Windows 10: Windows 10 Event ID 10010 and 10016 Errors With DistributedCOM

Page 8 of 27 FirstFirst ... 67891018 ... LastLast
  1.    27 Jan 2016 #71

    10010 Event ID Errors after Win7 to Win10 Upgrade


    Just updated from Win7 to Win10 and I have been doing battle with my Event Viewer. A little background, I uninstalled Symantec AV (before upgrade), IIS and Microsoft SQL (both after upgrading to Win 10) while troubleshooting and also changed the user account from a local user account to a Microsoft Live account during this upgrade.
    Currently, I am left with four 7031 Event ID Errors, followed by 291 10010 Event ID errors during restarts.

    The four Service Control Manager 7031 Errors are:
    The Sync Host_5457c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    The Sync Host_5457c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    The User Data Storage_5457c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    The User Data Access_5457c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    The 291 DistributedCOM 10010 Event ID Errors are the same:
    The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

    The key associated with the 10010 errors is WinInetBrokerServer and appears in my registry at the following locations:
    HKEY_CLASSES_ROOT\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}
    HKEY_CLASSES_ROOT\Wow6432Node\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\AppID\{F9717507-6651-4EDB-BFF7-AE615179BCCF}

    I have done a CHKDSK /r and an sfc /SCANNOW to no avail. I also went into dcomcnfg and everything is grayed-out for WinInetBrokerServer. So, I was wondering if I could/should use the PowerShell script to modify WinInetBrokerServer. I figured I'd post this for some sage advice before I do some real damage.
      My ComputerSystem Spec

  2.    25 Feb 2016 #72

    [QUOTE=lx07;523625]You had to change the ownership to Administrators (with an s) not Administrator (which is the built in administrator account and not the same thing).

    This powershell script will take ownership of the 2 keys for the 10016 RuntimeBroker error, grant authority to Administrators group and then change the ownership back to TrustedInstaller (which it what it should be).

    To do this open an elevated powershell window (right click and run as administrator). Then copy everything in the box below, paste it into the powershell window and press enter.

    You can select everything in the box by triple clicking, then ctrl + C to copy and ctrl + V to paste.
    Code:
    function enable-privilege
    {    param(
        ## The privilege to adjust. This set is taken from http://msdn.microsoft.com/en-us/library/bb530716(VS.85).aspx
         [ValidateSet(
        "SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege", "SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege",
        "SeCreatePagefilePrivilege", "SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege",
        "SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege",
        "SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege", "SeLockMemoryPrivilege",
        "SeMachineAccountPrivilege", "SeManageVolumePrivilege", "SeProfileSingleProcessPrivilege", "SeRelabelPrivilege",
        "SeRemoteShutdownPrivilege", "SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege",
        "SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege", "SeTakeOwnershipPrivilege", "SeTcbPrivilege",
        "SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege", "SeUndockPrivilege", "SeUnsolicitedInputPrivilege")]
        $Privilege,
        ## The process on which to adjust the privilege. Defaults to the current process.
        $ProcessId = $pid,
        ## Switch to disable the privilege, rather than enable it.
        [Switch] $Disable
        )
        ## Taken from P/Invoke.NET with minor adjustments.
     $definition = @'
     using System;
     using System.Runtime.InteropServices;
      
     public class AdjPriv
     {
      [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
      internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
       ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
      
      [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
      internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
      [DllImport("advapi32.dll", SetLastError = true)]
      internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
      [StructLayout(LayoutKind.Sequential, Pack = 1)]
      internal struct TokPriv1Luid
      {
       public int Count;
       public long Luid;
       public int Attr;
      }
      
      internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
      internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
      internal const int TOKEN_QUERY = 0x00000008;
      internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
      public static bool EnablePrivilege(long processHandle, string privilege, bool disable)
      {
       bool retVal;
       TokPriv1Luid tp;
       IntPtr hproc = new IntPtr(processHandle);
       IntPtr htok = IntPtr.Zero;
       retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
       tp.Count = 1;
       tp.Luid = 0;
       if(disable)
       {
        tp.Attr = SE_PRIVILEGE_DISABLED;
       }
       else
       {
        tp.Attr = SE_PRIVILEGE_ENABLED;
       }
       retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
       retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
       return retVal;
      }
     }
    '@
     $processHandle = (Get-Process -id $ProcessId).Handle
     $type = Add-Type $definition -PassThru
     $type[0]::EnablePrivilege($processHandle, $Privilege, $Disable)
    }
    #------------------------------------------------------------------------------------------------------------------------------------------------------
    function Takeown-Registry($key) 
    {    switch ($key.split('\')[0])
        {    "HKEY_CLASSES_ROOT" 
            {    $reg = [Microsoft.Win32.Registry]::ClassesRoot
                $key = $key.substring(18)
            }
            "HKEY_CURRENT_USER"
            {    $reg = [Microsoft.Win32.Registry]::CurrentUser
                $key = $key.substring(18)
            }
            "HKEY_LOCAL_MACHINE"
            {    $reg = [Microsoft.Win32.Registry]::LocalMachine
                $key = $key.substring(19)
            }
        }
    
