en[EVENT10016] Windows.SecurityCenter.WscBrokerManager, APPID not available

SC2 2018-08-05

2021-09-07

Atom | RSS

このサイトを検索 | Search this site

,Japan

en[EVENT10016] Windows.SecurityCenter.WscBrokerManager, APPID not available

to japanese

I am writing about event ID 10016.

I have extracted the keywords from the message in the log.

[keyword]

Windows.SecurityCenter.WscBrokerManager
APPID not available
LocalHost (using LRPC)
NT AUTHORITY\SYSTEM SID (S-1-5-18)
DistributedCOM
Can be changed using the Component Services management tool

Well, the main subject.

Since "APPID unavailable" is recorded, there is no clue to repair because the APPID cannot be identified by component services.

I left it as it was, but the error recording stopped when the COM + application error was repaired.

We will share the information of "COM + application error".

Event Log

The event log is reprinted.

Event Log
message	CLSID for application-specific permission settings Windows.SecurityCenter.WscBrokerManager And APPID unusable Local launch permissions for this COM server application to user NT AUTHORITY\SYSTEM SID (S-1-5-18) at address LocalHost (using LRPC) running at application container unavailable SID (not available) You can not. This security permission can be modified using the Component Services administration tool.
log name	system
Source	DistributedCOM
Event id	10016
level	error
user	SYSTEM
Opcode	information

Due to COM + application error! ?

In my environment, log recording stopped when event ID 4434 "COM + application error" was repaired.

Therefore,

I think it's safe to assume that corruption in the Component Services COM + catalog file is the source of the error. (maybe)

If the catalog file is damaged, an error message will be displayed when you select "COM + Application" in Component Services, and the COM + application cannot be displayed.

Concrete example

COM + application error (Event ID 4434)

"You do not have permission to perform the requested operation. If system applications on the target computer have security enabled, make sure you are in the proper role."

in addition,

One of the causes may be that the definition update of Windows Defender Antivirus is a manual update because my PC uses the Local Group Policy Editor to suppress the automatic update of Windows Update.

In any case,

I'm happy because the problem has been resolved. (^^) /

Summary

[APPID: Not available]

The component service cannot be used for the "APPID: unavailable" log because the APPID to be restored cannot be specified.
"APPID: unavailable" may stop logging when repairing another DCOM error.
"APPID: Unavailable" waits for natural recovery.

How to deal with DCOM errors

There are two ways to change the DCOM component settings.

[PLAN-A, B]

Component Services + Registry Editor
Component service + ExecTI

PLAN-A has two system tools that move back and forth, so the processing is complicated and the risk is high.

PLAN-B completes the processing only with the component service started from ExecTI, so the setting value of APPID can be easily changed.

For ExecTI cases, please look for related articles.

Validation: Windows 10 Pro April 2018, v1803

en-event の記事 (Articles about the en-event)