SOLVED Event ID 10016 Locks computer at start up

Joined
Dec 9, 2015
Messages
36
Reaction score
7
Hello, I'm not sure what happened but my Windows 10 Home computer now locks up for several minutes after startup with the CPUs pegged at 100% and the system disk also pegged. Before the startup had no delays.

I am getting the system error described in the attached "2016-08-27-Event ID 10016.PDF" several times a second for the time the computer is pegged.

I have researched this for several days and there is a lot of guidance on how to set permissions/owner to Administrators for the registry CLSID and APPID which I've been able to do but I can not get the part referenced in #14 that is in the guidance in the answers.microsoft.com link below to correct this problem to work.

11. Close all tabs and go to Administrative tool.
12. Open component services.

13. Click Computer, click my computer, then click DCOM.
14. Look for the corresponding service that appears on the error viewer.
15. Right click on it then click properties.


http://answers.microsoft.com/en-us/...n/9ff8796f-c352-4da2-9322-5fdf8a11c81e?auth=1

Any advice is appreciated!
 

Attachments

  • 2016-08-27-Event ID 10016.pdf
    10.2 KB · Views: 931

Regedit32

Moderator
Joined
Mar 4, 2016
Messages
3,609
Reaction score
1,140
Hi dac8190,

You've done some good research all ready into troubleshooting your Event Viewer Error 10016.

I have taken a look at the Microsoft site you provided an link to to review the list of instructions given, and while on the whole it is sound the last few steps in my view are incorrect, but can easily be resolved now.

So let's start from the beginning for the benefit of others who may read this thread — I am aware you all ready have done at least the first 13 steps, but for the others reading here it will be helpful to understand how we get to step 14 and beyond. I'm going to shorten the list somewhat and also alter a few steps to correct errors.

  • You've discovered in your Event Viewer the 10016 Error message which you attached as a PDF for all to read. Thanks for doing that; this was helpful.

    The important part of this Event ID 10016 log in regards to the first steps is the Description:

    The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97}

    This is telling you the two very specific keys in your Registry that are the root to triggering Event ID 10016.

    So now what do we do with this information. As you discovered you need to locate these keys and make some modifications inside your Registry Editor, so:

Step 1
  • Right-click on Start
  • Left-click on Run
  • In the Run dialog type regedit then click OK
  • A User Account Control window will pop up. Click Yes
Step 2
  • The Registry Editor will now be open. In its left pane you want to expand the keys to the following location.
HKEY_Classes_Root
— CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
This is the CLSID key your error log recorded in the Description.


Step 3
We need to change permissions on this key temporarily to allow later steps. To do this do the following:​

  • In the left pane you need to right-click on the {C2F03A33-21F5-47FA-B4BB-156362A2F239} key and select Permissions
  • This will open the Permissions for {C2F03A33-21F5-47FA-B4BB-156362A2F239} window like so:

    Note: I don't have this particular key on my system so I will use an alternate one for illustrative purposes:

    perm.png


    The title bar of window will display your key name of course.

  • Click the Advanced button

    This will open the Advanced Security Settings for {C2F03A33-21F5-47FA-B4BB-156362A2F239}

    Sample Image (I'm using a different key so my title bar will display a different key)

    perm2.png


    You can see here the Owner is TrustedInstaller. To change this click the Change link.

    This will open the Select User or Group window:

    perm3.png


    1. In this window you can either type Administrator or if your Username belongs to the Administrative Group you could enter that instead.

    2. When you have typed the name click Check Names button which will result in the following:

    perm4.png


    Now click OK which will close this window and return you to the previous window:

    perm5.png


    Check the box next to Replace owner on subcontainers and objects then click OK

    That will close this window returning you to the Permissions window. In this window check the Full Control box beneath the Allow column then click OK

    Note: How do we know whether to click Allow Full Control? Well the answer is found in the Event ID 10016 Description which says,
    This security permission can be modified using the Component Services administrative tool.

    If it did not say this and you clicked Allow Full Control then clicked Apply or OK and alert would pop up saying Access is denied which you'd have to cancel out of.

    Sample Image

    perm6.png


Step 4

You now need to locate the APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} which was recorded in the Description of your Event ID 10016.