        # take ownership
        $key = $reg.OpenSubKey($key, "ReadWriteSubTree", "TakeOwnership")
        $owner = [Security.Principal.NTAccount]"Administrators"
        $acl = $key.GetAccessControl()
        $acl.SetOwner($owner)
        $key.SetAccessControl($acl)
    
        # set FullControl
        $acl = $key.GetAccessControl()
        $rule = New-Object System.Security.AccessControl.RegistryAccessRule("Administrators", "FullControl", "Allow")
        $acl.SetAccessRule($rule)
        $key.SetAccessControl($acl)
        
        # reset owner
        $owner = [Security.Principal.NTAccount]"NT SERVICE\TrustedInstaller"
        $acl = $key.GetAccessControl()
        $acl.SetOwner($owner)
        $key.SetAccessControl($acl)
    }
    #------------------------------------------------------------------------------------------------------------------------------------------------------
    # Grant authority to registry key
    
    Write-Host; Write-Host "Elevating privileges for this process" -f yellow; Write-Host
    
    do {$result = enable-privilege SeTakeOwnershipPrivilege } 
    until ($result -eq $true)
    do {$result = enable-privilege SeRestorePrivilege } 
    until ($result -eq $true)
    
    $key="HKEY_CLASSES_ROOT\AppID\{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}"
    Write-Host "Granting authority to $key"
    Takeown-Registry($key)
    
    $key="HKEY_CLASSES_ROOT\CLSID\{D63B10C5-BB46-4990-A94F-E40B9D520160}"
    Write-Host "Granting authority to $key"
    Takeown-Registry($key)
    
    Write-Host; Write-Host "Done"; Write-Host

    The result should look like this (it should say "Done") and you can then go to component services and update your DCOM permissions for RuntimeBroker if you like.

    Attachment 57135

    Note if you've changed some other keys then you'll have to edit the script or do it manually but the steps are the same - change owner to Administrators, grant authority to Administrators, change ownership back to TrustedInstaller. You can easily do it using the script above by running it and then when it has run change $key to whatever you want and run the Takeown-Registry function
    Code:
    $key="HKEY_CLASSES_ROOT\AppID\{<whatever>}"
    Takeown-Registry($key)
    [/QUOTE


    Thank you, thank you, this finally got rid of the 10016; next I hope to get rid of the 2 errors 1008 for Bits & Network since they come up together quite often.
    Last edited by csmdew; 26 Feb 2016 at 23:37.
      My ComputerSystem Spec

  3.    15 Mar 2016 #73

    fixed, then back to original error


    the above fix worked for about a day. Unfortunately, I now have multiple 10016 errors. They were, and continue to be related to Cortana and Immersive Shell. The changes I made were to Immersive Shell.
    thanks in advance
      My ComputerSystem Spec

  4.    10 Apr 2016 #74

    Ugh. Tried fixing the problem as prescribed, and I think I made it worse.
      My ComputerSystem Spec

  5.    17 Apr 2016 #75

    lx07 said: View Post
    You had to change the ownership to Administrators (with an s) not Administrator (which is the built in administrator account and not the same thing).

    This powershell script will take ownership of the 2 keys for the 10016 RuntimeBroker error, grant authority to Administrators group and then change the ownership back to TrustedInstaller (which it what it should be).

    To do this open an elevated powershell window (right click and run as administrator). Then copy everything in the box below, paste it into the powershell window and press enter.

    You can select everything in the box by triple clicking, then ctrl + C to copy and ctrl + V to paste.
    Code:
    function enable-privilege
    {	param(
    	## The privilege to adjust. This set is taken from http://msdn.microsoft.com/en-us/library/bb530716(VS.85).aspx
     	[ValidateSet(
    	"SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege", "SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege",
    	"SeCreatePagefilePrivilege", "SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege",
    	"SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege",
    	"SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege", "SeLockMemoryPrivilege",
    	"SeMachineAccountPrivilege", "SeManageVolumePrivilege", "SeProfileSingleProcessPrivilege", "SeRelabelPrivilege",
    	"SeRemoteShutdownPrivilege", "SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege",
    	"SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege", "SeTakeOwnershipPrivilege", "SeTcbPrivilege",
    	"SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege", "SeUndockPrivilege", "SeUnsolicitedInputPrivilege")]
    	$Privilege,
    	## The process on which to adjust the privilege. Defaults to the current process.
    	$ProcessId = $pid,
    	## Switch to disable the privilege, rather than enable it.
    	[Switch] $Disable
    	)
    	## Taken from P/Invoke.NET with minor adjustments.
     $definition = @'
     using System;
     using System.Runtime.InteropServices;
      
     public class AdjPriv
     {
      [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
      internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
       ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
      
      [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
      internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
      [DllImport("advapi32.dll", SetLastError = true)]
      internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
      [StructLayout(LayoutKind.Sequential, Pack = 1)]
      internal struct TokPriv1Luid
      {
       public int Count;
       public long Luid;
       public int Attr;
      }
      
      internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
      internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
      internal const int TOKEN_QUERY = 0x00000008;
      internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
      public static bool EnablePrivilege(long processHandle, string privilege, bool disable)
      {
       bool retVal;
       TokPriv1Luid tp;
       IntPtr hproc = new IntPtr(processHandle);
       IntPtr htok = IntPtr.Zero;
       retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
       tp.Count = 1;
       tp.Luid = 0;
       if(disable)
       {
        tp.Attr = SE_PRIVILEGE_DISABLED;
       }
       else
       {
        tp.Attr = SE_PRIVILEGE_ENABLED;
       }
       retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
       retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
       return retVal;
      }
     }
    '@
     $processHandle = (Get-Process -id $ProcessId).Handle
     $type = Add-Type $definition -PassThru
     $type[0]::EnablePrivilege($processHandle, $Privilege, $Disable)
    }
    #------------------------------------------------------------------------------------------------------------------------------------------------------
    function Takeown-Registry($key) 
    {	switch ($key.split('\')[0])
    	{	"HKEY_CLASSES_ROOT" 
    		{	$reg = [Microsoft.Win32.Registry]::ClassesRoot
    			$key = $key.substring(18)
    		}
            "HKEY_CURRENT_USER"
    		{	$reg = [Microsoft.Win32.Registry]::CurrentUser
    			$key = $key.substring(18)
    		}
    		"HKEY_LOCAL_MACHINE"
    		{	$reg = [Microsoft.Win32.Registry]::LocalMachine
    			$key = $key.substring(19)
    		}
    	}
    
    	# take ownership
    	$key = $reg.OpenSubKey($key, "ReadWriteSubTree", "TakeOwnership")
    	$owner = [Security.Principal.NTAccount]"Administrators"
    	$acl = $key.GetAccessControl()
    	$acl.SetOwner($owner)
    	$key.SetAccessControl($acl)
    
    	# set FullControl
    	$acl = $key.GetAccessControl()
    	$rule = New-Object System.Security.AccessControl.RegistryAccessRule("Administrators", "FullControl", "Allow")
    	$acl.SetAccessRule($rule)
    	$key.SetAccessControl($acl)
    	
    	# reset owner
    	$owner = [Security.Principal.NTAccount]"NT SERVICE\TrustedInstaller"
    	$acl = $key.GetAccessControl()
    	$acl.SetOwner($owner)
    	$key.SetAccessControl($acl)
    }
    #------------------------------------------------------------------------------------------------------------------------------------------------------
    # Grant authority to registry key
    
    Write-Host; Write-Host "Elevating privileges for this process" -f yellow; Write-Host
    
    do {$result = enable-privilege SeTakeOwnershipPrivilege } 
    until ($result -eq $true)
    do {$result = enable-privilege SeRestorePrivilege } 
    until ($result -eq $true)
    
    $key="HKEY_CLASSES_ROOT\AppID\{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}"
    Write-Host "Granting authority to $key"
    Takeown-Registry($key)
    
    $key="HKEY_CLASSES_ROOT\CLSID\{D63B10C5-BB46-4990-A94F-E40B9D520160}"
    Write-Host "Granting authority to $key"
    Takeown-Registry($key)
    
    Write-Host; Write-Host "Done"; Write-Host

    The result should look like this (it should say "Done") and you can then go to component services and update your DCOM permissions for RuntimeBroker if you like.

