en[EVENT10016] RuntimeBroker repair procedure

SC2 2019-01-11

2021-08-17

Atom | RSS

このサイトを検索 | Search this site

,Japan

en[EVENT10016] RuntimeBroker repair procedure

to japanese

This article describes [Event ID 10016] that is recorded when updating to Windows 10 v1809.

In this log, the APPID name is "Runtime Broker".

I posted an article about Runtime Broker in the past, but this error is another error because the APP ID of Runtime Broker is different.

I'm confused. ('ω')

RuntimeBroker
name	APPID
RuntimeBroker (this time)	{15C20B67-12E7-4BB6-92BB-7AFF07997402}
RuntimeBroker	{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

DCOM errors can be repaired using the component services included with Windows 10.

If you want to change the value of Component Services, you typically do the following:

Change Owner of DCOM Component (Registry Editor)
Change the value of DCOM component (Component Service)
Restore owner of DCOM component (Registry Editor)

Well, the main subject.

until now,

The procedure of the registry editor was risky and troublesome, so it was a bottleneck in the repair work, but in this article I will share the method of not using the registry editor.

In particular,

Use ExecTI (free software) and Component Services instead of Registry Editor.

The component service started from ExecTI is in a state where the setting value of the DCOM component can be changed.

This is the recommended procedure for fixing DCOM errors, as it eliminates the risk of using Registry Editor.

Event Log

Event Log
message	CLSID for application-specific permission settings {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} And APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} Local activation permissions for the COM server application on the user xxx\yyy SID (S-1-5-21-3828101160-65458516) at the address LocalHost (using LRPC) running in the application container unavailable SID (not available) -1957545066-1001) cannot be given. This security permission can be modified using the Component Services administration tool.
log name	system
Source	DistributedCOM (DCOM)
Event id	10016
level	error
user	Login User
APPID	{15C20B67-12E7-4BB6-92BB-7AFF07997402}
APPID name	RuntimeBroker

Repair procedure

[Outline of procedure]

Make ExecTI ready for use (download, installation)
Launch Component Services from ExecTI
Add Users to APPID: {15C20B67-12E7-4BB6-92BB-7AFF07997402} and enable "Activate from Local"
Restart your PC
End of procedure

1. Start Component Service from ExecTI

1-1. Obtain and launch ExecTI

ExecTI is free software that can start Registry Editor and Component Services with TrustedInstaller privileges.

ExecTI is here to fix DCOM errors like Event ID 10016! :Scrap 2nd.

1-2. Start Component Services

The command to start Component Services is comexp.msc.

Type comexp.msc in the box next to Open and click OK to start Component Services with TrustedInstaller privileges. The appearance of the component service is the same as that normally started.

2. Add Users to APPID and enable "Activate from Local"

2-1. Display APPID properties

ExecTI:comexp.msc > Console Root > Component Services > Computers > My Computer > DCOM Configuration

Let's switch the display mode of the component service to "Details".

Since there is no search function, APPID: {15C20B67-12E7-4BB6-92BB-7AFF07997402} can be found by visually selecting the DCOM configuration from the "Application ID" column in the right pane.

The APPID name is RuntimeBroker, but there are two types, so be careful not to make a mistake. Display properties when found.

2-2. Display boot and activation permissions

ShellServiceHost Properties> Security Tab> Launch and Activation Permissions> Edit

Click Edit to bring up the Windows Security dialog. Click Remove and launch and activation permissions will be displayed.

Launch and activation permissions

2-3. Add Users

Add > Detailed settings > Search

Click Add> Advanced and click Search from the dialog that appears. Select Users from the search results and click OK .

Make sure xxx\Users appears in the box under "Enter the object names to select" and click OK . (Xxx: computer name)

If you go back to the launch and activation permissions screen and Users is in the selected state, you are successful.

2-4. Enable local activation

With xxx\Users selected, check "☑Activate from local" in the box under Permissions and click OK .

3. End of procedure

Restart your PC and check the Event Viewer.

Some Windows services start delayed, so let's check the Event Viewer after the Windows startup process has calmed down.

If no error log is recorded, the repair procedure was successful.

Afterword

According to Microsoft official website,

It says "Event ID 10016 can be safely ignored", so you don't have to take any risks to repair it.

And

This behavior seems to be by design because the 10016 event logged in the event log is logged when a Microsoft component accesses a DCOM component without having the required permissions.

if so,
Is the specification wrong?

DCOM Event ID 10016 is logged on Windows 10 and Windows Server 2016

This issue occurs because the particular process does not have the permissions on the DCOM component that are listed in the event log.
~
You can safely ignore these events.
support.microsoft.com

Validation: Windows 10 Pro October 2018 Update, v1809

en-event の記事 (Articles about the en-event)