Sunday, July 3, 2011

DistributedCOM Event ID: 10016 error logged on Windows Server 2008

Taking a look at the System logs on the server shows the following:

image

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

and APPID

{B292921D-AF50-400C-9B75-0C57A7F29BA1}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

image

Since I've come across similar errors such as these in the past with SharePoint deployments, I began the troubleshooting by trying to figure out exactly which DCOM object this CLSID and APPID belonged to.  To do this, copy either of the identifiers (CLSID or APPID) because they reference the same object, open up the registry editor with (regedit), then do a search for the string:

image

image

Once the find completes, you'll be at the location: Computer\HKEY_CLASSES_ROOT\Wow6432Node\CLSID\<identifier>

Notice how the left window pane has the CLSID and the right window pane has the APPID listed?  As the window shows, this is actually the DCOM object: Quarantine Private SHA Binding class

image

What's special about this DCOM object is that you won't find it listed when you open up Component Services from the Administrative Tools under the DCOM Config folder:

image

To find the DCOM object that maps to Quarantine Private SHA Binding class, you need to take the APPID unique identifier from the registry and map it to the APPID in Component Services' DCOM Config folder.  As shown in the screenshot above, the DCOM object is actually named NAP Agent Service under Component Services:

image

Unfortunately, there isn't much you can do if you open up the properties of the DCOM object as all the settings are grayed out:

image

After some research on this, the fix is to change the service's startup property to Automatic instead of Manual.

image

image

So why does this happen?  While there are various reasons that can cause this, it's usually because you have some other application that relies on this service and hence causes this error to be thrown when that application makes an attempt to launch this object (in our case, an application was trying to launch this object during startup). 

Original post: http://terenceluk.blogspot.com/2011/01/distributedcom-event-id-10016-error.html




No comments: