SharePoint 2010: Event ID 10016 DCOM Security Policy
Event ID 10016 – Solving the DCOM Security Policy message in SharePoint 2010 step-by-step.
In the last half year we designed and built a 3-step SharePoint 2010 environment for a major customer who asked us to run a SPRaaS (SharePoint RAP as a Service) by Microsoft. As usual, the findings are collected in an Excel-table and have to be processed under supervision.
I handled the finding “Event ID 10016: DCOM Security Policy Configuration“. In all SharePoint servers, event 10016 was recorded in the system log as “Error”.
Index
Event ID 10016: Distributed COM Error
|
1 2 3 4 5 6 |
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {61738644-F196-11D0-9953-00C04FD919C1} and APPID {61738644-F196-11D0-9953-00C04FD919C1} to the user XXX\XXX SID (XXX) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. |
Microsoft explains the solution in KB920783.
Summed up briefly
the farm service account needs the following authorizations on DCOM object “IIS WAMREG admin Service“:
- local launch
- local activation
I tried to set the DCOM authorizations, but all I got was the following screen: the configuration was grayed out.
Searching Google, I found out that with Windows Server 2008R2 the authorizations for DCOM changes were not included for the local administrator.
Activate permission to change DCOM settings for local admin
Changing the registry-authorizations (full control for local administrators) on key HKEY_CLASSES_ROOT\AppID\{61738644-F196-11D0-9953-00C04FD919C1} reactivates the DCOM-configurations.
Unfortunately, I was still stuck with Eventlog message 10016.
Fix the Event ID 10016 Error
Luckily, I still had contact with a Microsoft PFE.
Together we came up with the final solution which I want to briefly sum up below:
Change of the registry-authorizations:
- HKEY_CLASSES_ROOT\AppID\{61738644-F196-11D0-9953-00C04FD919C1}
- HKEY_CLASSES_ROOT\CLSID\{61738644-F196-11D0-9953-00C04FD919C1}
- HKEY_CLASSES_ROOT\AppID\{000C101C-0000-0000-C000-000000000046}
- HKEY_CLASSES_ROOT\CLSID\{000C101C-0000-0000-C000-000000000046}
Take over ownership for local administrators.
Local group of the administrators + SharePoint Farm Service account: full control
Set DCOM authorizations for both objects:
- IIS WAMREG admin Service
- {000C101C-0000-0000-C000-000000000046}
Authorization: “Local Launch” and “Local Activation”
Afterwards Eventlog message (Event ID 10016) did not pop up again and I could close one issue of the findings list 🙂
1 Comment
Leave your reply.