Event ID 10016 - DistributedCOM

Event ID 10016 - DistributedCOM

Regedit32

Moderator
Joined
Mar 4, 2016
Messages
3,617
Reaction score
1,139
Regedit32 submitted a new article:

Event ID 10016 - DistributedCOM - How to resolve this error recorded in System log of Event Viewer

Recently Event ID 10016 - DistributedCOM has become a topic of interest on our forum, but also on other forums.

At first glance it seems this is some new issue for the Windows 10 user, but in reality this particular event is quite common and has from time to time been logged on most users computers running a Windows OS regardless of version they have.

Generally, Windows manages quite well and this error is nothing too much to concern oneself with, however, for those running a Server or...

Read more about this article...
 

Trouble

Noob Whisperer
Moderator
Joined
Nov 19, 2013
Messages
13,411
Reaction score
2,319
Followed the article step by step..... easy as pie.
Thanks for the very helpful and concise information.
Much appreciated.
 

Regedit32

Moderator
Joined
Mar 4, 2016
Messages
3,617
Reaction score
1,139
Thanks Trouble.

I've just edited the article as I noticed I did make one small mistake when I mentioned click View > List.

While that is fine, I actually meant to say View > Detail as this provides not only the list of DistributedCOM components but also a second column which shows their AppID too.
 

Trouble

Noob Whisperer
Moderator
Joined
Nov 19, 2013
Messages
13,411
Reaction score
2,319
I either ....
Didn't notice, figured it out on my own or actually performed the task after your edit.
In either case, it worked as advertised so..... I'm happy.
 
Joined
Sep 18, 2016
Messages
9
Reaction score
0
I did everything as in this article and now when I click for example the "Playback devices" on the taskbar's volume icon, UAC shows up (rundll32). How can this be repaired?
 

Regedit32

Moderator
Joined
Mar 4, 2016
Messages
3,617
Reaction score
1,139
Hi Majestic,

Welcome to the Forum.

If you mean you are receiving an error message that reads 'Windows cannot access the specified device, path or file. You may not have appropriate permissions to access the item.' and this is pointing to C:\WINDOWS\System32\rundll32.exe then can you please do the following and report back your result.
  • Right-click on Start
  • Left-click on Command Prompt
  • In the Command Prompt window type or copy & paste the following command:

    Code:
    reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA

    Press Enter key to execute

    Sample Image

    Untitled.png


    Please let me know your result: Above sample shows result is 0x1

If you mean something else then please clearly state what error message you are seeing.

Also, can you tell me which CLSID and AppID you modified permissions on and which DistributedCOM you modified and what modification you made precisely.

Regards,

Regedit32
 
Joined
Sep 18, 2016
Messages
9
Reaction score
0
If you mean you are receiving an error message that reads 'Windows cannot access the specified device, path or file. You may not have appropriate permissions to access the item.' and this is pointing to C:\WINDOWS\System32\rundll32.exe then can you please do the following and report back your result.
Hi Regedit32, thanks for the welcome :D

I meant an UAC (User Account Control) confirmation that shows up when you run an app with admin privileges. It looks like this (I can access the soundcard options but it's annoying):

screenshot.png


I modified the same CLSID and AppID as in the article and restored permissions in the end. This problem started even before rebooting or restarting services and it's still there after reboot.
 

Regedit32

Moderator
Joined
Mar 4, 2016
Messages
3,617
Reaction score
1,139
Hi again,

The DistributedCOM you modified along with its associated CLSID and AppID has nothing to do with the User Account Control alerts, so it is entirely coincidental that after doing this you are seeing this alert when attempting to run Applications with Administrator privileges.

If you do not wish to see this alert you need to adjust the User Account Control Settings:
  • Right-click on Start
  • Left-click on Control Panel
  • When the Control Panel opens in the upper right region of window make sure View by: Category is selected.
  • Left-click System and Security
  • Left-click Change User Account Control settings (located at top of window)

    This will open a new window with a slider. Adjust down to the level you wish to stop that alert appearing.

Regards,

Regedit32
 
Joined
Sep 18, 2016
Messages
9
Reaction score
0
That's not it because I have the default UAC level. I think that even with the highest UAC level rundll32.exe doesn't show an UAC window. I noticed that I get this prompt also when accessing mouse, keyboard and few more settings in control panel.
There's something interesting about this file in the system32 folder. It has that little UAC icon (so it opens with the UAC prompt) and every other Win 10 PC I have shows the normal icon (there is no UAC prompt when I open it). Even after deleting the file and copying it directly from the another PC (retaining its permissions etc.), the rundll32 suddenly has this UAC icon...The same file in the backup WinSxS folder can be opened without UAC but when it's copied to the system32 it changes immediately. It looks like rundll32.exe file in system32 folder doesn't have the flag "run as admin without the need for UAC elevation prompt" anymore. Because of the security reasons we don't know how this flags or something else works so I think it's difficult problem to solve...
 

Regedit32

Moderator
Joined
Mar 4, 2016
Messages
3,617
Reaction score
1,139
Well there is a rundll32.exe virus out there in the great wide world of internetting.

