New
#361
I fail to understand why you are all wasting your time trying to fix these 'problems'.
I fail to understand why you are all wasting your time trying to fix these 'problems'.
You can avoid all the hassle of changing the owner to Administrator and back to Trustedinstaller (needed step that has to be taken!) by running DCOMCNFG.EXE as Trustedinstaller via the PowerRun or ExecTI tool.
But, I would agree with the opinion of other users, that is a waste of time and effort, as Microsoft needs to resolve these problems and until that time comes there is a great possibility, that the next update will revert all manual fixes!
It only took Microsoft over 2 years to report they acknowledged this error, only to inform that we should ignore it .
https://support.microsoft.com/af-za/...ws-server-2016 :
I highlighted in red the "scary part", which could mean if one forgets to revert the ownership to Trustedinstaller. That's not bad. That's progress. Perhaps another 2 years for the actual fix?Cause
The event logs are recorded because certain processes don't have permissions to the DCOM components that are mentioned in the event logs. The specific communications that are blocked are determined to have no adverse functionality other than generating 10016 event logs. These event logs can be safely ignored.
Workaround
You may change the permissions on DCOM components to prevent this error from being logged. However, this workaround may have side effects. It's better to just ignore these errors because they don't adversely affect functionality.
Status
These events can be safely ignored.
Edit: fixed link
Last edited by Soyabeaner; 24 Feb 2018 at 17:08.
Hi,
These errors are easy enough to fix if you follow the instructions or better still if you use @lxo7 's PS script in elevated mode.
That said DCOM is really unimportant and most errors can safely be ignored.
I've always been able to fix any of them but that's just because MS doesn't care to fix them in a permanent manner anyhow.
lx07 's script which works fine for EV ID 10010 and 10016:
Cheers,Code:function enable-privilege { param( ## The privilege to adjust. This set is taken from http://msdn.microsoft.com/en-us/libr...16(VS.85).aspx [ValidateSet( "SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege", "SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege", "SeCreatePagefilePrivilege", "SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege", "SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege", "SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege", "SeLockMemoryPrivilege", "SeMachineAccountPrivilege", "SeManageVolumePrivilege", "SeProfileSingleProcessPrivilege", "SeRelabelPrivilege", "SeRemoteShutdownPrivilege", "SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege", "SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege", "SeTakeOwnershipPrivilege", "SeTcbPrivilege", "SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege", "SeUndockPrivilege", "SeUnsolicitedInputPrivilege")] $Privilege, ## The process on which to adjust the privilege. Defaults to the current process. $ProcessId = $pid, ## Switch to disable the privilege, rather than enable it. [Switch] $Disable ) ## Taken from P/Invoke.NET with minor adjustments. $definition = @' using System; using System.Runtime.InteropServices; public class AdjPriv { [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen); [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid); [StructLayout(LayoutKind.Sequential, Pack = 1)] internal struct TokPriv1Luid { public int Count; public long Luid; public int Attr; } internal const int SE_PRIVILEGE_ENABLED = 0x00000002; internal const int SE_PRIVILEGE_DISABLED = 0x00000000; internal const int TOKEN_QUERY = 0x00000008; internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020; public static bool EnablePrivilege(long processHandle, string privilege, bool disable) { bool retVal; TokPriv1Luid tp; IntPtr hproc = new IntPtr(processHandle); IntPtr htok = IntPtr.Zero; retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok); tp.Count = 1; tp.Luid = 0; if(disable) { tp.Attr = SE_PRIVILEGE_DISABLED; } else { tp.Attr = SE_PRIVILEGE_ENABLED; } retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid); retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero); return retVal; } } '@ $processHandle = (Get-Process -id $ProcessId).Handle $type = Add-Type $definition -PassThru $type[0]::EnablePrivilege($processHandle, $Privilege, $Disable) } #------------------------------------------------------------------------------------------------------------------------------------------------------ function Takeown-Registry($key) { switch ($key.split('\')[0]) { "HKEY_CLASSES_ROOT" { $reg = [Microsoft.Win32.Registry]::ClassesRoot $key = $key.substring(18) } "HKEY_CURRENT_USER" { $reg = [Microsoft.Win32.Registry]::CurrentUser $key = $key.substring(18) } "HKEY_LOCAL_MACHINE" { $reg = [Microsoft.Win32.Registry]::LocalMachine $key = $key.substring(19) } } # take ownership $key = $reg.OpenSubKey($key, "ReadWriteSubTree", "TakeOwnership") $owner = [Security.Principal.NTAccount]"Administrators" $acl = $key.GetAccessControl() $acl.SetOwner($owner) $key.SetAccessControl($acl) # set FullControl $acl = $key.GetAccessControl() $rule = New-Object System.Security.AccessControl.RegistryAccessRule("Administrators", "FullControl", "Allow") $acl.SetAccessRule($rule) $key.SetAccessControl($acl) # reset owner $owner = [Security.Principal.NTAccount]"NT SERVICE\TrustedInstaller" $acl = $key.GetAccessControl() $acl.SetOwner($owner) $key.SetAccessControl($acl) } #------------------------------------------------------------------------------------------------------------------------------------------------------ # Grant authority to registry key Write-Host; Write-Host "Elevating privileges for this process" -f yellow; Write-Host do {$result = enable-privilege SeTakeOwnershipPrivilege } until ($result -eq $true) do {$result = enable-privilege SeRestorePrivilege } until ($result -eq $true) $key="HKEY_CLASSES_ROOT\AppID\{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}" Write-Host "Granting authority to $key" Takeown-Registry($key) $key="HKEY_CLASSES_ROOT\CLSID\{D63B10C5-BB46-4990-A94F-E40B9D520160}" Write-Host "Granting authority to $key" Takeown-Registry($key) Write-Host; Write-Host "Done"; Write-Host
EDIT: @ Soyabeaner : The link does not work .
Hi,
That code should be run in an elevated Powershell box, @ Joanne.
And yes, you can just copy the code and paste it into PS. Just press Enter and it will run. When finished restart your machine and the DCOM error should no longer occur for both the error IDs I mentioned above.
You probably only have error ID 10016 I guess.
Cheers,
Ahh.... Unfortunately, it appeared again on my system...
It says:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user MYCOMPUTER\me SID (S-1-5-21-1426068633-1628407926-2868926636-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.