Event ID 10016 Source DCOM
| Event ID | 10016 |
| Source | DCOM |
| Type | Error |
| Description | The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {<CLSID>} to the user <user> SID (<SID>). This security permission can be modified using the Component Services administrative tool. |
| English, please! | This information is only available to subscribers. An example of English, please! |
| Concepts to understand |
What is COM? What is DCOM? |
| Comments |
Gordon Pegue
(Last update 7/23/2009): In my case, I received this error on a target machine when I attempted to run the Group Policy Results Wizard in the GPMC against the target machine from an admin machine within the same domain. The CLSID was {8BC3F05E-D86B-11D0-A075-00C04FB68820}, which is the WMI service. W2K3 SP2 DC and XP SP3 clients. Making sure that TCP port 135 was open on both the target and the admin machine as well as allowing the "Remote Admin Exception" for both profiles by means of a domain-based GPO solved the issue. For more info, refer to T782615. Anonymous (Last update 6/2/2009): In regards to this problem, I found the post on "Mike H. - Another Geek In Need" blog quite useful. See the link in the "Links" section. Nick Whittome (Last update 4/6/2008): I had this issue similar with "Anonymous (Last update 10/30/2006)". However, in my case, I simply set the component security to "Default" and the problem was solved. Bronson Magnan (Last update 1/30/2008): To correct this error do the following: 1. Open Component Services, go to Computers -> My Computers -> DCOM Config. 2. Expand DCOM config until you get down to the CLSID, they appear after the named items. 3. Right click the CLSID, check the launch parameters; they will probably be set to custom and not containing any accounts. 4. Use the SID in the event log item, run it against PsGetSid, to get which account is needed. 5. Put that account in and configure the necessary requested launch permissions. PsGetSid is part of a growing kit of command-line tools that aid in the administration of local and remote Windows NT/2K systems named PsTools. See the link below for more details. Umair Jawed (Last update 1/14/2008): See the link to "SharePoint 2007 Server Issues Revisited" for information on this problem. Why bother deciphering Event logs when GFI EventsManager can do everything for you? Free trial here! Ionut Marin (Last update 10/1/2007): As per MSW2KDB, a program, the Clsid displayed in the message, tried to start the DCOM server by using the DCOM infrastructure. Based on the security ID (SID), this user does not have the necessary permissions to start the DCOM server. See M899965, "Citrix Support Document ID: CTX107191", "Citrix Support Document ID: CTX108443", and "Trend Micro Support Solution ID: 26456" for additional information on fixing this problem. From a newsgroup post: "Windows XP SP2 and Windows 2003 SP2 introduced a machine-wide AccessCheck call that must succeed in addition to other specific access checks. You can modify the settings of this machine-wide AccessCheck by using Component Services. Right-click on My Computer -> Properties, and click on the COM Security tab. Also, have a look at the document "Changes to Functionality in Microsoft Windows XP Service Pack 2 - Network Protection Technologies", in the section marked "DCOM Security Enhancements". This may be helpful to you". Mihai Andrei (Last update 6/17/2007): Windows XP Service Pack 2 changes some security settings to increase security for your system. One of these increased settings interacts with the way MCMS works in a way that it prevents a COM component from being activated. See the link to "MCMS Complete FAQ" for a solution to this problem. The problem is caused by a mismatch of files that occurs when you install Microsoft Internet Information Services. This problem occurs if you install IIS from an installation point that is not running Windows Server 2003 SP1. See M908181 for details on this issue. See M817065, M913119, M913666, M919090, M919592, M920720, M922354, M930461, M931355 and M937534 for additional information about this event. Jimbo (Last update 3/10/2007): In my case, I had the same CLSID as Linda. Here is the additional information she omitted that is needed to correct the problem: In Component Manager, under DCOM config, go to netman, browse to the Security Tab, edit the Launch and Activation Permissions and make the necessary changes. In this case, NETWORK SERVICE needs to be added with Local Launch and Local Activation permissions. Anonymous (Last update 10/30/2006): In my case, I received this event on a W2K3 server with SharePoint 3.0. The CLSID was {61738644-F196-11D0-9953-00C04FD919C1} and the user account WSS_ADMIN_WPG. Changing the security settings for this user account in the Component services "IIS WAMREG admin Service" to allow Remote Start and Remote Activate, fixed the problem for me. Anonymous (Last update 1/20/2006): In my case, I received this event on a W2K3 server with Citrix PS4. The CLSID was CLSID{49BD2028-1523-11D1-AD79-00C04FD8FDFF} = "Microsoft WBEM Unsecured Apartment" and the user account was Ctx_SmaUser. Changing the security settings for this user account in the Component services "Microsoft WBEM Unsecured Apartment" to allow Remote Start and Remote Activate, fixed it for me. Linda (Last update 7/4/2005): We had this problem after installing Win2k3 SP1. The link to “forums.techarena.in - Win2k3 SP1 Install” was exactly our problem but just ticking Remote Launch and Remote Activation did not fix the problem. Ticking Local Launch and Local Activation did fix the problem. Anonymous (Last update 4/19/2005): See the link to "forums.techarena.in - Win2k3 SP1 Install" for information on this event from a newsgroup post. Anonymous (Last update 4/7/2005): See M895200 for a hotfix applicable to Microsoft Windows XP. Olexandr A. Bilyk (Last update 4/1/2005): M555099 has information on this event. Why bother deciphering Event logs when GFI EventsManager can do everything for you? Free trial here! Paul Carter (Last update 2/26/2005): I received this event when attempting to access the Administration web page for Virtual Server 2005. This happened after changing the guest OS from Windows XP SP1 to Windows XP SP2. The increased security of SP2 had stopped me from accessing the admin page. M891609 has detailed information on the issue but their suggested fix did not solve the issue. Setting to “Use Default” as mentioned by contributor PaulD did the trick. PaulD (Last update 10/14/2004): 1. Open the registry and go to "HKEY_CLASSES_ROOT\CLSID\{<CLSID in the event message>} to find out friendly name of this component. In my case, this is "Machine Debug Manager” (CLSID: 0C0A3666-30C9-11D0-8F20-00805F2CD064). 2. Go to Component Services via Start -> Control Panel -> Administrative Tools -> Components Services. Expand the Component Services branch then expand "Computers", "My Computer", and "DCOM Config". Right-click on "Machine Debug Manager" (or whatever your CLSID represents) and choose Properties. Click on the Security tab and under “Launch and Activation Permissions” select "Use Default". Click OK, close the Component Services window. The error should disappear now. |
| Links | M555099, M817065, M891609, M895200, M899965, M908181, M913119, M913666, M919090, M919592, M920720, M922354, M930461, M931355, M937534, forums.techarena.in - Win2k3 SP1 Install, Citrix Support Document ID: CTX107191, Citrix Support Document ID: CTX108443, Trend Micro Support Solution ID: 26456, MCMS Complete FAQ, Changes to Functionality in Microsoft Windows XP Service Pack 2 - Network Protection Technologies, SharePoint 2007 Server Issues Revisited, PsTools, MSW2KDB, Mike H. - Another Geek In Need, T782615 |
| Search | Google Web - Microsoft Support - Bing - EventID.Net Queue - More links... |
| Custom search | The custom search information is available to subscribers only. |
| Feedback | Send comments - Notify me when updated |
| Print version |