en[EVENT10016] RuntimeBroker repair procedure

このサイトを検索 | Search this site
,Japan

This article describes [Event ID 10016] that is recorded when updating to Windows 10 v1809.

In this log, the APPID name is "Runtime Broker".

I posted an article about Runtime Broker in the past, but this error is another error because the APP ID of Runtime Broker is different.

I'm confused. ('ω')

RuntimeBroker
nameAPPID
RuntimeBroker
(this time)
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
RuntimeBroker{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

DCOM errors can be repaired using the component services included with Windows 10.

If you want to change the value of Component Services, you typically do the following:
  1. Change Owner of DCOM Component (Registry Editor)
  2. Change the value of DCOM component (Component Service)
  3. Restore owner of DCOM component (Registry Editor)

Well, the main subject.

until now,

The procedure of the registry editor was risky and troublesome, so it was a bottleneck in the repair work, but in this article I will share the method of not using the registry editor.

In particular,

Use ExecTI (free software) and Component Services instead of Registry Editor.

The component service started from ExecTI is in a state where the setting value of the DCOM component can be changed.

This is the recommended procedure for fixing DCOM errors, as it eliminates the risk of using Registry Editor.


Event Log

Event Log
messageCLSID for application-specific permission settings
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 And APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 Local activation permissions for the COM server application on the user xxx\yyy SID (S-1-5-21-3828101160-65458516) at the address LocalHost (using LRPC) running in the application container unavailable SID (not available) -1957545066-1001) cannot be given. This security permission can be modified using the Component Services administration tool.
log namesystem
SourceDistributedCOM (DCOM)
Event id10016
levelerror
userLogin User
APPID{15C20B67-12E7-4BB6-92BB-7AFF07997402}
APPID nameRuntimeBroker

Repair procedure

[Outline of procedure]
  1. Make ExecTI ready for use (download, installation)
  2. Launch Component Services from ExecTI
  3. Add Users to APPID: {15C20B67-12E7-4BB6-92BB-7AFF07997402} and enable "Activate from Local"
  4. Restart your PC
  5. End of procedure

1. Start Component Service from ExecTI

1-1. Obtain and launch ExecTI
ExecTI is free software that can start Registry Editor and Component Services with TrustedInstaller privileges.
1-2. Start Component Services
The command to start Component Services is comexp.msc.

Type comexp.msc in the box next to Open and click OK to start Component Services with TrustedInstaller privileges. The appearance of the component service is the same as that normally started.

execti-comexp.msc

2. Add Users to APPID and enable "Activate from Local"

2-1. Display APPID properties
ExecTI:comexp.msc > Console Root > Component Services > Computers > My Computer > DCOM Configuration
Let's switch the display mode of the component service to "Details".

Since there is no search function, APPID: {15C20B67-12E7-4BB6-92BB-7AFF07997402} can be found by visually selecting the DCOM configuration from the "Application ID" column in the right pane.

The APPID name is RuntimeBroker, but there are two types, so be careful not to make a mistake. Display properties when found.

DCOMの構成-15c20b
2-2. Display boot and activation permissions
ShellServiceHost Properties> Security Tab> Launch and Activation Permissions> Edit
Click Edit to bring up the Windows Security dialog. Click Remove and launch and activation permissions will be displayed.

comexp-winsecurity


Launch and activation permissions

comexp-bootpermission
2-3. Add Users
Add > Detailed settings > Search
Click Add> Advanced and click Search from the dialog that appears. Select Users from the search results and click OK .

検索結果_OK


Make sure xxx\Users appears in the box under "Enter the object names to select" and click OK . (Xxx: computer name)

RuntimeBroker-users

If you go back to the launch and activation permissions screen and Users is in the selected state, you are successful.
2-4. Enable local activation
With xxx\Users selected, check "☑Activate from local" in the box under Permissions and click OK .

users-activate from local

3. End of procedure

Restart your PC and check the Event Viewer.

Some Windows services start delayed, so let's check the Event Viewer after the Windows startup process has calmed down.

If no error log is recorded, the repair procedure was successful.

Afterword

According to Microsoft official website,

It says "Event ID 10016 can be safely ignored", so you don't have to take any risks to repair it.

And

This behavior seems to be by design because the 10016 event logged in the event log is logged when a Microsoft component accesses a DCOM component without having the required permissions.

if so,
Is the specification wrong?

DCOM Event ID 10016 is logged on Windows 10 and Windows Server 2016

This issue occurs because the particular process does not have the permissions on the DCOM component that are listed in the event log.
~
You can safely ignore these events.
support.microsoft.com

Validation: Windows 10 Pro October 2018 Update, v1809
SC2
Windowsランキング 将棋ランキング スマホ・携帯ランキング にほんブログ村 IT技術ブログ ライフハックへ にほんブログ村 その他趣味ブログ 将棋へ

このサイトを検索 | Search this site