As a big tech guy, I hate it when my Windows computer doesn’t work properly. I guess if I can’t get my computer to work perfectly, then what kind of technician am I? Obviously trying to get everything to work perfectly means spending a lot of time troubleshooting problems that probably aren’t causing major problems with my system.
However, it’s still fun and there is a lot you can learn from. In this article, I am talking about fixing an error that appears in Event Viewer related to DistributedCOM. I noticed that there were no other errors in my syslog other than a few errors every day with event ID 10016. The main error message was the same:
Application-specific permission settings do not grant local activation permission for COM Server application
It also lists the CLSID, APPID, SID, and something about changing permissions using Component Services.
After reading a few dense forum posts, I was able to fix this error so that it no longer appears in the event viewer. This is a pretty tricky process, so make sure you have an hour or two before you start.
– /
Step 1 – Check the process
The first thing we need to do is figure out which process or service is associated with the CLASS ID shown in the error. To do this, copy the CLSID specified in the event description. In my case it started with {D63B10C5. Be sure to copy both curly braces.
Now you need to open the Registry Editor by clicking on the Start button and typing regedit. With Registry Editor open, click Edit and then Find. Paste the CLSID into the search box and press Enter.
After a while, you should get the result under the key HK_CLASSES_ROOT CLSID. It should have two keys on the right side, and the service name should be specified in the Default field. In my case, and possibly yours, it should be the RuntimeBroker.
The AppID must also match what is specified in the error message. We then need to run the script so that we can make changes to the permissions in Component Services for that service.
Step 2 – Run the PowerShell Script
To fix this problem, we have to edit some permissions in Component Services for the RuntimeBroker, but before we can do that, we need to run a script that will allow us to make these changes.
To run PowerShell as an administrator, you need to click Start, type powershell, and then right-click the result and select Run as Administrator.
Now download the text file linked here, copy all the code and paste it into the PowerShell window (if you just right click in the PowerShell window, it will paste everything in the clipboard). Then just press Enter and you should see the word “Done†printed.
Step 3 – Open Component Services
You can open Component Services in the same way as you opened PowerShell in step 2. Click Start and type Component Services. You don’t need to run this program as administrator. Once there, navigate to the following location:
Component Services – Computers – My Computer – DCOM Configuration
Scroll down until you find Runtime Broker. In my case, there were two of them! How do you know which one is listed in the error?
Right click on each of them and select Properties. On the General tab, you will see the App ID, which should match the App ID from the error message. If you get errors in Event Viewer with ID 10016 and multiple CLSIDs, you might need to fix both RuntimeBrokers. In my case, I only needed to fix one thing.
Step 4 – Correct Permissions
Finally, we need to change the permissions. In the RuntimeBroker Properties window, click the Security tab.
The Change button in the Launch and Activation Permissions section should be active. If it is inactive, the PowerShell script did not work as expected. When you click on the “Edit” button, you can see a pop-up dialog box with a warning about unrecognized permissions.
Here you DO NOT WANT to click on Delete. Just click the Cancel button. You will now see a list of default accounts, and you can also see Unknown Account in the list.
You want to make sure you leave the Unknown Account as it is. Don’t take it off. At this stage, you should have ALL APPLICATION PACKAGES and ITSELF. Now we need to add two accounts. Click Add and enter System and then click Check Names. Click “OK” and this account will be added to the list.
Click Add again, this time enter Local Service and follow the same steps.
Once both have been added, click them one at a time and check the boxes for “Local launch” and “Local activation” in the “Allow” section. That’s all! Now restart your computer and you should no longer see this error in Event Viewer logs. Enjoy!
–