by triple clicking, then ctrl + C to copy and ctrl + V to paste.
    Code:
    function enable-privilege
    {	param(
    	## The privilege to adjust. This set is taken from http://msdn.microsoft.com/en-us/library/bb530716(VS.85).aspx
     	[ValidateSet(
    	"SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege", "SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege",
    	"SeCreatePagefilePrivilege", "SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege",
    	"SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege",
    	"SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege", "SeLockMemoryPrivilege",
    	"SeMachineAccountPrivilege", "SeManageVolumePrivilege", "SeProfileSingleProcessPrivilege", "SeRelabelPrivilege",
    	"SeRemoteShutdownPrivilege", "SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege",
    	"SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege", "SeTakeOwnershipPrivilege", "SeTcbPrivilege",
    	"SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege", "SeUndockPrivilege", "SeUnsolicitedInputPrivilege")]
    	$Privilege,
    	## The process on which to adjust the privilege. Defaults to the current process.
    	$ProcessId = $pid,
    	## Switch to disable the privilege, rather than enable it.
    	[Switch] $Disable
    	)
    	## Taken from P/Invoke.NET with minor adjustments.
     $definition = @'
     using System;
     using System.Runtime.InteropServices;
      
     public class AdjPriv
     {
      [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
      internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
       ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
      
      [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
      internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
      [DllImport("advapi32.dll", SetLastError = true)]
      internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
      [StructLayout(LayoutKind.Sequential, Pack = 1)]
      internal struct TokPriv1Luid
      {
       public int Count;
       public long Luid;
       public int Attr;
      }
      
      internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
      internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
      internal const int TOKEN_QUERY = 0x00000008;
      internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
      public static bool EnablePrivilege(long processHandle, string privilege, bool disable)
      {
       bool retVal;
       TokPriv1Luid tp;
       IntPtr hproc = new IntPtr(processHandle);
       IntPtr htok = IntPtr.Zero;
       retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
       tp.Count = 1;
       tp.Luid = 0;
       if(disable)
       {
        tp.Attr = SE_PRIVILEGE_DISABLED;
       }
       else
       {
        tp.Attr = SE_PRIVILEGE_ENABLED;
       }
       retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
       retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
       return retVal;
      }
     }
    '@
     $processHandle = (Get-Process -id $ProcessId).Handle
     $type = Add-Type $definition -PassThru
     $type[0]::EnablePrivilege($processHandle, $Privilege, $Disable)
    }
    #------------------------------------------------------------------------------------------------------------------------------------------------------
    function Takeown-Registry($key) 
    {	switch ($key.split('\')[0])
    	{	"HKEY_CLASSES_ROOT" 
    		{	$reg = [Microsoft.Win32.Registry]::ClassesRoot
    			$key = $key.substring(18)
    		}
            "HKEY_CURRENT_USER"
    		{	$reg = [Microsoft.Win32.Registry]::CurrentUser
    			$key = $key.substring(18)
    		}
    		"HKEY_LOCAL_MACHINE"
    		{	$reg = [Microsoft.Win32.Registry]::LocalMachine
    			$key = $key.substring(19)
    		}
    	}
    
    	# take ownership
    	$key = $reg.OpenSubKey($key, "ReadWriteSubTree", "TakeOwnership")
    	$owner = [Security.Principal.NTAccount]"Administrators"
    	$acl = $key.GetAccessControl()
    	$acl.SetOwner($owner)
    	$key.SetAccessControl($acl)
    
    	# set FullControl
    	$acl = $key.GetAccessControl()
    	$rule = New-Object System.Security.AccessControl.RegistryAccessRule("Administrators", "FullControl", "Allow")
    	$acl.SetAccessRule($rule)
    	$key.SetAccessControl($acl)
    	
    	# reset owner
    	$owner = [Security.Principal.NTAccount]"NT SERVICE\TrustedInstaller"
    	$acl = $key.GetAccessControl()
    	$acl.SetOwner($owner)
    	$key.SetAccessControl($acl)
    }
    #------------------------------------------------------------------------------------------------------------------------------------------------------
    # Grant authority to registry key
    
    Write-Host; Write-Host "Elevating privileges for this process" -f yellow; Write-Host
    
    do {$result = enable-privilege SeTakeOwnershipPrivilege } 
    until ($result -eq $true)
    do {$result = enable-privilege SeRestorePrivilege } 
    until ($result -eq $true)
    
    $key="HKEY_CLASSES_ROOT\AppID\{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}"
    Write-Host "Granting authority to $key"
    Takeown-Registry($key)
    
    $key="HKEY_CLASSES_ROOT\CLSID\{D63B10C5-BB46-4990-A94F-E40B9D520160}"
    Write-Host "Granting authority to $key"
    Takeown-Registry($key)
    
    Write-Host; Write-Host "Done"; Write-Host

    The result should look like this (it should say "Done") and you can then go to component services and update your DCOM permissions for RuntimeBroker if you like.

    Click image for larger version. 

Name:	Capture.PNG 
Views:	88 
Size:	129.4 KB 
ID:	57135

    Note if you've changed some other keys then you'll have to edit the script or do it manually but the steps are the same - change owner to Administrators, grant authority to Administrators, change ownership back to TrustedInstaller. You can easily do it using the script above by running it and then when it has run change $key to whatever you want and run the Takeown-Registry function
    Code:
    $key="HKEY_CLASSES_ROOT\AppID\{<whatever>}"
    Takeown-Registry($key)
    Last edited by lx07; 05 Jan 2016 at 04:56. Reason: RuntimeBroker
      My ComputerSystem Spec

  3.    05 Jan 2016 #13

    Hi,

    Well done lx07.

    Cheers,
      My ComputerSystem Spec

  4. glnz's Avatar
    Posts : 99
    Dual-boot Win 7 & 10, both Pro 64-bit
       05 Jan 2016 #14

    lx07 - wow!

    I wonder how many years I'd need to learn what you know.

    Questions: If there's anything "different" in my setup (Win 10 Pro 64-bit) that causes your program to stumble or fail, will your program exit gracefully and/or reverse what it had done before stumbling? If not, do I run risks?

    Many thanks.
      My ComputerSystem Spec

  5.    05 Jan 2016 #15

    glnz said: View Post
    lx07 - wow!

    I wonder how many years I'd need to learn what you know.

    Questions: If there's anything "different" in my setup (Win 10 Pro 64-bit) that causes your program to stumble or fail, will your program exit gracefully and/or reverse what it had done before stumbling? If not, do I run risks?

    Many thanks.
    Most of the script is just for giving itself authority to make the change (which I copied from TechNet site).

    The script only changes the permissions on 2 registry keys so it will work or not. If you copy the whole script the only reasons I can think of it would fail would be if these keys didn't exist (which would indicate a bigger problem) or if you didn't paste it into an administrator powershell window.

    Even if it doesn't work you can always make the same changes manually - it is just easier to run a script than use the GUI (I think anyway).
      My ComputerSystem Spec

  6. glnz's Avatar
    Posts : 99
    Dual-boot Win 7 & 10, both Pro 64-bit
       05 Jan 2016 #16

    lx07 - Because you are THE MAN, may I ask you the following --

    Vaio 7 also wrote:
    Now open Component Services, Computer, My computer, DCOM config and find ( from the Registry keys above) the Description, it should be Runtime Broker, at least it was for me, if it's other then do it for the exact Component service, right click then Properties then Security tab, then open the Launch and Activation permissions Edit button and depending on the Event Viewer description if it's Local Service or System, click Add, add one of the two and enable the box " Local Activation".

    Because my Edit button was greyed out, I never got to see what came next - the text I bolded above. And Vaio 7 takes shortcuts with his descriptions. Do you think his description is correct and doesn't skip something important? Is there anything else?

    Thanks again.
      My ComputerSystem Spec

  7.    05 Jan 2016 #17

    lx07,

    Thank you for the help. It looks like that solved the issue. One question, should I go back into RegEdit and set the permission owner for the keys generating the error back to TrustedInstaller?

    EDIT: It looks like the script automatically updates the permission owner back to TrustedInstaller

    Rick
    Last edited by C5Longhorn; 05 Jan 2016 at 09:02. Reason: update info
      My ComputerSystem Spec

  8.    05 Jan 2016 #18

    C5Longhorn said: View Post
    lx07,

    Thank you for the help. It looks like that solved the issue. One question, should I go back into RegEdit and set the permission owner for the keys generating the error back to TrustedInstaller?

    Rick
    No need. The script already did it.

