Troubleshooting DCOM Error 10016

I received an email from a Windows user, where he has a Windows XP machine. He noticed that the System log was full of Event ID 10016, Source DCOM. So let’s see why we get this error and how to fix them up.
[more] Please note whatever is mentioned below or on this site is just a suggestion, we do not guarantee their success or any side affects, if any.

Here is an example of the event id:
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10016
Date: XX.XXX.200X
Time: xx:xx:xx
User: N/A
Computer: XXXXX
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BA126AD1-2166-11D1-B1D0-00805FC1270E}to the user NT AUTHORITY\NETWORK SERVICE (SID S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Well if you read the description carefully it says that Local Activation permission for the CLSID <clsid> is not granted to the user <user name>.  In our example mentioned above, the user account is NT Authority\Network Service and it does not have permission on one particular CLSID.

 

Now what is this CLSID? How can we check the permission? Answer to this is.. A CLSID is a globally unique identifier that identifies a COM class object. In simple word, the CLSID we are getting is for a COM Object. What is a COM object, we don’t need to worry about that for now. What we have to do is to search the associated COM object with this CLSID and that CLSID will point to the right COM object.

1. Search the associated COM object: To do that, open Registry Editor. Start –> Run –> type “regedit
2. In Registry Editor, Select “My Computer”, at the top. Now click on Edit menu and go to the option “Find”. You can also press the keys CTRL+F to get the Find window.
3. Now we will have to copy the CLSID from the Event log and paste in the FIND window. Once you do that, Click Search.

4. It should come up with the result, that is, a key on the left highlighted. In our case the CLSID is {BA126AD1-2166-11D1-B1D0-00805FC1270E} and if you look at the screenshot, it is associated with Network Connection Manager class.

5. Ok but you won’t find a COM Object with this name. Then? Hmm.. Look closely in the screenshot, we have a string valye called APPID. This is the GUID of the actual COM object that this CLASS is using.

Copy the data value of the APPID and search from the top. It’s going to be in the key HKEY_CLASSES_ROOT\AppID. and the GUID will be {27AF75ED-20D9-11D1-B1CE-00805FC1270E}.

If you highlight this key, you can see the name of this COM object. Yes, in this case it is Netman!  Now we know that we have to check permission on this COM object. 🙂

6. Now we need to open DCOM configuration window (DCOMCNFG). Start –> Run –> type “dcomcnfg

7. Now what we have is ‘Component Services’ window. Lets expand ‘Component Services‘, then ‘Computers‘ and now we have ‘My Computer’. Expand ‘My Computer’ and we have a folder under it called ‘DCOM Config’. You will notice a huge number of icons on the left. They are registered COM object. Now we have to search of that particular COM Object.

8. Search on the right side, you should have an icon “netman”. Right click on it and choose Properties and what we have is netman Properties window.

9. Now if you remember, we do not have Local Activation permission on this COM object. So let’s click on the tab Security. We have three options here: Launch and Activation permission, Access permission and Configuration permission. By default the settings for them are Use Default, Use default and Customize respectively unless a Vendor has modified it intentionally as per their requirement.

When we choose the option Use Default, it inherits the permissions from what is defined machine wide If you want to check machine wide permission, check the properties of My computer in the same Component Services window.<

10. Okay, let’s come back to this COM. For the option, Launch and Activation permission, if Customize option is selected then click on Edit button. Verify if we  have the desired account added here. In our particular error message the NT Authority\Network Service did not have permissions. So we will simply add NT Authority\Network Service account here and click OK button.

11. If it is already on Use Default and still we are getting the error message, then go back to My Computer and check permission there. Go to Properties for My computer and then to the tab ‘Com Security’. In there we have the option to edit button and add the Network service account.

Note: The permissions applied on My Computer here will be inherited by all the components which have their option selected as ‘Use default’.