  • To do that inside your Registry Editor on the left pane you need to expand the keys to this location:
HKEY_LOCAL_MACHINE
— SOFTWARE
— Classes
— AppID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}


  • You now need to repeat Step 3 for the {316CDED5-E4AE-4B15-9113-7055D84DCC97} key.
  • When you have completed the change of ownership for this key, press F5 key to refresh the Registry.
  • You can now close the Registry Editor.
Step 5 (This is the beginning of Step 14 from your website you were not sure about)

Now that you have taken temporary ownership of both keys mentioned in your Event ID 10016 Description you are ready to follow the Descriptions advice to modify the Component Service related to these keys.

How do you know which Component Service to look for though? Well the Event ID 10016 log gives you that information:

<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-
4131-BADC-B6F3A001407E}" EventSourceName="DCOM"

This is telling you you will find the Component affected inside the DCOM section.

Then towards the end of the log you see some Data tags:

<Name="param10">Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txye wy

This most likely is the culprit. It is possible it is not the only culprit, but for now Cortana is the one appearing in your log. So now we know we need to go to the Component Service: DCOM and look for Cortana.
  • Press your Windows key + S key together to give focus to the Search box
  • Inside the Search Box type Component Services
  • When Component Services Desktop App appears in search results right-click on it and select Run as administrator

    This will open the Component Services window which is divided into three panes.

    In the left pane click on Component Services and expand to DCOM Config as in sample image below.

    In the middle pane you will see a grid of Application icons. In the top toolbar click the Detail icon to instead see the Applications listed along with their Registry key Application IDs

    Sample Image

    perm7.png
Step 6 (This is the step 14 from your website you were unsure about continued)
  • In the middle pane you need to scroll down to locate Cortana references. When you find one you need to take at look at the Application ID column to verify the Registry key matches either:
    • {C2F03A33-21F5-47FA-B4BB-156362A2F239}, or
    • {316CDED5-E4AE-4B15-9113-7055D84DCC97}
  • When you find the correct one right-click on it and select Properties

    This will open the Properties window for the Component you chose.

    In this window click the Security tab

    The Security tab has three panels. The top panel says Launch and Activation Permissions.

    In that pane click the Edit button

    At this point you need to determine from your original Event ID 10016 log whether the error is related to the Local Service or System. In your case the <Channel> says System.

    Click the Add button and enter System then enable the Local Activation box

    Note: Check other Cortana options just in case and change if necessary.
Step 7 (The final step)

Earlier I mentioned you were temporarily changing ownership of those two registry keys.

It is now time to restore their ownership to TrustedInstaller.

To do this repeat steps, 2, 3 and 4

For each key when you get to the Select User or Group window:

1. Type NT Service\TrustedInstaller into the box, then
2. Click the Check Names button

Sample Image

perm8.png


If successful you will see this:

perm9.png


Now just click OK, then OK again, and one last OK

When you have done this for both keys, press F5 to refresh Registry.

You can now close the Registry Editor.

Job done!

Regards,

Regedit32
 

Attachments

  • upload_2016-8-28_13-33-52.png
    upload_2016-8-28_13-33-52.png
    113.4 KB · Views: 1,269
Joined
Dec 9, 2015
Messages
36
Reaction score
7
Thank you for the EXECELENT guidance Regedit32!


Two questions:


First: In some of the research there was discussion of changing the Owner of the CLSID and APPID to Administrators vs Administrator. When I tried Administrator I was denied access but when I tried Administrators it seemed to work. Any thoughts on the differences?


Second: I did look at Cortana in Component Services and found two references but neither have the CLSID or APPID in the Event ID Log.

upload_2016-8-27_20-41-13.png



I did my best to review every Application ID manually (is there a way to do a “Find”?) and didn’t notice one.


Thoughts? And Thanks again!
 

Regedit32

Moderator
Joined
Mar 4, 2016
Messages
3,609
Reaction score
1,140
Hi dac8190,

Your initial observation re administator or administrators comes down to the listed Group or User names, or Permission Entries on the advanced window. Most would have UserName\Administrators, but some have UserName\Administrator; hence one or the other may be chosen.

I've not noticed though before that failing to type administrators caused a issue. The System normally still finds the appropriate name.

When its impossible to change permissions to include Full Control, you may need to download a utility from Microsoft and run this first before attempting to change permissions on Registry Keys.

