en[EVENT10016] ShellServiceHost (LOCAL SERVICE)

このサイトを検索 | Search this site

,Japan

This section describes the repair procedure for Event ID 10016.

The logs indicate that the Windows built-in account [LOCAL SERVICE] cannot access the DCOM component [ShellServiceHost].

The Microsoft official recommends ignoring DCOM errors as they signal the result of Windows operating as specified.

It seems that side effects may occur when repairing.

Well, the main subject.

I didn't want to see the error displayed in the Event Viewer so I tried to fix it.

If you plan to use this article as a guide, understand the risks and do so at your own risk.

Please note that incorrect operation may prevent Windows from starting.

[Things necessary]

Registry editor
Component service

Event log

The event log is reprinted.
* "ShellServiceHost" is not displayed in Event Viewer.

Event log
message	CLSID for application-specific permission settings {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} And APPID {4839 DDB7-58C2-48F5-8283-E1D1807D0D7D} Local activation permission for the COM server application on the application container Unavailable SID (not available) at address LocalHost (using LRPC) user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) I can not give it. This security permission can be changed using the Component Services Management Tool.
Log name	system
Source	DistributedCOM (DCOM)
Event ID	10016
level	error
user	LOCAL SERVICE
APPID	{4839 DDB7-58C2-48F5-8283-E1D1807D0D7D}
APPID Name	ShellServiceHost

Repair procedure

You should not make a mistake as you operate [registry editor> component service> registry editor] and 2 system tools alternately.

The full picture of the restoration work is as follows.

Change the owner of APPID in Registry Editor
Set the changed owner's permissions to full control
Start component service and add LOCAL SERVICE to APPID
Revert the owner of APPID
Restart your computer

1. Change the owner of APPID in Registry Editor

Registry operation is at your own risk

Before operating the registry editor
Make a backup of the registry in case of unforeseen circumstances.

1.1 Start Registry Editor

Start the run, enter regedit for the name and click OK.

How to start execution by specifying file name: Scrap 2nd.

1.2 Search for APPID

Launch the registry editor search dialog.

Ctrl + F or Edit> Search

Enter {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} and click Find Next.

Search result (ShellServiceHost)
\HKEY _ CLASSES _ ROOT\AppID\{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}

Administrator 1.3 owner from TrustedInstaller S to change

To change the owner of ShellServiceHost, the account (your account) logged in to the currently operating Windows must be an account with administrator privileges (an account belonging to Administrators).

Select {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} and select [Right-click> Access Permissions].

In our environment, Administrators were registered to a group or user name, but the access permission was set to [Read].

As a trial, check the Full Control and click OK to return an error, so change the owner.

When you click [Advanced] and check the owner on the transition screen, it became TrustedInstaller.

Click Change.

Click [Change] to go to the [Select User or Group] screen. Click [Advanced].

User or Group Selection> Advanced Settings

When you click [Search], Administrators will be listed in the search results. Select it and click OK.

Let's choose the one with s at the end.

Enter the object to be selected. Confirm that PCName\Administrators has been added, click OK, and click OK on the transition screen.

2. Change Administrators permissions to full control

Select Administrators of group name or user name
Under the window permissions below, check Full Control 許可 Permissions and click OK

3. Start component service and add LOCAL SERVICE to APPID

In this procedure, APPID points to ShellServiceHost.

3.1 Start Component Services

Start Menu> Windows Management Tools> Component Services

To start a component service:
Start the execution with a file name, enter dcomcnfg for the name, and select OK.

Or
It will transition to [Start Menu> Windows Management Tools> Component Services].

3.2 Search for application ID

APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} is visually searched from the “Application ID” column displayed in the right pane when DCOM configuration is selected.

There is no search function.

Application ID and Name
APPID Name	ShellServiceHost
APPID	{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}


Console root Sakai Component Service ∨ computer ∨ My computer 構成DCOM configuration

3.3 Display Properties

ShellServiceHost> Right Click> Properties

After editing the registry, you can edit it by restarting the component service dcomcnfg.

3.4 Display edit screen

Security> Launch and Activation Permissions> Edit

3.5 Display Search Screen

Add> Advanced> Search

Click Search from the dialog that appears with Add> Advanced Settings.
Select LOCAL SERVICE from the search results and click OK .

3.6 Launch and Activation Permissions

Perform the following steps:

Point to LOCAL SERVICE and select it
Check [☑ Activate from local] in the permission box and click OK
Procedure end

4. Revert the owner of the APPID

After completing Step 3, start Registry Editor and return the owner of {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to TrustedInstaller.

See step 1.

Because TrustedInstaller does not appear when you search, enter directly in the box under Enter the object to select on the Select Users or Groups screen.

Click OK when finished .


Input value	NT SERVICE\TrustedInstaller
$NT SERVICE\TrustedInstaller$

5. Restart your computer

Restart your computer and check the event viewer.

The procedure is successful if no errors are logged.

Summary

The one used to repair the ShellServiceHost.

Registry editor
Component service

ExecTI (free software) allows you to directly edit ShellServiceHost.

Please read the related article for the repair procedure using ExecTI.

Document

Microsoft recommends ignoring DCOM errors. It seems that side effects may occur when repairing.

Event ID 10016 for DCOM Is Logged on Windows

These 10016 events are logged when a Microsoft component tries to access a DCOM component without the required permissions. In this case, this behavior is as specified.
To
These events can be ignored because they are designed without adversely affecting functionality. This is the recommended action for these events.
To
Also, to avoid this problem, change the permissions of the DCOM component so that it does not log this error. However, we do not recommend these errors, as changing permissions may cause unexpected side effects without adversely affecting functionality.
support.microsoft.com

Link: External link