Event Error ID 10016 in Event Viewer...


  1. Posts : 14
    Microsoft Windows 10 Home 64-bit 10586 Multiprocessor Free
       #1

    Event Error ID 10016 in Event Viewer...


    Windows 10 Home 64 bit
    ASUS X540LA Notebook

    What is going on here and what is the best for dealing with this? The AppID seems to be designating RuntimeBroker, but I have done everything so far to correct this error. What am I missing?



    Log Name: System
    Source: Microsoft-Windows-DistributedCOM
    Date: 7/4/2016 7:05:24 PM
    Event ID: 10016
    Task Category: None
    Level: Error
    Keywords: Classic
    User: SYSTEM
    Computer: DESKTOP-EOB6C9K
    Description:
    The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
    <EventID Qualifiers="0">10016</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2016-07-04T23:05:24.628795900Z" />
    <EventRecordID>2569</EventRecordID>
    <Correlation />
    <Execution ProcessID="444" ThreadID="1908" />
    <Channel>System</Channel>
    <Computer>DESKTOP-EOB6C9K</Computer>
    <Security UserID="S-1-5-18" />
    </System>
    <EventData>
    <Data Name="param1">application-specific</Data>
    <Data Name="param2">Local</Data>
    <Data Name="param3">Activation</Data>
    <Data Name="param4">{D63B10C5-BB46-4990-A94F-E40B9D520160}</Data>
    <Data Name="param5">{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}</Data>
    <Data Name="param6">NT AUTHORITY</Data>
    <Data Name="param7">SYSTEM</Data>
    <Data Name="param8">S-1-5-18</Data>
    <Data Name="param9">LocalHost (Using LRPC)</Data>
    <Data Name="param10">Unavailable</Data>
    <Data Name="param11">Unavailable</Data>
    </EventData>
    </Event>
      My Computer


  2. Posts : 7,871
    Windows 11 Pro 64 bit
       #2

    There are fixes on the forum if you search for this error. The solution involves changing permissions and editing the registry and should only be attempted if you are sure of what you are doing.

    See:
    Windows 10 Event ID 10010 and 10016 Errors With DistributedCOM
    http://www.eightforums.com/performan...ro-64-bit.html
      My Computers


  3. Posts : 14
    Microsoft Windows 10 Home 64-bit 10586 Multiprocessor Free
    Thread Starter
       #3

    Finally, the error is corrected. I followed the steps in the following post...

    lx07 said:
    You had to change the ownership to Administrators (with an s) not Administrator (which is the built in administrator account and not the same thing).

    This powershell script will take ownership of the 2 keys for the 10016 RuntimeBroker error, grant authority to Administrators group and then change the ownership back to TrustedInstaller (which it what it should be).

    To do this open an elevated powershell window (right click and run as administrator). Then copy everything in the box below, paste it into the powershell window and press enter.

    You can select everything in the box by triple clicking, then ctrl + C to copy and ctrl + V to paste.
    Code:
    function enable-privilege
    {    param(
        ## The privilege to adjust. This set is taken from http://msdn.microsoft.com/en-us/library/bb530716(VS.85).aspx
         [ValidateSet(
        "SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege", "SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege",
        "SeCreatePagefilePrivilege", "SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege",
        "SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege",
        "SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege", "SeLockMemoryPrivilege",
        "SeMachineAccountPrivilege", "SeManageVolumePrivilege", "SeProfileSingleProcessPrivilege", "SeRelabelPrivilege",
        "SeRemoteShutdownPrivilege", "SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege",
        "SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege", "SeTakeOwnershipPrivilege", "SeTcbPrivilege",
        "SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege", "SeUndockPrivilege", "SeUnsolicitedInputPrivilege")]
        $Privilege,
        ## The process on which to adjust the privilege. Defaults to the current process.
        $ProcessId = $pid,
        ## Switch to disable the privilege, rather than enable it.
        [Switch] $Disable
        )
        ## Taken from P/Invoke.NET with minor adjustments.
     $definition = @'
     using System;
     using System.Runtime.InteropServices;
      
     public class AdjPriv
     {
      [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
      internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
       ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
      
      [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
      internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
      [DllImport("advapi32.dll", SetLastError = true)]
      internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
      [StructLayout(LayoutKind.Sequential, Pack = 1)]
      internal struct TokPriv1Luid
      {
       public int Count;
       public long Luid;
       public int Attr;
      }
      
      internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
      internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
      internal const int TOKEN_QUERY = 0x00000008;
      internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
      public static bool EnablePrivilege(long processHandle, string privilege, bool disable)
      {
       bool retVal;
       TokPriv1Luid tp;
       IntPtr hproc = new IntPtr(processHandle);
       IntPtr htok = IntPtr.Zero;
       retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
       tp.Count = 1;
       tp.Luid = 0;
       if(disable)
       {
        tp.Attr = SE_PRIVILEGE_DISABLED;
       }
       else
       {
        tp.Attr = SE_PRIVILEGE_ENABLED;
       }
       retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
       retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
       return retVal;
      }
     }
    '@
     $processHandle = (Get-Process -id $ProcessId).Handle
     $type = Add-Type $definition -PassThru
     $type[0]::EnablePrivilege($processHandle, $Privilege, $Disable)
    }
    #------------------------------------------------------------------------------------------------------------------------------------------------------
    function Takeown-Registry($key) 
    {    switch ($key.split('\')[0])
        {    "HKEY_CLASSES_ROOT" 
            {    $reg = [Microsoft.Win32.Registry]::ClassesRoot
                $key = $key.substring(18)
            }
            "HKEY_CURRENT_USER"
            {    $reg = [Microsoft.Win32.Registry]::CurrentUser
                $key = $key.substring(18)
            }
            "HKEY_LOCAL_MACHINE"
            {    $reg = [Microsoft.Win32.Registry]::LocalMachine
                $key = $key.substring(19)
            }
        }
    
        # take ownership
        $key = $reg.OpenSubKey($key, "ReadWriteSubTree", "TakeOwnership")
        $owner = [Security.Principal.NTAccount]"Administrators"
        $acl = $key.GetAccessControl()
        $acl.SetOwner($owner)
        $key.SetAccessControl($acl)
    
        # set FullControl
        $acl = $key.GetAccessControl()
        $rule = New-Object System.Security.AccessControl.RegistryAccessRule("Administrators", "FullControl", "Allow")
        $acl.SetAccessRule($rule)
        $key.SetAccessControl($acl)
        
        # reset owner
        $owner = [Security.Principal.NTAccount]"NT SERVICE\TrustedInstaller"
        $acl = $key.GetAccessControl()
        $acl.SetOwner($owner)
        $key.SetAccessControl($acl)
    }
    #------------------------------------------------------------------------------------------------------------------------------------------------------
    # Grant authority to registry key
    
    Write-Host; Write-Host "Elevating privileges for this process" -f yellow; Write-Host
    
    do {$result = enable-privilege SeTakeOwnershipPrivilege } 
    until ($result -eq $true)
    do {$result = enable-privilege SeRestorePrivilege } 
    until ($result -eq $true)
    
    $key="HKEY_CLASSES_ROOT\AppID\{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}"
    Write-Host "Granting authority to $key"
    Takeown-Registry($key)
    
    $key="HKEY_CLASSES_ROOT\CLSID\{D63B10C5-BB46-4990-A94F-E40B9D520160}"
    Write-Host "Granting authority to $key"
    Takeown-Registry($key)
    
    Write-Host; Write-Host "Done"; Write-Host

    The result should look like this (it should say "Done") and you can then go to component services and update your DCOM permissions for RuntimeBroker if you like.

    Attachment 57135

    Note if you've changed some other keys then you'll have to edit the script or do it manually but the steps are the same - change owner to Administrators, grant authority to Administrators, change ownership back to TrustedInstaller. You can easily do it using the script above by running it and then when it has run change $key to whatever you want and run the Takeown-Registry function
    Code:
    $key="HKEY_CLASSES_ROOT\AppID\{<whatever>}"
    Takeown-Registry($key)
      My Computer


  4. Posts : 318
    Dual-boot Win 7 & 10, both Pro 64-bit, now with a Hyper-V VM of Win 11
       #4

    See the following post nearby for a new aspect and good help from fdegrove:
    Windows 10 Event ID 10010 and 10016 Errors With DistributedCOM
    Last edited by glnz; 01 Oct 2016 at 19:28.
      My Computer


  5. Posts : 56
    Windows 10 Pro x64
       #5

    Hi guys, if I have the same Event ID 10016 but different set of CLSID & APPID, can I run this powershell script? Thanks in advance...
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 10:22.
Find Us




Windows 10 Forums