Perhaps you ought to press windows key and R then enter MRT into the run dialog and click OK then run a full scan
 
Joined
Sep 18, 2016
Messages
9
Reaction score
0
It didn't find anything. I'll wait for the next Windows update, maybe it will fix the rundll32 file. Ironically, now I have much more ID 10016 errors in the Event Viewer because apps can't access the rundll32 file :D
 

Regedit32

Moderator
Joined
Mar 4, 2016
Messages
3,617
Reaction score
1,139
When you modified your DistributedCOM was it one of the two Rundll32.3xe components?

I'm sure you said you just modified the same one as in my article but just in case I better ask as it would be relatively easy to reset permissions on either of the Rundll32.exe DistributedCOM components.
 
Joined
Sep 18, 2016
Messages
9
Reaction score
0
Sorry I meant the ID 10001 errors like this:
Unable to start a DCOM server: {9AA46009-3CE0-458A-A354-715610A075E6} as Unavailable/Unavailable. The error:
740
Happened while starting this command:
C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
As I said I didn't modify anything related to the rundll32.exe but I noticed something in the Event Viewer just because of your post :D The error I quoted above started appearing on 14th September and the only thing that was installed that day was the windows cumulative update (KB3189866) and some other Office updates. So this problem may be connected with the Windows update, not this article. I just haven't used the Control Panel or sound settings for a few days.

So can my problem be solved based of the error I posted?
 

Regedit32

Moderator
Joined
Mar 4, 2016
Messages
3,617
Reaction score
1,139
That's your Sync Integration Manager which is part of the Local Server.

I would not recommend messing with that via DistributedCOM, but it would be worth running a Windows Update Troubleshooter, and possibly a System File Check [ SFC /SCANNOW ] via Administrator: Command Prompt.

You'll find the Windows Update troubleshoot tool here:

Control Panel\All Control Panel Items\Troubleshooting\All Categories

Or just type troubleshooting into the Search box, press Enter key then in left pane select View all
 
Joined
Sep 24, 2016
Messages
1
Reaction score
0
I prefer to make the changes via RE. Please post instructions, as you offered.

Thanks

"Note:
If you'd prefer to manually take ownership via the Registry Editor, but are not sure how, just ask in the Discussion section of this article and I'll post instructions on how to do this."
 

Regedit32

Moderator
Joined
Mar 4, 2016
Messages
3,617
Reaction score
1,139
Hi PoonCha,

Welcome to the Forum.

I'll use the CLSID and AppID mentioned in article to demonstrate how to take ownership using the Registry Editor.
  • Right-click on Start
  • Left-click on Run
  • When the User Account Control appears click Yes
  • The Registry Editor window will now open.

    In the left pane click and expand to this location:
HKEY_CLASSES_ROOT
— CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
  • In left pane you need to right-click on the key {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and select Permissions

    This will open the following window:

    Untitled.png


    Click the Advanced button which will take you to the following window:

    Untitled2.png


    On this window you see the Owner is currently SYSTEM

    Click the hyperlinked Change to the right of SYSTEM which will open this window:

    Untitled3.png


    Type Administrators into the empty field, then click Check Names button.

    A username belonging to the Administrators Group will appear. Click OK

    Sample Images

    Untitled4.png


    This will return you to previous window, where you see the Owner has changed. Just beneath the Owner will be an empty box. Check this box and click OK

    Sample Image

    Untitled5.png


    This brings you back to the original window:

    Untitled6.png


    Click OK

    Ownership of this CLSID key {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} is now changed.

  • The AppID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    was the other entry in article we wanted to take ownership of. To find it in the left pane of Regeistry Editor we expand the keys to this location:

HKEY_LOCAL_MACHINE
— SOFTWARE
— Classes
— AppID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
  • Now simple repeat the previous steps to take ownership of this key.

Later if you wish to change the ownership back to original owner then in this window:

Untitled3.png


If the original owner was SYSTEM then simply type system into the empty field and click Check Names, then click OK. Then click OK on the next window, and click OK on the next.

If the original owner was TrustedInstaller then simply type nt authority\TrustedInstaller and click Check Names, then click OK. Then click OK on next window, and click OK on the next.

Regards,

Regedit32





 
Joined
Oct 13, 2016
Messages
6
Reaction score
0
Hi there,
first of all: thanks for your effort. This is a nice and detailed Discription.
I´m fighting against that Distributed COM Error quite a few days and i´m not managed to fix it yet.
The System is running very instable and i have a crash during games everytime the error Message appears in the windows logfile.
I tried to go along your discription, but when it comes to the 4th command line, i get an error Message and i cant go on to step 4 and change the distributetcom component. I tried to take ownership of the 2 reg entries via the regedit (mentioned somewhere above in the discussion), but it wont help either.
Any Ideas left?
P.S. the AppID and CLSID are exactly the same (my eventlog error message and your axample)
Thanks in advance.

upload_2016-10-13_22-47-29.png
 

Regedit32

Moderator
Joined
Mar 4, 2016
Messages
3,617
Reaction score
1,139
Hi Musicman78,

Welcome to the Forum.

If access is denied this suggests the object's original owner has restricted all inherited ACE's and set an ACL which restricts access even to the Administrators.

Are you the only user on this computer? Or does someone else have Administrative access too?

Regedit32
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top