Windows 10 Event ID 10010 and 10016 Errors With DistributedCOM

Page 2 of 40 FirstFirst 123412 ... LastLast

  1. Posts : 14
    Win 10 64-bit
       #11

    glnz said:
    Sorry, Vaio 7's suggestions above did not work for me for 10016. In DCOM, the entries on the Security Tab remained greyed out, even after the regedit changes. I even tried in Win 10's Safe Mode - same thing.
    Also, "HKEYLocalMachine\Appid" isn't a complete guide. There's another level in between.
    Still looking for an answer to this. Thanks.
    Same here, I followed the steps and the DCOM security tab options are grayed out.

    I tried to restore my registry back but it is not letting me because I changed the permissions for the two entries to Administrator and Admin does not have full permissions.

    Is there any way for me to revert back or restore my registry?

    Thanks,

    Rick
      My Computer


  2. Posts : 5,478
    2004
       #12

    C5Longhorn said:
    Same here, I followed the steps and the DCOM security tab options are grayed out.

    I tried to restore my registry back but it is not letting me because I changed the permissions for the two entries to Administrator and Admin does not have full permissions.

    Is there any way for me to revert back or restore my registry?

    Thanks,

    Rick
    You had to change the ownership to Administrators (with an s) not Administrator (which is the built in administrator account and not the same thing).

    This powershell script will take ownership of the 2 keys for the 10016 RuntimeBroker error, grant authority to Administrators group and then change the ownership back to TrustedInstaller (which it what it should be).

    To do this open an elevated powershell window (right click and run as administrator). Then copy everything in the box below, paste it into the powershell window and press enter.

    You can select everything in the box by triple clicking, then ctrl + C to copy and ctrl + V to paste.
    Code:
    function enable-privilege
    {	param(
    	## The privilege to adjust. This set is taken from http://msdn.microsoft.com/en-us/library/bb530716(VS.85).aspx
     	[ValidateSet(
    	"SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege", "SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege",
    	"SeCreatePagefilePrivilege", "SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege",
    	"SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege",
    	"SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege", "SeLockMemoryPrivilege",
    	"SeMachineAccountPrivilege", "SeManageVolumePrivilege", "SeProfileSingleProcessPrivilege", "SeRelabelPrivilege",
    	"SeRemoteShutdownPrivilege", "SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege",
    	"SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege", "SeTakeOwnershipPrivilege", "SeTcbPrivilege",
    	"SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege", "SeUndockPrivilege", "SeUnsolicitedInputPrivilege")]
    	$Privilege,
    	## The process on which to adjust the privilege. Defaults to the current process.
    	$ProcessId = $pid,
    	## Switch to disable the privilege, rather than enable it.
    	[Switch] $Disable
    	)
    	## Taken from P/Invoke.NET with minor adjustments.
     $definition = @'
     using System;
     using System.Runtime.InteropServices;
      
     public class AdjPriv
     {
      [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
      internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
       ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
      
      [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
      internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
      [DllImport("advapi32.dll", SetLastError = true)]
      internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
      [StructLayout(LayoutKind.Sequential, Pack = 1)]
      internal struct TokPriv1Luid
      {
       public int Count;
       public long Luid;
       public int Attr;
      }
      
      internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
      internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
      internal const int TOKEN_QUERY = 0x00000008;
      internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
      public static bool EnablePrivilege(long processHandle, string privilege, bool disable)
      {
       bool retVal;
       TokPriv1Luid tp;
       IntPtr hproc = new IntPtr(processHandle);
       IntPtr htok = IntPtr.Zero;
       retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
       tp.Count = 1;
       tp.Luid = 0;
       if(disable)
       {
        tp.Attr = SE_PRIVILEGE_DISABLED;
       }
       else
       {
        tp.Attr = SE_PRIVILEGE_ENABLED;
       }
       retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
       retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
       return retVal;
      }
     }
    '@
     $processHandle = (Get-Process -id $ProcessId).Handle
     $type = Add-Type $definition -PassThru
     $type[0]::EnablePrivilege($processHandle, $Privilege, $Disable)
    }
    #------------------------------------------------------------------------------------------------------------------------------------------------------
    function Takeown-Registry($key) 
    {	switch ($key.split('\')[0])
    	{	"HKEY_CLASSES_ROOT" 
    		{	$reg = [Microsoft.Win32.Registry]::ClassesRoot
    			$key = $key.substring(18)
    		}
            "HKEY_CURRENT_USER"
    		{	$reg = [Microsoft.Win32.Registry]::CurrentUser
    			$key = $key.substring(18)
    		}
    		"HKEY_LOCAL_MACHINE"
    		{	$reg = [Microsoft.Win32.Registry]::LocalMachine
    			$key = $key.substring(19)
    		}
    	}
    
    	# take ownership
    	$key = $reg.OpenSubKey($key, "ReadWriteSubTree", "TakeOwnership")
    	$owner = [Security.Principal.NTAccount]"Administrators"
    	$acl = $key.GetAccessControl()
    	$acl.SetOwner($owner)
    	$key.SetAccessControl($acl)
    
    	# set FullControl
    	$acl = $key.GetAccessControl()
    	$rule = New-Object System.Security.AccessControl.RegistryAccessRule("Administrators", "FullControl", "Allow")
    	$acl.SetAccessRule($rule)
    	$key.SetAccessControl($acl)
    	
    	# reset owner
    	$owner = [Security.Principal.NTAccount]"NT SERVICE\TrustedInstaller"
    	$acl = $key.GetAccessControl()
    	$acl.SetOwner($owner)
    	$key.SetAccessControl($acl)
    }
    #------------------------------------------------------------------------------------------------------------------------------------------------------
    # Grant authority to registry key
    
    Write-Host; Write-Host "Elevating privileges for this process" -f yellow; Write-Host
    
    do {$result = enable-privilege SeTakeOwnershipPrivilege } 
    until ($result -eq $true)
    do {$result = enable-privilege SeRestorePrivilege } 
    until ($result -eq $true)
    
    $key="HKEY_CLASSES_ROOT\AppID\{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}"
    Write-Host "Granting authority to $key"
    Takeown-Registry($key)
    
    $key="HKEY_CLASSES_ROOT\CLSID\{D63B10C5-BB46-4990-A94F-E40B9D520160}"
    Write-Host "Granting authority to $key"
    Takeown-Registry($key)
    
    Write-Host; Write-Host "Done"; Write-Host

    The result should look like this (it should say "Done") and you can then go to component services and update your DCOM permissions for RuntimeBroker if you like.

    Windows 10 Event ID 10010 and 10016 Errors With DistributedCOM-capture.png

    Note if you've changed some other keys then you'll have to edit the script or do it manually but the steps are the same - change owner to Administrators, grant authority to Administrators, change ownership back to TrustedInstaller. You can easily do it using the script above by running it and then when it has run change $key to whatever you want and run the Takeown-Registry function
    Code:
    $key="HKEY_CLASSES_ROOT\AppID\{<whatever>}"
    Takeown-Registry($key)
    Last edited by lx07; 05 Jan 2016 at 04:56. Reason: RuntimeBroker
      My Computer


  3. Posts : 2,832
    Windows 10 Pro X64
       #13

    Hi,

    Well done lx07.

    Cheers,
      My Computers


  4. Posts : 318
    Dual-boot Win 7 & 10, both Pro 64-bit, now with a Hyper-V VM of Win 11
       #14

    lx07 - wow!

    I wonder how many years I'd need to learn what you know.

    Questions: If there's anything "different" in my setup (Win 10 Pro 64-bit) that causes your program to stumble or fail, will your program exit gracefully and/or reverse what it had done before stumbling? If not, do I run risks?

    Many thanks.
      My Computer


  5. Posts : 5,478
    2004
       #15

    glnz said:
    lx07 - wow!

    I wonder how many years I'd need to learn what you know.

    Questions: If there's anything "different" in my setup (Win 10 Pro 64-bit) that causes your program to stumble or fail, will your program exit gracefully and/or reverse what it had done before stumbling? If not, do I run risks?

    Many thanks.
    Most of the script is just for giving itself authority to make the change (which I copied from TechNet site).

    The script only changes the permissions on 2 registry keys so it will work or not. If you copy the whole script the only reasons I can think of it would fail would be if these keys didn't exist (which would indicate a bigger problem) or if you didn't paste it into an administrator powershell window.

    Even if it doesn't work you can always make the same changes manually - it is just easier to run a script than use the GUI (I think anyway).
      My Computer


  6. Posts : 318
    Dual-boot Win 7 & 10, both Pro 64-bit, now with a Hyper-V VM of Win 11
       #16

    lx07 - Because you are THE MAN, may I ask you the following --

    Vaio 7 also wrote:
    Now open Component Services, Computer, My computer, DCOM config and find ( from the Registry keys above) the Description, it should be Runtime Broker, at least it was for me, if it's other then do it for the exact Component service, right click then Properties then Security tab, then open the Launch and Activation permissions Edit button and depending on the Event Viewer description if it's Local Service or System, click Add, add one of the two and enable the box " Local Activation".

    Because my Edit button was greyed out, I never got to see what came next - the text I bolded above. And Vaio 7 takes shortcuts with his descriptions. Do you think his description is correct and doesn't skip something important? Is there anything else?

    Thanks again.
      My Computer


  7. Posts : 14
    Win 10 64-bit
       #17

    lx07,

    Thank you for the help. It looks like that solved the issue. One question, should I go back into RegEdit and set the permission owner for the keys generating the error back to TrustedInstaller?

    EDIT: It looks like the script automatically updates the permission owner back to TrustedInstaller

    Rick
    Last edited by C5Longhorn; 05 Jan 2016 at 09:02. Reason: update info
      My Computer


  8. Posts : 5,478
    2004
       #18

    C5Longhorn said:
    lx07,

    Thank you for the help. It looks like that solved the issue. One question, should I go back into RegEdit and set the permission owner for the keys generating the error back to TrustedInstaller?

    Rick
    No need. The script already did it.

    If you look in this bit (don't worry you don't need to know powershell just look at the bits in red) you see it changes ownership to Administrators group, grants authority to Administrators group and then changes the owner to TrustedInstaller.
    Code:
    	# take ownership
    	$key = $reg.OpenSubKey($key, "ReadWriteSubTree", "TakeOwnership")
    	$owner = [Security.Principal.NTAccount]"Administrators"
    	$acl = $key.GetAccessControl()
    	$acl.SetOwner($owner)
    	$key.SetAccessControl($acl)
    
    	# set FullControl
    	$acl = $key.GetAccessControl()
    	$rule = New-Object System.Security.AccessControl.RegistryAccessRule("Administrators", "FullControl", "Allow")
    	$acl.SetAccessRule($rule)
    	$key.SetAccessControl($acl)
    	
    	# reset owner
    	$owner = [Security.Principal.NTAccount]"NT SERVICE\TrustedInstaller"
    	$acl = $key.GetAccessControl()
    	$acl.SetOwner($owner)
    	$key.SetAccessControl($acl)


    All should be done.. Now the ownership is correct but members of the Administrators group have permissions to change DCOM permissions for RuntimeBroker. This means you can go into DCOM and add the permissions you want.

    glnz said:
    open the Launch and Activation permissions Edit button and depending on the Event Viewer description if it's Local Service or System, click Add, add one of the two and enable the box " Local Activation".

    Because my Edit button was greyed out, I never got to see what came next - the text I bolded above. And Vaio 7 takes shortcuts with his descriptions. Do you think his description is correct and doesn't skip something important? Is there anything else?
    Yes their instructions were correct.

    Runing the script takes care of all the regedit part (which can be confusing to explain) and then it should no longer be greyed out in DCOM.

    Then if your event viewer said "User Local Service had a problem..." or "User System had a problem..." you can add whichever one it reported as an error. I added both (with local launch and activation permissions) as in this picture.

    Windows 10 Event ID 10010 and 10016 Errors With DistributedCOM-authorities.png

    @f14tomcat and @fdegrove posted links to more detailed descriptions earlier in this thread if this isn't clear.

    I'd write a script to do the DCOM changes as well as regedit but unfortunately I don't know how yet...


    Best of luck :)
    Last edited by lx07; 05 Jan 2016 at 09:41.
      My Computer


  9. Posts : 5
    Windows 10 64-bit Home
       #19

    Hello guys
    Tried to resolve this on-going error 10016 with Runtime Broker for quite some time now. I tried to do it manually through Registry and I also run this excellent script written by lx07 (run it successfully). Everything is good up to this point (see attached screen shot)


    Now I also get this message when I click on 'Access Permissions'. I didn't dare to click 'remove' though. But when I click on 'cancel' everything is grey out so I can't do anything. Any ideas, please?
    BTW - great forum!
    Attached Thumbnails Attached Thumbnails Windows 10 Event ID 10010 and 10016 Errors With DistributedCOM-runtimebroker-properties.png  
      My Computer


  10. Posts : 95
    W7 x64 & W10 Pro x64 (Dual boot)
       #20

    Jackk3 said:
    Hello guys
    Tried to resolve this on-going error 10016 with Runtime Broker for quite some time now. I tried to do it manually through Registry and I also run this excellent script written by lx07 (run it successfully). Everything is good up to this point (see attached screen shot)


    Now I also get this message when I click on 'Access Permissions'. I didn't dare to click 'remove' though. But when I click on 'cancel' everything is grey out so I can't do anything. Any ideas, please?
    BTW - great forum!
    Hi,

    Click on "Remove", then continue with this:



    then OK, then "Apply", and OK.
    Reboot.
    Enjoy!
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 20:39.
Find Us




Windows 10 Forums