We are seeing the following:
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 26/10/2017 08:53:42
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: servername.domain.suffix
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-10-26T07:53:42.389625000Z" />
<EventRecordID>417300</EventRecordID>
<Correlation />
<Execution ProcessID="1180" ThreadID="5140" />
<Channel>System</Channel>
<Computer>servername.domain.suffix</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}</Data>
<Data Name="param5">{F72671A9-012C-4725-9D2F-2A4D32D65169}</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">SYSTEM</Data>
<Data Name="param8">S-1-5-18</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>
Does anyone know which service we need to give permission for?
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 26/10/2017 08:53:42
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: servername.domain.suffix
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-10-26T07:53:42.389625000Z" />
<EventRecordID>417300</EventRecordID>
<Correlation />
<Execution ProcessID="1180" ThreadID="5140" />
<Channel>System</Channel>
<Computer>servername.domain.suffix</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}</Data>
<Data Name="param5">{F72671A9-012C-4725-9D2F-2A4D32D65169}</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">SYSTEM</Data>
<Data Name="param8">S-1-5-18</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>
Does anyone know which service we need to give permission for?
0
