2019-06-15T22:17:03Z kzstock [Event ID 10016] PLAN-B RuntimeBroker: APP ID {15C20B67-12E7-4BB6-92BB-7AFF07997402} | DistributedCOM (DCOM) | Login User Repair Procedure
Scrap 2nd.

[Event ID 10016] PLAN-B RuntimeBroker: APP ID {15C20B67-12E7-4BB6-92BB-7AFF07997402} | DistributedCOM (DCOM) | Login User Repair Procedure

Verification: Windows 10 Pro October 2018 Update, v1809
This post describes Event ID 10016, which is now recorded when updated to Windows 10 v1809.

The event ID 10016 this time is different from DistributedCOM (DCOM): RuntimeBroker, which was noted in the past, but it has a different APPID and is different.

(this time)

DCOM errors can be repaired using the component services provided with Windows 10.

So far, we used Registry Editor and Component Services to fix DCOM errors, but this procedure does not use Registry Editor.

This procedure is recommended when repairing DCOM (DistributedCOM), because there is no risk of using Registry Editor.

Event viewer message

Event viewer message
messageCLSID for application-specific permission settings
 Local activation permission for the COM server application on the application container Unavailable SID (not available) running address LocalHost (using LRPC) user xxx\yyy SID (S-1-5-21-3828101160-65458516 -1957545066-001) can not be given. This security permission can be changed using the Component Services Management Tool.
Log namesystem
SourceDistributedCOM (DCOM)
Event ID10016
userLogin User
APPID NameRuntimeBroker

Repair procedure

Get the free software ExecTI, start the component service from ExecTI and edit the APPID.
  1. Start Component Services from ExecTI
  2. Add Users to APPID: {15C20B67-12E7-4BB6-92BB-7AFF07997402} to activate "Activate from local"
  3. Restart your computer

1. Start Component Services from ExecTI

1-1. Get ExecTI and start it
ExecTI is free software that can start Registry Editor and component services with TrustedInstaller privileges.
1-2. Start component service
The command to start the component service is comexp.msc.

Enter comexp.msc in the box next to Open and click OK to start the component service with TrustedInstaller privileges. The appearance of the component service is the same as what was normally started.

2. Add "Users" to APPID and enable "Activate from local"

2-1. Display APPID Properties
ExecTI: comexp.msc> Console Root> Component Services> Computer> My Computer> DCOM Configuration
Switch the display mode of component service to "Details".

Since there is no search function, APPID: {15C20B67-12E7-4BB6-92BB-7AFF07997402} selects DCOM configuration and looks for it visually from the “Application ID” column in the right pane.

The name of APPID is RuntimeBroker, but there are two kinds, so don't get it wrong. If found, display the property.

2-2. Display activation and activation permissions
ShellServiceHost Properties> Security Tab> Launch and Activation Permissions> Edit
Click Edit to display the Windows Security dialog. Click Delete to view launch and activation permissions.

Launch and Activation Permissions

2-3. Add Users
Add> Advanced> Search
Click Search from the dialog that appears with Add> Advanced> Advanced. Select Users from the search results and click OK .

Confirm that xxx\Users is displayed in the box under "Please enter the object name to select" and click OK . (Xxx: computer name)

Returning to the Launch and Activation Permissions screen, it is a success if Users is selected.
2-4. Enable activation from local
With xxx\Users selected, check "☑ Activate from local" in the box under Permissions, and click OK .

3. End of procedure

Restart your computer and check the event viewer.

The Windows service has a delayed start service, so let's check the event viewer after your computer's boot process has settled down.

If no errors are recorded, the repair procedure is successful.


If you read the description on the Microsoft official website about Event ID 10016, it is written that it is safe to ignore it, so there is no need to take a risk challenge to repair it.

And, it was written that this behavior is in accordance with the specification because the 10016 event recorded in the event viewer is recorded when the Microsoft component tries to access the DCOM component without the necessary permission.

If so, is that specification wrong? (꒪⌓꒪)

DCOM event ID 10016 is logged in Windows 10 and Windows Server 2016

This problem occurs because certain processes do not have permission to the DCOM components that are listed in the event log.
It is safe to ignore these events.
次の投稿 前の投稿 ホーム

0 件のコメント: