Even in a fresh Windows 10 installation, you might see some DistributedCOM (DCOM) errors Event ID: 10016 in the System event log. Here are some sample events:
Log Name: System Source: Microsoft-Windows-DistributedCOM Date: Event ID: 10016 Task Category: None Level: Error Keywords: Classic User: DESKTOP-JKJ4G5Q\ramesh Computer: DESKTOP-JKJ4G5Q Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DESKTOP-JKJ4G5Q\ramesh SID (S-1-5-21-***) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
Log Name: System Source: Microsoft-Windows-DistributedCOM Date: Event ID: 10016 Task Category: None Level: Error Keywords: Classic User: DESKTOP-JKJ4G5Q\ramesh Computer: DESKTOP-JKJ4G5Q Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-JKJ4G5Q\ramesh SID (S-1-5-21-***) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
The most common Event ID: 10016 errors reported by users are:
Immersive Shell GUID : {C2F03A33-21F5-47FA-B4BB-156362A2F239} APPID : {316CDED5-E4AE-4B15-9113-7055D84DCC97} RuntimeBroker GUID : {D63B10C5-BB46-4990-A94F-E40B9D520160} APPID : {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
These event log error entries appear if certain processes do not have permissions to the DCOM components mentioned in the event logs. Despite these errors, the system may be functioning well without any major issues, and in that case the errors can be ignored safely. As they say “If it ain’t broke, don’t fix it“, if the system is functioning fine anyway, simply ignore the DCOM errors.
Workaround for Windows.SecurityCenter DCOM Event ID 10016
Log Name: System Source: Microsoft-Windows-DistributedCOM Date: Event ID: 10016 Task Category: None Level: Warning Keywords: Classic User: SYSTEM Computer: DESKTOP-JKJ4G5Q Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Log Name: System Source: Microsoft-Windows-DistributedCOM Date: Event ID: 10016 Task Category: None Level: Warning Keywords: Classic User: SYSTEM Computer: DESKTOP-JKJ4G5Q Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Log Name: System Source: Microsoft-Windows-DistributedCOM Date: Event ID: 10016 Task Category: None Level: Warning Keywords: Classic User: SYSTEM Computer: DESKTOP-JKJ4G5Q Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
For the above Windows.SecurityCenter related errors, setting the Security Center service (wscsvc
) to Automatic start instead of Automatic (delayed start) seems to prevent the DCOM errors. To set the Security Center service (wscsvc
) to Automatic start, set the DelayedAutoStart
DWORD value to 0
in the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
Simply ignore the DCOM errors
As per Microsoft:
These 10016 events are recorded when Microsoft components try to access DCOM components without the required permissions. In this case, this is expected and by design.
A coding pattern has been implemented where the code first tries to access the DCOM components with one set of parameters. If the first attempt is unsuccessful, it tries again with another set of parameters. The reason why it does not skip the first attempt is because there are scenarios where it can succeed. In those scenarios, that is preferable.
For more information see Microsoft article DCOM event ID 10016 is logged in Windows 10, Windows Server 2016 and Windows Server 2019. Microsoft suggests creating a filter (XML source provided in the article) to hide the DCOM 10016 events.
Suppress DCOM 10016 events using this filter
<QueryList> <Query Id="0" Path="System"> <Select Path="System">*</Select> <Suppress Path="System"> *[System[(EventID=10016)]] and *[EventData[ ( Data[@Name='param4'] and Data='{D63B10C5-BB46-4990-A94F-E40B9D520160}' and Data[@Name='param5'] and Data='{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}' and Data[@Name='param8'] and Data='S-1-5-18' ) or ( Data[@Name='param4'] and Data='{260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}' and Data[@Name='param5'] and Data='{260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}' ) or ( Data[@Name='param4'] and Data='{C2F03A33-21F5-47FA-B4BB-156362A2F239}' and Data[@Name='param5'] and Data='{316CDED5-E4AE-4B15-9113-7055D84DCC97}' and Data[@Name='param8'] and Data='S-1-5-19' ) or ( Data[@Name='param4'] and Data='{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}' and Data[@Name='param5'] and Data='{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}' and Data[@Name='param8'] and Data='S-1-5-19' ) ]] </Suppress> </Query> </QueryList>
- Open Event Viewer. Expand Windows Logs → System.
- Click Filter current log…
- Select the XML tab and enable Edit query manually
- Copy/Paste the above XML to the filter dialog, and click OK.
The DCOM error entries with the Event ID 10016 are now hidden from view.
If, on the other hand, some app or feature (eg., Cortana) is not working correctly due to incorrect DCOM permissions, here is how to fix it.
Fix DCOM Permissions Using Registry Editor & DCom Config
To prevent the events from being logged, follow these steps to grant permission to the DCOM components that have specific CLSIDs and APPIDs. Let’s take the case of RuntimeBroker, whose CLSID as reported in the event log is {D63B10C5-BB46-4990-A94F-E40B9D520160}
APPID is {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
Important: Before proceeding, create a System Restore point as incorrectly configuring DCOM Permissions can break Windows. It’s advisable to take a complete image backup if that’s feasible.
- Start the Registry Editor (
regedit.exe
). - Go to the following key:
HKEY_CLASSES_ROOT\CLSID\{D63B10C5-BB46-4990-A94F-E40B9D520160}
- Note down the (default) value data in the above key, which in this case is RuntimeBroker
- Go to the following AppID key now:
HKEY_CLASSES_ROOT\AppID\{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
- By default, TrustedInstaller owns this registry key and its subkeys. Set Administrator as the owner of the key and its subkeys. See how to take ownership of registry keys and assign full permissions for more information.
- After setting Administrators as the owner, assign Administrators group and SYSTEM account have Full Control permission for the key and subkeys.
- Exit the Registry Editor.
- Start the DCOM Configuration tool dcomcnfg.exe
- Expand Component Services | Computers | My Computer | DCOM Config.
- Right-click the application that corresponds to the AppID that’s recorded in the event log, and then select Properties. The application name in this example is RuntimeBroker which you’ve found in Step 3 above. The DCom Config tool lists two RuntimeBroker entries. To find the right one, right-click on an item and click Properties and match the App ID with the one in the registry (Figure 1).
- Select the Security tab.
- Under Launch and Activation Permissions, select Customize, and click Edit.
Note that if the Edit button is grayed out in RuntimeBroker application Properties page in DCOM Config, you’ll need to verify the AppID registry key permissions (redo steps 4-6 above). - Under Group or user names, select Add.
- Enter the group or user name that’s recorded in the event log. For example, the account recorded in the log may be
NT AUTHORITY\NETWORK SERVICE
,NT AUTHORITY\SYSTEM
, or some other group or account. - Click OK.
- Assign Local Activation permission for that user or group you added, and complete the process.
This prevents the event log errors Event ID: 10016
relating to DCOM permissions.
One small request: If you liked this post, please share this?
One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:- Pin it!
- Share it to your favorite blog + Facebook, Reddit
- Tweet it!
i made it to step 13 but the ADD button is grayed out. What can I do ?
Only Time i get the Error 10016 with this APPID is when i run a game named; ROBLOX and i have given all the permission and followed all these steps but still when i launch a ROBLOX game the PC will reboot and try fix itself. I can play anyother game without a Problem i have tried uninstalling and removing all the files in ROBLOX but i have run out of solutions. Please help.
I have had the same Paul’s problem. The button is inactive. I have done permisson to the two keys like Administators, the like administrator, but i haven’t been able to add the users.
Thanks
if the button is “inactive”:
HKEY_CLASSES_ROOT\CLSID\{D63B10C5-BB46-4990-A94F-E40B9D520160}
right click / permissions click full permission on Administrators
click advanced on top of page change from trusted installer to Administrators search & ok it to your name.
Apply and exit and it should stayed checked in the properties window when you close it. Reopen it and make sure.
Do same for next
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}
Then to the component service RuntimeBroker and top item will ask something about improper other key/permission needs changed… ok that(same key in few other locations in regedit) then you can give your self full permissions.
What if there is not APPID, or CLSID?
Unable to start a DCOM Server: MicrosoftWindows.Client.CBS_120.2212.551.0_x64__cw5n1h2txyewy!InputApp as Unavailable/Unavailable. The error:
“2147942402”
Happened while starting this command:
“C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe” -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca