Event ID 10016 - DistributedCOM

How to resolve this error recorded in System log of Event Viewer

  1. Regedit32

    Musicman78

    Joined:
    Oct 13, 2016
    Messages:
    6
    Likes Received:
    0
    yap....guess yes.

    upload_2016-10-15_0-35-59.png
     

    Attached Files:

    Musicman78, Oct 14, 2016
    #21
    1. Advertisements

  2. Regedit32

    Regedit32 Moderator

    Joined:
    Mar 4, 2016
    Messages:
    1,283
    Likes Received:
    234
    Sorry for the delay in updating things.

    I was trying to replicate your scenario to work out a resolution for you.

    Attached is a zipped folder named: Take or Restore Ownership Scripts.zip

    Inside this folder are two command scripts:
    1. TakeOwnership.cmd
    2. RestoreOwnership.cmd

    Download the zipped folder, then run a quick virus scan. Extract folder and when you are logged in with a username that belongs to the Administrative Group, right-click on the TakeOwnership.cmd script and select Run as administrator which ought to take ownership for you of the two keys I mentioned in the article.

    After that make the changes you need to make with the DCOMs, then when ready you can right-click on the RestoreOwnership.cmd script and select Run as administrator to restore ownership to defaults.

    Regards,

    Regedit32
     

    Attached Files:

    Regedit32, Oct 19, 2016
    #22
    1. Advertisements

  3. Regedit32

    Musicman78

    Joined:
    Oct 13, 2016
    Messages:
    6
    Likes Received:
    0
    Hi Regedit,

    wow. thanx for that fantastic support.
    This makes me feel a lil bad, because I formatted my system and reinstalled win10 sunday night. I tried different things on my own, but nothing worked.
    I wish i didnt, so i could try your "ownership.cmd", but i thought this was a problem which can´t be solved easily, so i decided in an act of impatience and frustration to clean all the mess up and start all over again.

    But in case I get this error again - i downloaded your file and am prepared...
    Once again thanks for your efforts and your support.

    Regards
     
    Musicman78, Oct 20, 2016
    #23
  4. Regedit32

    Dale Holden

    Joined:
    Oct 30, 2016
    Messages:
    14
    Likes Received:
    0
    Hi

    Firstly, can I say what a fantastic article and well laid out one of the best I have seen.

    I have a couple of questions and sorry if it is staring me in the face but I am struggling a little.

    In step 5 tidying up by setting files back to default owner, how do you know what user had ownership?

    My second is more of a problem as this is not fixing the issue I have the same CLSID and APPID Error even though I have set the permissions. See log here this keeps coming back even though I have set the permissions.

    See [​IMG]

    Also resetting permissions back does not work for this


    See here reg key in question

    [​IMG]
     
    Last edited: Oct 30, 2016
    Dale Holden, Oct 30, 2016
    #24
  5. Regedit32

    Dale Holden

    Joined:
    Oct 30, 2016
    Messages:
    14
    Likes Received:
    0
    I have also noticed i keep getting this error as well not sure if it is related?

    If it is not i can make a separate post if required.

    Log Name: System
    Source: Microsoft-Windows-DistributedCOM
    Date: 30/10/2016 11:54:11
    Event ID: 10010
    Task Category: None
    Level: Error
    Keywords: Classic
    User: DALE-PC1\Dale
    Computer: Dale-PC1
    Description:
    The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
    <EventID Qualifiers="0">10010</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2016-10-30T11:54:11.788175700Z" />
    <EventRecordID>18568</EventRecordID>
    <Correlation />
    <Execution ProcessID="8" ThreadID="9028" />
    <Channel>System</Channel>
    <Computer>Dale-PC1</Computer>
    <Security UserID="S-1-5-21-4124590474-3230443324-182549641-1022" />
    </System>
    <EventData>
    <Data Name="param1">{4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}</Data>
    </EventData>
    </Event>
     
    Dale Holden, Oct 30, 2016
    #25
  6. Regedit32

    Dale Holden

    Joined:
    Oct 30, 2016
    Messages:
    14
    Likes Received:
    0
    I am getting 7 Identical Instances all at once

    [​IMG]
     
    Dale Holden, Oct 30, 2016
    #26
  7. Regedit32

    Regedit32 Moderator

    Joined:
    Mar 4, 2016
    Messages:
    1,283
    Likes Received:
    234
    Hi Dale,

    Welcome to the Forum.

    I'll attempt to address your questions in the order asked, one post at a time as the answers while hopefully straightforward to follow, are not short.

    First, you were wondering how I knew what owned the Registry Key prior to taking ownership of it to perform the necessary editing of the DistributedCOM.

    There are a number of ways to do this, the easiest of which would be to open the Registry Editor and check permissions there first before changing ownership of the specific key.

    For example:
    • Press Windows key and R key together to open the Run dialog
    • In the Run dialog type regedit then click OK
    • When the User Account Control appears click Yes
    • You'll now see the Registry Editor window appear. In its left pane click and expand to the key you wish to take ownership of. For example if we go to the AppID from article we would expand like so:

    HKEY_LOCAL_MACHINE
    — SOFTWARE
    — Classes
    — AppID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    Now obviously there may be many other keys above the one we wish to change as can be seen in example image:

    Example.png


    Right-click on the key in the left pane and select Permissions to open this window:

    Example2.png

    Click the Advanced button in the window to view the following:

    Example3.png

    And now you can see in this example the owner is TrustedInstaller

    Now that is quite a lot of clicking and scrolling to locate the key you wish to identify owner of. A simpler way would be to do the following.
    • Right-click on Start
    • Left-click on Command Prompt (Admin)
    • When the User Account Control appears click Yes
    • Now in the Administrator: Command Prompt window type the following command:

      Code:
      setacl.exe -on "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F72671A9-012C-4725-9D2F-2A4D32D65169}" -ot reg -actn list
      Press Enter key to execute

      Sample image

      Example4.png

      You see the list command provides us the Owner which is in this example TrustedInstaller

      Obviously
      , you would change path and key name to the one you want information on, but the four commands otherwise remain the same:

      setacl.exe is needed first

      -on is the command for the object name in the above example that name is the key name: {F72671A9-012C-4725-9D2F-2A4D32D65169} but you must include the FULL PATH to the object name, and this should be enclosed inside speech marks "FULL PATH to object\Object Name"

      -ot
      is the command used to identify what the object type is. In this example the Object is a Registry key so its type is reg

      -actn
      is the command for what action to perform on the object. In this example we chose list which provides the permission details of the reg object {F72671A9-012C-4725-9D2F-2A4D32D65169}

    Finally, another giant clue is in the original Event Viewer error message:

    example5.png


    In the red boxes you see it tells you the CLSID which is attempting to access the AppID's DistrubtedCOM has a User named System and also NT Authority\SYSYEM

    The SID (S-1-5-18) is also a clue as this is unique to the SYSTEM and thus the owner must be SYSTEM for the CLSID key

    In the green box we see the container's SID is unavailable. This is a clue in that generally when you see this it will be owned by the TrustedInstaller.

    As this is the container SID we can also deduce this will be the owner for the AppID as the CLSID is attempting to access the DistributedCOM via its container.

    You have the setacl.exe command above to confirm the owner of the AppID key.

    Regards,

    Regedit32
     
    Regedit32, Nov 1, 2016
    #27
  8. Regedit32

    Regedit32 Moderator

    Joined:
    Mar 4, 2016
    Messages:
    1,283
    Likes Received:
    234
    For your second question you mention you are continuing to experience issues despite changing permissions for:
    • the CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    • and the AppID {316CDED5-E4AE-4B15-9113-7055D84DCC97}

    Now according to the error message the User DALE-PC1\Dale SID (S-1-5-21-4124590474-3230443324-182549641-1022) is unable to access Cortana via its DistrubtedCOM container (AppID {316CDED5-E4AE-4B15-9113-7055D84DCC97}) because Local Activation Permission has not been granted.

    Thus the steps to take are to take ownership of both the ClSID key and the AppID key and make the owner Dale with the SID mentioned above, then grant Dale full control.

    After doing that you can then open the DistributedCOM Configuration window where you will scroll down to location the Component the CLSID and AppID pointed to - in this case to save time its the Immersive Shell

    Sample image

    example6.png

    When you review the information for the AppID in the Registry you may have noticed its RunAS value is Interactive User meaning it ought to happily switch between any user on your System,be that you, the SYSTEM, or another person logged on. You'll need to ensure you set Local Activation Permissions for this Compoent for yourself and the Interactive Users if any.

    Finally, in this case both the AppID and the CLSID are owned by the TrustedInstaller

    In your text hyperlink
    you attempted to setowner for the CLSID key to SYSTEM:

    SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{C2F03A33-21F5-47FA-B4BB-156362A2F239}" -ot reg -actn setowner -ownr "n:SYSTEM"

    That needs to be the TrustedInstaller in this case! Thus when resetting owner at end you need to use command:

    Code:
    SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{C2F03A33-21F5-47FA-B4BB-156362A2F239}" -ot reg -actn setowner -ownr "n:NT SERVICE\TrustedInstaller"
    
    That may be why your error persists.

    If for some reason the CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} was owned by SYSTEM prior to you taking ownership of this registry key, then there lies your issue as this must belong to the TrustedInstaller in this instance because Cortana is an infused App for Windows 10.

    Regards,

    Regedit32
     
    Regedit32, Nov 1, 2016
    #28
  9. Regedit32

    Dale Holden

    Joined:
    Oct 30, 2016
    Messages:
    14
    Likes Received:
    0
    I get this back do you think it has the wrong owner?

    I have tried setting ownership as descirbed

    Microsoft Windows [Version 10.0.14393]
    (c) 2016 Microsoft Corporation. All rights reserved.

    C:\WINDOWS\system32>setacl.exe -on "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F72671A9-012C-4725-9D2F-2A4D32D65169}" -ot reg -actn list
    machine\SOFTWARE\Classes\AppID\{F72671A9-012C-4725-9D2F-2A4D32D65169}

    DACL(protected+auto_inherited):
    Administrators full allow container_inherit
    TrustedInstaller full allow no_inheritance
    TrustedInstaller full allow container_inherit+inherit_only
    SYSTEM read allow no_inheritance
    SYSTEM read allow container_inherit+inherit_only
    Users read allow no_inheritance
    Users read allow container_inherit+inherit_only
    ALL APPLICATION PACKAGES read allow no_inheritance
    ALL APPLICATION PACKAGES read allow container_inherit+inherit_only
    S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 read allow no_inheritance
    S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 read allow container_inherit+inherit_only


    SetACL finished successfully.

    C:\WINDOWS\system32>




    C:\WINDOWS\system32>setacl.exe -on "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2F03A33-21F5-47FA-B4BB-156362A2F239}" -ot reg -actn list
    machine\SOFTWARE\Classes\CLSID\{C2F03A33-21F5-47FA-B4BB-156362A2F239}

    DACL(protected+auto_inherited):
    Administrators full allow container_inherit
    TrustedInstaller full allow no_inheritance
    TrustedInstaller full allow container_inherit+inherit_only
    SYSTEM read allow no_inheritance
    SYSTEM read allow container_inherit+inherit_only
    Users read allow no_inheritance
    Users read allow container_inherit+inherit_only
    ALL APPLICATION PACKAGES read allow no_inheritance
    ALL APPLICATION PACKAGES read allow container_inherit+inherit_only
    S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 read allow no_inheritance
    S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 read allow container_inherit+inherit_only


    SetACL finished successfully.


     
    Last edited: Nov 1, 2016
    Dale Holden, Nov 1, 2016
    #29
  10. Regedit32

    Regedit32 Moderator

    Joined:
    Mar 4, 2016
    Messages:
    1,283
    Likes Received:
    234
    No that is correct.

    When you set the owner back to NT Authority\TrustedInstaller, that is the owner of the key's permissions.

    With this reset the DistributedCOM settings cannot be changed until you retake ownership of the key.

    However, the list command is displaying the Principals and their individual permissions.

    You added the Administrators to the Principal list with Full control and as its the latest addition it appears on top of list.You can still see the only other Principal with full control next in list; that being TrustedInstaller.

    If you opened Registry Editor and took a peek at Permissions > Advanced for this key you'll see its Owner is TrustedInstaller given you chose to reset ownership after modifying the component.
     
    Regedit32, Nov 1, 2016
    #30
  11. Regedit32

    Regedit32 Moderator

    Joined:
    Mar 4, 2016
    Messages:
    1,283
    Likes Received:
    234
    The thing to remember here is Cortana is a work in progress and as you receive updates things will more than likely be added to Cortana as Microsoft fine tune it. it is likely thus, the Registry keys associated with it will also be modified during updates, thus some of the changes you have made thus far, could be reset during a windows update.
     
    Regedit32, Nov 1, 2016
    #31
  12. Regedit32

    Dale Holden

    Joined:
    Oct 30, 2016
    Messages:
    14
    Likes Received:
    0


    How can i tell if everything is back as it should be ?

    With the correct owners ?

    I will monitor my Event Log to see if i get nay more errors.

    Very strange all day yesterday this error never showed so i thought it has sorted itself.

    But when i checked this morning it was back again
     
    Dale Holden, Nov 1, 2016
    #32
  13. Regedit32

    Regedit32 Moderator

    Joined:
    Mar 4, 2016
    Messages:
    1,283
    Likes Received:
    234
    You can check by opening Registry Editor and checking Permissions > Advanced as earlier explained, or by using that List with setacl.exe command to confirm the principals with full control.

    In your case it is correct based on your previous post.
     
    Regedit32, Nov 1, 2016
    #33
  14. Regedit32

    Dale Holden

    Joined:
    Oct 30, 2016
    Messages:
    14
    Likes Received:
    0
     
    Dale Holden, Nov 4, 2016
    #34
  15. Regedit32

    Dale Holden

    Joined:
    Oct 30, 2016
    Messages:
    14
    Likes Received:
    0
    HI Regedit32

    Been no errors for 2 days but today i have just got this

    Log Name: System
    Source: Microsoft-Windows-DistributedCOM
    Date: 04/11/2016 14:38:59
    Event ID: 10016
    Task Category: None
    Level: Error
    Keywords: Classic
    User: DALE-PC1\Dale
    Computer: Dale-PC1
    Description:
    The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {C2F03A33-21F5-47FA-B4BB-156362A2F239}
    and APPID
    {316CDED5-E4AE-4B15-9113-7055D84DCC97}
    to the user DALE-PC1\Dale SID (S-1-5-21-4124590474-3230443324-182549641-1022) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
    <EventID Qualifiers="0">10016</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2016-11-04T14:38:59.119180700Z" />
    <EventRecordID>19456</EventRecordID>
    <Correlation />
    <Execution ProcessID="724" ThreadID="15776" />
    <Channel>System</Channel>
    <Computer>Dale-PC1</Computer>
    <Security UserID="S-1-5-21-4124590474-3230443324-182549641-1022" />
    </System>
    <EventData>
    <Data Name="param1">application-specific</Data>
    <Data Name="param2">Local</Data>
    <Data Name="param3">Activation</Data>
    <Data Name="param4">{C2F03A33-21F5-47FA-B4BB-156362A2F239}</Data>
    <Data Name="param5">{316CDED5-E4AE-4B15-9113-7055D84DCC97}</Data>
    <Data Name="param6">DALE-PC1</Data>
    <Data Name="param7">Dale</Data>
    <Data Name="param8">S-1-5-21-4124590474-3230443324-182549641-1022</Data>
    <Data Name="param9">LocalHost (Using LRPC)</Data>
    <Data Name="param10">Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy</Data>
    <Data Name="param11">S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742</Data>
    </EventData>
    </Event>
     
    Dale Holden, Nov 4, 2016
    #35
  16. Regedit32

    Vortgres

    Joined:
    Nov 20, 2016
    Messages:
    1
    Likes Received:
    0
    Dear Regedit32.
    I have the same problem with Musicman78.
    I have administrator right on my PC, but no permission for

    upload_2016-11-20_19-50-48.png

    could you help?

    Thank you
     
    Vortgres, Nov 20, 2016
    #36
  17. Regedit32

    Musicman78

    Joined:
    Oct 13, 2016
    Messages:
    6
    Likes Received:
    0

    Hi REgedit32,

    its me again. :-/
    I´ve been safe for that DCOM Error after my fresh clean install for a while now.
    But since a few days, i have the same problem again. I think, it might happened after installing some MSI Tools.
    So it´s the same problem with the same reg-key like last time and the same you mentioned in your post.
    And guess what, the same problem with the last promt :
    SetACL.exe -on "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F72671A9-012C-4725-9D2F-2A4D32D65169}" -ot reg -actn ace -ace "n:Administrators;p:full"
    so i downloaded your "Take ownership or restore...." Program and run it as Admin.
    upload_2016-11-30_23-26-9.png
    have this error Message.
    After going to the dcom configuration, i´m still not able to manipulate the entries...
    upload_2016-11-30_23-27-30.png
    any ideas?

    P.S. i deinstalled the MSI Programs, but this didn´t seem to help either...
    regards
     
    Musicman78, Nov 30, 2016
    #37
  18. Regedit32

    Musicman78

    Joined:
    Oct 13, 2016
    Messages:
    6
    Likes Received:
    0
    Hey Guys,

    it seems, that i solved the problem.
    I used a tool called "RegOwnershipEX from "Winaero".
    With that tool, i could manipulate the DCOM entries.
    The Error hasn´t shown up since then.

    Hope that will help someone, who has the same problem.
    Cheers !
    Musicman
     
    Musicman78, Dec 2, 2016
    #38
  19. Regedit32

    Sergio Cali Corleo

    Joined:
    Aug 10, 2015
    Messages:
    2
    Likes Received:
    0
    There is one persistent component which fails to register;
    The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.

    this is linked to this service:

    upload_2017-2-2_13-17-5.png

    It is not possible to fix because it is not listed in component services.

    trying to fix/disable the service only regenerates a new CDP service on reboot with a different suffix i.e._e6061

    this looks like and probably is bug but it is highly irritating because I could get loads of events a day for this component.
     
    Sergio Cali Corleo, Feb 2, 2017
    #39
  20. Regedit32

    JAY B.

    Joined:
    Oct 24, 2016
    Messages:
    9
    Likes Received:
    2
    Hello Regedit32,

    I took ownership of the keys that were causing DistributedCOM error 10016 last night, by following your instruction using the Registry.
    Even though I had taken ownership, the DistributedCOM 10016 were back this morning !??
    And it was the very same keys.
    So, I went in the Registry, checked the ownership, and everything was OK.
    Do you have any idea why I still get this error ?
    Thank You for your answer
    Sorry for the bad English, I'm French !:)

    Have a Nice Day
     
    JAY B., Feb 20, 2017 at 2:13 PM
    #40
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tech Geek
    Replies:
    1
    Views:
    8,388
    Plekuz
    Aug 3, 2015
  2. GracieAllen

    Event Log help with a couple errors

    GracieAllen, Dec 10, 2015, in forum: General Discussion
    Replies:
    12
    Views:
    1,062
    GracieAllen
    Dec 16, 2015
  3. Sjoerd Gehrels

    DistributedCOM 10016

    Sjoerd Gehrels, Dec 29, 2015, in forum: Windows 10 Support
    Replies:
    0
    Views:
    1,473
    Sjoerd Gehrels
    Dec 29, 2015
  4. dac8190

    Event ID 10016 Locks computer at start up

    dac8190, Aug 27, 2016, in forum: Windows 10 Support
    Replies:
    13
    Views:
    1,598
    Regedit32
    Sep 11, 2016
  5. Edith Tan

    SOLVED BSOD Error 10016

    Edith Tan, Oct 27, 2016, in forum: Crashes, BSODs and Debugging
    Replies:
    7
    Views:
    1,467
    Saltgrass
    Nov 18, 2016
  6. MitjaHD

    Kernel-Power Event ID 41

    MitjaHD, Dec 12, 2016, in forum: Crashes, BSODs and Debugging
    Replies:
    1
    Views:
    294
  7. Poromaster

    Event ID 10016 - DistributedCOM

    Poromaster, Dec 24, 2016, in forum: Crashes, BSODs and Debugging
    Replies:
    0
    Views:
    253
    Poromaster
    Dec 24, 2016
  8. Decop

    error 10016 access denied

    Decop, Jan 4, 2017, in forum: General Discussion
    Replies:
    0
    Views:
    114
    Decop
    Jan 4, 2017
Loading...