The utility is called PsExec and can be downloaded from: https://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

Once setup as per instructions on that page you would then use the following command for the Registry Editor:
  • Code:
    psexec -i -d -s c:\windows\regedit.exe
  • Press Enter key to execute and then continue to the Registry Editor to change permissions

Within the Compnent Services console there is no method to do a quick Find as such, however, as I stated earlier although the log mentioned Cortana its not exclusively the source of issue.

Another way to try to identify the DCOM application you need to change security on is to check the Default values of either the CLSID key or the AppID key mentioned in your log. You can open Registry Editor and left-click on the keys in left pane to view their Default values in the right pane, or you could do a reg query instead like so:
  • Right-click on Start
  • Left-click on Command Prompt
  • In the Command Prompt window type or copy & paste the following:

    Code:
    reg query "HKEY_CLASSES_ROOT\CLSID\{C2F03A33-21F5-47FA-B4BB-156362A2F239}" /ve

    Press Enter key to execute command

    Code:
    reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{316CDED5-E4AE-4B15-9113-7055D84DCC97}" /ve

    Press Enter key to execute

    Both these commands will return the Default Value and this is what you want to locate inside that Component Services window. The values ought to be identical.

Regards,

Regedit32
 
Joined
Oct 1, 2014
Messages
2,328
Reaction score
357
The GUID numbers are for the Immersive Shell.

These things are a real pain and I have seen several different ones lately. I think the last update has a fairly large bug which is messing with these permissions. Since the items are supposed to be using the default values set in the overall area, what is changing those permissions on just one or two...

@Regedit32 I just got another Component Services message on a different item that the one I had before. Something in this upgrade is messing with the basic systems.

CompBT.JPG
 

Regedit32

Moderator
Joined
Mar 4, 2016
Messages
3,609
Reaction score
1,140
Yes Saltgrass, Microsoft are rolling out updates knowing it will corrupt things and openly admit it.

For example the most recent update corrupts two components for PowerShell, and Microsoft released the update anyway with a note saying they are working on a fix.

The problem being if you are trying to run a network and now cannot make use of PowerShell commands their latest update effectively deprecates because of a known bug, what are you supposed to do? Twiddle your thumbs?

There is no harm in recording the Class in the AppID, that is what normally would be the case anyway. The (Default) value at the AppID key ought to be referencing that executable from the CLSID.
 
Joined
Oct 1, 2014
Messages
2,328
Reaction score
357
When I tried Administrator I was denied access but when I tried Administrators it seemed to work.
Administrator is the inactive Adim account. Administrators are the Admin users like you.

Did you check for the immersive shell entry? You can search for the GUID in Regedit.exe. You will find the CLSID number in that section and the AppID in that section. When selected, in the right window you will see what it is.

HKEY_CLASSES_ROOT\AppID\{316CDED5-E4AE-4B15-9113-7055D84DCC97}

RegImmShell.JPG
 
Joined
Dec 9, 2015
Messages
36
Reaction score
7
Refedit32 & Saltgrass, thank you both for your guidance in this issue!


I tried to use Administrator and it worked as well as Administrators, must have mistyped or something I guess.

It was indeed the Immersive Shell that was associated with the APPID. I made all the changes as suggested and was still having the same problem. When I tried to follow the guidance below the only way I could get the edit to work was to select “Custom” and then Edit. I hope that was right? After doing this I rebooted and had the same problem. After several failures I decided to delet the System in Component Services and then re-added it. Things seemed to start working and the errors are gone from the log, unfortunately the system still hangs after booting, seems something called RunTimeBroker is chewing up the CPU. Any advice on that?


Thanks so much for you excellent help! I hope others can take advantage of this.

The Security tab has three panels. The top panel says Launch and Activation Permissions.

In that pane click the Edit button

At this point you need to determine from your original Event ID 10016 log whether the error is related to the Local Service or System. In your case the <Channel> says System.

Click the Add button and enter System then enable the Local Activation box

upload_2016-8-29_19-6-59.png
 
Joined
Dec 9, 2015
Messages
36
Reaction score
7
Oh darn.....
It worked a few times now it is reporting the same error.

Any thoughts?
 
Joined
Oct 1, 2014
Messages
2,328
Reaction score
357
Does your Immersive Properties dialog look like the attachment? Did you reset the security permissions after your finished the process?

You say you removed and reinstalled something, what was that exactly? Have you tried running the System File check?

DCom User Desg.JPG
 
Joined
Dec 9, 2015
Messages
36
Reaction score
7
Saltgrass, the Immersive Shell looks exactly like your example.

What I deleted and re-added was the reference to System in the Launch and Activate Permissions and set the permissions all on when I re-added it. I really thought that was the magic bullet that made it work but I guess not.
 
Joined
Oct 1, 2014
Messages
2,328
Reaction score
357
Several years ago I had a situation with the IP Bus Enumerator on Win 7. That was the first time I had gone through the corrective action and I think I was one of the first to do so.

I remember changing the permissions on the actual Registry entry for that AppID. Regedit32 seems to be advising changing the permissions on the CLSID, but I don't remember exactly and I might be wrong.

But I changed the permissions to allow the options panel to become accessible, with it looks like your have done, then change the Launch and Activations permissions to allow the launch. Why you need to do this I don't know because the default settings which the App is using should take care of it.

After I was done, I put the permissions back where they were although I don't think this is entirely necessary.

I have been seeing 10016 errors on several different apps. The FrameServiceHost and Shell Service Host have been occurring for some time. But I look at when they occur and if it is coincides with some system operation, such as a restart, I will ignore them.

Your situation seems to be different in that it causes problems for your system. If you can't get the problem repaired, you might try increasing the time allotment for the operation to see if that helps. The default settings for the DCom+ apps is in the My Computer properties dialog, which is the one all those apps are supposed to be using. If you look at the Transaction Timeout on the Options Tab it may allow you to increase the time allowed so the process will complete. I have no indication or experience which says this will work...

I laugh when I read the comments about being able to adjust these settings in the Component Services. I think that was written before the permissions were changed to keep users from modifying them for the individual components.

I also notice when you select the properties for My Computer, there is a "Refresh all components" option. Perhaps that would reset those components which are not using the default settings.
 
Joined
Dec 9, 2015
Messages
36
Reaction score
7
I want to thank everyone for their guidance in this endeavor to fix my lock up during the startup of my computer!


I’ve come to believe that the Event ID 10016 was a false lead from Microsoft as to the actual problem. I restored my Windows 10 OS to a May 2016 version and was able to boot up without having the 10016 error reported, this lasted until my May version was “automatically” updated to whatever the current version is and then the problem returned.


I have other laptop computers that do not have this problem, just my desk top that I use the most had this issue that started sometime after an update around June 2016.


During the startup of windows 10 the Run Time Broker process pegged my CPU at 100% for several minutes and during that time things are frozen and the ID 10016 was reported 100s of times as a system error which led me to believe that that was what was causing the freeze. I learned that if I stopped the Run Time Broker the ID 10016 errors also stopped at time but of course this created other issues. I don’t think the reported error was caused by a lack of permissions but by some sort of silly system interaction during the “freeze”.


I tried to identify the users of Run Time Broker but to date have not been able to figure out how to do that. Three things that I have done to reduce my freeze based on a LOT of internet searching were:


1. Removed many of the windows 10 built in apps that I don’t use following the guidance in the following link.


http://www.howtogeek.com/224798/how-to-uninstall-windows-10s-built-in-apps-and-how-to-reinstall-them/


2. Through the “Settings” under the windows start button turned off many of the update functions.


3. This improved the performance of my computer but it seemed that Cortana was still causing issues. I disabled Cortana using the guidance in the following link:


http://www.howtogeek.com/224798/how-to-uninstall-windows-10s-built-in-apps-and-how-to-reinstall-them/


My system seems to run a lot better and doesn’t “freeze” but the Run Time Brooker still pegs the CPU for 30 to 90 seconds (much less then before) and I sure wish I could identify what it is up to during that time!


Any advice before I close this thread out?
 
Joined
Dec 9, 2015
Messages
36
Reaction score
7
Much has happened since I started this adventure, I was able to totally remove Cortana and my system returned to behavior that I had experienced under Windows 7, life was good. Then in the last few months Microsoft “forced” several feature upgrades on me that restored Cortana and changed the way some things worked. Good news is that my system seems to be working better than it was before all of this started. Thanks to all for their advice and help!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top