Windows 10 Event ID 10010 and 10016 Errors With DistributedCOM

no i use just start10 without UxTheme Signature Bypass, there's no aeroglass yet for 1709 version

I wrote a batch file to re-set the dcom permissions in hopes of clearing this all up.
I will spare you the details and reasons why this keeps cropping up, but suffice it to say, Microsoft needs to clean up their mess better.

so my script requires you locate a compiled copy of the DcomPerm.exe tool
(If I can paste URLs, I found it here: Steven Van de Craens Blog )

You will also need a copy of setACL.exe. for both 32bit and 64bit windows.
Download Delprof2, SetACL (Studio) and uberAgent • Helge Klein
I have both in the same folder, renamed as setACL32.exe and setACL64.exe respectively, and my script looks at the OS of the machine you are running on and selects the appropriate one.

Create a folder, copy those files into it, and save this script in there as "Find_and_Fix_Dcom.bat".
The very first line of my script will prompt for elevation if the script was not run as administrator. (I am quite proud of that single line of code. You can add that line to the top of any batch file you want to always run as admin. )

Moving on, the script uses WevtUtil to look in the eventlog for dcom 10016 errors and extracts the important bits from the error to determine what permissions to set. Then it takes ownership of the appropriate registry key, sets the permissions for the appid, and grants Local Activation to the BUILTIN\Users group before restoring TrustedInstaller as the owner of the key.

Finally, it gives a little report on what appid's were fixed.
So without further ado, here is the script:
------------

Code:

:ELEVATE
@echo off &>nul 2>&1 fsutil dirty query %systemdrive% || echo CreateObject^("Shell.Application"^).ShellExecute "%~0", "%*", "", "runas", 1 > "%temp%\uac.vbs" && "%temp%\uac.vbs" && exit /b & CD /d %~dp0
setlocal EnableDelayedExpansion
 
set workdir=%~dp0
if defined ProgramFiles(x86) (set SETACL=%workdir%setACL64.exe) else (set SETACL=%workdir%setACL32.exe)
set keypath=HKEY_CLASSES_ROOT\AppID
 
echo [ Fetching DCOM Errors from eventlog... ]
 
for /f "usebackq tokens=1-7" %%A in (`wevtutil qe System /rd:true /f:text /q:"*[System[EventID=10016]]" ^|findstr "{ user"`) do (
set PARAM=%%A
set USERID=
rem set PARAM=!PARAM:~0,1!
 
if /I "!PARAM:~0,1!"=="{"  (
  set APPID=%%A
      )
rem The CLSID will automatically get overwritten by the APPID from the output of wevtutil. Sneaky!
 
if "%%C"=="user" (rem Find the user ID and get the whole thing... IE, NT Authority/Local Service, NT Authority/System, Computername\user.
  if "%%G" EQU "SID" (set USERID=%%D %%E %%F)
  if "%%F" EQU "SID" (set USERID=%%D %%E)
  if "%%E" EQU "SID" (set USERID=%%D)
 
 
if not defined !APPID!!USERID! (rem Dont do it if its already been done.
echo.
echo.
echo "!USERID!" needs Local Activation permissions to !APPID!.
openfiles > nul
if %errorlevel% equ 0 (
echo [ Setting ADMINS as owner of the registry key %keypath%\!APPID! and grant full control ]
%SETACL% -on "%keypath%\!APPID!" -ot reg -actn setowner -ownr "n:S-1-5-32-544" -silent
%SETACL% -on "%keypath%\!APPID!" -ot reg -actn ace -ace "n:S-1-5-32-544;p:full;s:y;i:so,sc;m:set;w:dacl" -silent
echo [ Granting DCOM local activation permissions... ]
%workdir%dcomperm -al !APPID! set "!USERID!" permit level:la
rem Also granting local activation to the local users group because this might actually be the magic bullet. (and chrome was still causing the error)
%workdir%dcomperm -al !APPID! set "BUILTIN\Users" permit level:la
echo [ Restoring TrustedInstaller as owner ]
REM because if you dont, you will get dcom errors for a different reason. (Citing required)
%SETACL% -on "%keypath%\!APPID!" -ot reg -actn setowner -ownr "n:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464;s:y" -silent
echo.
)
rem some examples...
rem setACL64.exe -on "HKEY_CLASSES_ROOT\AppID\{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}" -ot reg -actn setowner -ownr "n:S-1-5-32-544"
rem setACL64.exe -on "HKEY_CLASSES_ROOT\AppID\{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}" -ot reg -actn ace -ace "n:S-1-5-32-544;p:full;s:y;i:so,sc;m:set;w:dacl"
rem dcomperm -al {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} set "BUILTIN\Users" permit level:la
rem setACL64.exe -on "HKEY_CLASSES_ROOT\AppID\{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}" -ot reg -actn setowner -ownr "n:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464;s:y"
 
rem echo %workdir%\dcomperm -al !APPID! set !USERID! permit level:la
 
rem Flag this appid as completed.
set !APPID!!USERID!=done
 
 )
)
rem End of For Loop
)
echo.
set {
 
echo [ Finished ]
echo.
echo Finished fixing dcom. Press any key to clear event logs
pause
for /f "tokens=*" %%a in ('WEVTUTIL EL') do (WEVTUTIL CL "%%a")
echo event logs cleared. All Done!
 
timeout 30
 
:EXIT

fdegrove said:

If it were to be universal then we'd have far more users complaining about it but is not.

Nonsense. It is a universal problem in the sense that lots and lots of installations have these. It's quite possible that there are some that don't, but if so I haven't seen any of the latter kind. And, most of these are due to obvious misconfigurations of DCOM object permissions.

Some of them pose as permissions errors, but no matter what permissions you add they will persist. Those turn out to be related to the complete and utter mess that Microsoft has created by bolting new types of SID's (those infamous app container SIDSs) onto that Rube Goldberg contraption that is Windows 10.

Like I have commented before, Microsoft seems to have lost control of their code base. Oh well.

JonnyPhenomenon said:

I wrote a batch file to re-set the dcom permissions in hopes of clearing this all up.

I would not recommend an automated procedure of that kind. Unfortunately, some DCOM objects have permissions structures that are completely effed up (the infamous RuntimeBroker is one of these, by the way) such that permissions cannot be added without removing some unknown permissions, with equally unknown consequences. You have been warned.

JonnyPhenomenon said:

I wrote a batch file to re-set the dcom permissions in hopes of clearing this all up.
I will spare you the details and reasons why this keeps cropping up, but suffice it to say, Microsoft needs to clean up their mess better.

so my script requires you locate a compiled copy of the DcomPerm.exe tool
(If I can paste URLs, I found it here: Steven Van de Craens Blog )

You will also need a copy of setACL.exe. for both 32bit and 64bit windows.
Download Delprof2, SetACL (Studio) and uberAgent • Helge Klein
I have both in the same folder, renamed as setACL32.exe and setACL64.exe respectively, and my script looks at the OS of the machine you are running on and selects the appropriate one.

Create a folder, copy those files into it, and save this script in there as "Find_and_Fix_Dcom.bat".
The very first line of my script will prompt for elevation if the script was not run as administrator. (I am quite proud of that single line of code. You can add that line to the top of any batch file you want to always run as admin. )

Moving on, the script uses WevtUtil to look in the eventlog for dcom 10016 errors and extracts the important bits from the error to determine what permissions to set. Then it takes ownership of the appropriate registry key, sets the permissions for the appid, and grants Local Activation to the BUILTIN\Users group before restoring TrustedInstaller as the owner of the key.

Finally, it gives a little report on what appid's were fixed.
So without further ado, here is the script:
------------

Code:

:ELEVATE
@echo off &>nul 2>&1 fsutil dirty query %systemdrive% || echo CreateObject^("Shell.Application"^).ShellExecute "%~0", "%*", "", "runas", 1 > "%temp%\uac.vbs" && "%temp%\uac.vbs" && exit /b & CD /d %~dp0
setlocal EnableDelayedExpansion
 
set workdir=%~dp0
if defined ProgramFiles(x86) (set SETACL=%workdir%setACL64.exe) else (set SETACL=%workdir%setACL32.exe)
set keypath=HKEY_CLASSES_ROOT\AppID
 
echo [ Fetching DCOM Errors from eventlog... ]
 
for /f "usebackq tokens=1-7" %%A in (`wevtutil qe System /rd:true /f:text /q:"*[System[EventID=10016]]" ^|findstr "{ user"`) do (
set PARAM=%%A
set USERID=
rem set PARAM=!PARAM:~0,1!
 
if /I "!PARAM:~0,1!"=="{"  (
  set APPID=%%A
      )
rem The CLSID will automatically get overwritten by the APPID from the output of wevtutil. Sneaky!
 
if "%%C"=="user" (rem Find the user ID and get the whole thing... IE, NT Authority/Local Service, NT Authority/System, Computername\user.
  if "%%G" EQU "SID" (set USERID=%%D %%E %%F)
  if "%%F" EQU "SID" (set USERID=%%D %%E)
  if "%%E" EQU "SID" (set USERID=%%D)
 
 
if not defined !APPID!!USERID! (rem Dont do it if its already been done.
echo.
echo.
echo "!USERID!" needs Local Activation permissions to !APPID!.
openfiles > nul
if %errorlevel% equ 0 (
echo [ Setting ADMINS as owner of the registry key %keypath%\!APPID! and grant full control ]
%SETACL% -on "%keypath%\!APPID!" -ot reg -actn setowner -ownr "n:S-1-5-32-544" -silent
%SETACL% -on "%keypath%\!APPID!" -ot reg -actn ace -ace "n:S-1-5-32-544;p:full;s:y;i:so,sc;m:set;w:dacl" -silent
echo [ Granting DCOM local activation permissions... ]
%workdir%dcomperm -al !APPID! set "!USERID!" permit level:la
rem Also granting local activation to the local users group because this might actually be the magic bullet. (and chrome was still causing the error)
%workdir%dcomperm -al !APPID! set "BUILTIN\Users" permit level:la
echo [ Restoring TrustedInstaller as owner ]
REM because if you dont, you will get dcom errors for a different reason. (Citing required)
%SETACL% -on "%keypath%\!APPID!" -ot reg -actn setowner -ownr "n:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464;s:y" -silent
echo.
)
rem some examples...
rem setACL64.exe -on "HKEY_CLASSES_ROOT\AppID\{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}" -ot reg -actn setowner -ownr "n:S-1-5-32-544"
rem setACL64.exe -on "HKEY_CLASSES_ROOT\AppID\{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}" -ot reg -actn ace -ace "n:S-1-5-32-544;p:full;s:y;i:so,sc;m:set;w:dacl"
rem dcomperm -al {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} set "BUILTIN\Users" permit level:la
rem setACL64.exe -on "HKEY_CLASSES_ROOT\AppID\{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}" -ot reg -actn setowner -ownr "n:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464;s:y"
 
rem echo %workdir%\dcomperm -al !APPID! set !USERID! permit level:la
 
rem Flag this appid as completed.
set !APPID!!USERID!=done
 
 )
)
rem End of For Loop
)
echo.
set {
 
echo [ Finished ]
echo.
echo Finished fixing dcom. Press any key to clear event logs
pause
for /f "tokens=*" %%a in ('WEVTUTIL EL') do (WEVTUTIL CL "%%a")
echo event logs cleared. All Done!
 
timeout 30
 
:EXIT

Are you totally confident your script won't screw up Windows due to software design issues known only to MS you are unaware of?

Hello,
Details of problem given below:
Log Name: SystemSource: Microsoft-Windows-DistributedCOMDate: 17.11.2017 20:26:41Event ID: 10016Task Category: NoneLevel: ErrorKeywords: ClassicUser: DESKTOP-******\(user name)Computer: DESKTOP-S93V0F1Description:The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-******\(user name) SID (S-1-5-21-3948725417-1733483578-2447231803-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

I tried every single solution given in ten forums and Microsoft related forums (like social.technet.microsoft) in every details. But no any permanent solution was obtained. Lastly I applied the solution step by step every detail of it given in the link:

https://appuals.com/how-to-fix-dcom-error-10016-on-windows-7-8-and-10/

Thisone worked for me. Now notices in "Event Viewer" disappeared for DCOM.

I have a similar issue:

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user michele\my pc SID (S-1-5-21-2832376193-1952021688-2811500842-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c SID (S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734). This security permission can be modified using the Component Services administrative tool.

After roughly 20 minuts after I turn on the computer, the scereen freezes. I can still hear the audio and move the pad on the screen, but the rest of the screen is frozen. Even ctrl+alt+canc is useless.
I have already tried the standard procedure: hkey_classes_root/clsid/{C2F03A33-21F5-47FA-B4BB-156362A2F239
dcomcnfg --> component services --> dcom config --> immersive shell --> properties --> security --> launch an activation permission --> edit --> type my user's account name --> select "allow" in for all the check boxes.
However, it does not work! I no longer know how to do, does anyone has any idea? Thx

Vaio 7 said:

Event id 7031, you will have to wait until M$ provides a fix it happens during shutdown and its Sync Host session, I have the same.
Same for Event id 10010, Cortana, not much to do.
Now Event Id 10016 can be easily fixed. When you look @ the Event Viewer description there is a CLSID and an AppID involved.
You will have to open regedit with admin rights, navigate to HKeyClassesRoot\CLSId and when you find the id in question, right click then Permissions and temporarily change owner from TrustedInstaller to Administrators.
Same for HKEYLocalMachine\Appid.
Now open Component Services, Computer, My computer, DCOM config and find ( from the Registry keys above) the Description, it should be Runtime Broker, at least it was for me, if it's other then do it for the exact Component service, right click then Properties then Security tab, then open the Launch and Activation permissions Edit button and depending on the Event Viewer description if it's Local Service or System, click Add, add one of the two and enable the box " Local Activation".
Now go back to regedit and for the CLSID & Appid changed ownerships revert back to default TrustedInstaller.
(You should write NT SERVICE\TrustedInstaller to revert ownership to default).
Reboot and Error 10016 is gone forever.

when i go to the component services under dcom config....i have to look for the same ids that the errors show me in the event viewer? (so the name ids i had to look for in the registry?) or what exactly do you mean there? with "description"?

"You will have to open regedit with admin rights, navigate to HKeyClassesRoot\CLSId and when you find the id in question, right click then Permissions and temporarily change owner from TrustedInstaller to Administrators.
Same for HKEYLocalMachine\Appid."

after I press to permissions, i can't change anything , because it appears a window saying:

" unable to save permissions changes on (CLSID id ). Access is denied

Mike0094 said:

Access is denied

Take ownership first.



Change the word "administrators" to whatever it is in Italian if you don't run English Windows.

Then you can grant authority.