    Attachment 57135

    Note if you've changed some other keys then you'll have to edit the script or do it manually but the steps are the same - change owner to Administrators, grant authority to Administrators, change ownership back to TrustedInstaller. You can easily do it using the script above by running it and then when it has run change $key to whatever you want and run the Takeown-Registry function
    Code:
    $key="HKEY_CLASSES_ROOT\AppID\{<whatever>}"
    Takeown-Registry($key)
    Hay there just had the same problem that everyone else was having. just copied and pasted the script in to the admin powershell window and it worked. However, is their anything that I need to look out for?
      My ComputerSystem Spec

  6.    18 Apr 2016 #76

    Is this script really safe to use?

    I am getting this error multiple times a day and not sure if its actually causing system problems....
      My ComputerSystem Spec

  7.    20 Apr 2016 #77

    spluff said: View Post
    Is this script really safe to use?

    I am getting this error multiple times a day and not sure if its actually causing system problems....
    Well, I wrote this script and ran it myself before posting it.

    My job is a computer programmer (not on windows platform but the concepts are the same) and I think it is safe.

    However, I would say that it probably doesn't matter if you get various errors in Event Viewer. I wrote this script so I could understand powershell a bit more and also resolve my slight OCD that I have with these errors.

    To be honest, you could run (or not run) the script and your system will work the same either way. You'll get less reported errors in Event Viewer though if that is interesting to you.

    Why not make a backup and then try it?
      My ComputerSystem Spec

  8.    20 Apr 2016 #78

    Hi,

    Lx07's script works fine. I tested it on several occasions so if the DCOM error keeps on popping up then either look at what you're doing wrong or fix the error manually as per Vaio 7's instructions given on the first page.

    This is pretty basic stuff and quite straightforward IMHO. No idea why MS has not fixed this yet, probably because it does no real harm so it's not high on their priority list.

    That said, as many others here, Lx07 is always very helpful and his postings are outstanding, again IMHO. Well done and keep up the good work.

    Cheers,
      My ComputerSystem Spec


  9. Posts : 21,818
    Dual boot - Win 10 Pro & Win 10 Insider (and a sprinkling of VMs)
       20 Apr 2016 #79

    fdegrove said: View Post
    Hi,

    Lx07's script works fine. I tested it on several occasions so if the DCOM error keeps on popping up then either look at what you're doing wrong or fix the error manually as per Vaio 7's instructions given on the first page.

    This is pretty basic stuff and quite straightforward IMHO. No idea why MS has not fixed this yet, probably because it does no real harm so it's not high on their priority list.

    That said, as many others here, Lx07 is always very helpful and his postings are outstanding, again IMHO. Well done and keep up the good work.

    Cheers,
    The result should look like this (it should say "Done") and you can then go to component services and update your DCOM permissions for RuntimeBroker if you like.

    What permissions for runtimebroker would you change?
      My ComputersSystem Spec

  10.    20 Apr 2016 #80

    Hi,

    What permissions for runtimebroker would you change?
    In dcomcnfg it's the "Launch and Activation" permissions that need to be changed for whatever user the Eventlog is claiming is missing.
    If that particular user is not listed you'll need to add it first. Can be yourself, system or whatever inbuilt account Eventviewer is listing.

    The basic operation is invariably the same, whether Runtimebroker or Immersiveshell, whatever.

    Cheers,
      My ComputerSystem Spec


 
Page 8 of 27 FirstFirst ... 67891018 ... LastLast

Related Threads
Event 10016, DistributedCOM in Performance & Maintenance
Since upgrading to Windows 10, my error log is flooded with this message. Over 520 incidents in the past week. The instructions provided for that error in Windows 8 do not work with 10, since it is impossible to grant full permission to the...
Weird event viewer errors in Performance & Maintenance
Hello, Event Viewer is showing the following errors: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. The User...
This appears to be a general issue with windows 10, I always get the following errors on shutdown: The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000...
Worried about event viewer errors in Performance & Maintenance
hi guys managed to install windows 10 and everything seems to be working great. I looked in event viewer and I'm getting loads of errors, the same over and over. one is that keeps coming up is kernel-power event id 137 The system...
ESENT errors in my Event Log in BSOD Crashes and Debugging
On Windows 10 Pro x64 I am getting quite a few ESSENT errors in my Event Log after I start up W10. I see Event ID's 413, 455, 488, and 489. If these are indicative of a problem does anyone know the fix? Thanks
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 05:08.
Find Us