    If you look in this bit (don't worry you don't need to know powershell just look at the bits in red) you see it changes ownership to Administrators group, grants authority to Administrators group and then changes the owner to TrustedInstaller.
    Code:
    	# take ownership
    	$key = $reg.OpenSubKey($key, "ReadWriteSubTree", "TakeOwnership")
    	$owner = [Security.Principal.NTAccount]"Administrators"
    	$acl = $key.GetAccessControl()
    	$acl.SetOwner($owner)
    	$key.SetAccessControl($acl)
    
    	# set FullControl
    	$acl = $key.GetAccessControl()
    	$rule = New-Object System.Security.AccessControl.RegistryAccessRule("Administrators", "FullControl", "Allow")
    	$acl.SetAccessRule($rule)
    	$key.SetAccessControl($acl)
    	
    	# reset owner
    	$owner = [Security.Principal.NTAccount]"NT SERVICE\TrustedInstaller"
    	$acl = $key.GetAccessControl()
    	$acl.SetOwner($owner)
    	$key.SetAccessControl($acl)


    All should be done.. Now the ownership is correct but members of the Administrators group have permissions to change DCOM permissions for RuntimeBroker. This means you can go into DCOM and add the permissions you want.

    glnz said: View Post
    open the Launch and Activation permissions Edit button and depending on the Event Viewer description if it's Local Service or System, click Add, add one of the two and enable the box " Local Activation".

    Because my Edit button was greyed out, I never got to see what came next - the text I bolded above. And Vaio 7 takes shortcuts with his descriptions. Do you think his description is correct and doesn't skip something important? Is there anything else?
    Yes their instructions were correct.

    Runing the script takes care of all the regedit part (which can be confusing to explain) and then it should no longer be greyed out in DCOM.

    Then if your event viewer said "User Local Service had a problem..." or "User System had a problem..." you can add whichever one it reported as an error. I added both (with local launch and activation permissions) as in this picture.

    Click image for larger version. 

Name:	Authorities.PNG 
Views:	7 
Size:	80.5 KB 
ID:	57171

    @f14tomcat and @fdegrove posted links to more detailed descriptions earlier in this thread if this isn't clear.

    I'd write a script to do the DCOM changes as well as regedit but unfortunately I don't know how yet...


    Best of luck
    Last edited by lx07; 05 Jan 2016 at 09:41.
      My ComputerSystem Spec


  9. Posts : 4
    Windows 10 64-bit Home
       07 Jan 2016 #19

    Hello guys
    Tried to resolve this on-going error 10016 with Runtime Broker for quite some time now. I tried to do it manually through Registry and I also run this excellent script written by lx07 (run it successfully). Everything is good up to this point (see attached screen shot)


    Now I also get this message when I click on 'Access Permissions'. I didn't dare to click 'remove' though. But when I click on 'cancel' everything is grey out so I can't do anything. Any ideas, please?
    BTW - great forum!
    Attached Thumbnails Attached Thumbnails RuntimeBroker Properties.PNG  
      My ComputerSystem Spec


  10. Posts : 62
    W7 x64 & W10 Pro x64 (Dual boot)
       07 Jan 2016 #20

    Jackk3 said: View Post
    Hello guys
    Tried to resolve this on-going error 10016 with Runtime Broker for quite some time now. I tried to do it manually through Registry and I also run this excellent script written by lx07 (run it successfully). Everything is good up to this point (see attached screen shot)


    Now I also get this message when I click on 'Access Permissions'. I didn't dare to click 'remove' though. But when I click on 'cancel' everything is grey out so I can't do anything. Any ideas, please?
    BTW - great forum!
    Hi,

    Click on "Remove", then continue with this:



    then OK, then "Apply", and OK.
    Reboot.
    Enjoy!
      My ComputerSystem Spec


 
Page 2 of 21 FirstFirst 123412 ... LastLast

Related Threads
Event 10016, DistributedCOM in Performance & Maintenance
Since upgrading to Windows 10, my error log is flooded with this message. Over 520 incidents in the past week. The instructions provided for that error in Windows 8 do not work with 10, since it is impossible to grant full permission to the...
Weird event viewer errors in Performance & Maintenance
Hello, Event Viewer is showing the following errors: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. The User...
This appears to be a general issue with windows 10, I always get the following errors on shutdown: The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000...
Worried about event viewer errors in Performance & Maintenance
hi guys managed to install windows 10 and everything seems to be working great. I looked in event viewer and I'm getting loads of errors, the same over and over. one is that keeps coming up is kernel-power event id 137 The system...
ESENT errors in my Event Log in BSOD Crashes and Debugging
On Windows 10 Pro x64 I am getting quite a few ESSENT errors in my Event Log after I start up W10. I see Event ID's 413, 455, 488, and 489. If these are indicative of a problem does anyone know the fix? Thanks
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 01:48.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums