,Japan
This article describes [Event ID 10016] that is recorded when updating to Windows 10 v1809.
In this log, the APPID name is "Runtime Broker".
I posted an article about Runtime Broker in the past, but this error is another error because the APP ID of Runtime Broker is different.
I'm confused. ('ω')
name | APPID |
RuntimeBroker (this time) | {15C20B67-12E7-4BB6-92BB-7AFF07997402} |
RuntimeBroker | {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} |
DCOM errors can be repaired using the component services included with Windows 10.
If you want to change the value of Component Services, you typically do the following:
- Change Owner of DCOM Component (Registry Editor)
- Change the value of DCOM component (Component Service)
- Restore owner of DCOM component (Registry Editor)
Well, the main subject.
until now,The procedure of the registry editor was risky and troublesome, so it was a bottleneck in the repair work, but in this article I will share the method of not using the registry editor.
In particular,
Use ExecTI (free software) and Component Services instead of Registry Editor.
The component service started from ExecTI is in a state where the setting value of the DCOM component can be changed.
This is the recommended procedure for fixing DCOM errors, as it eliminates the risk of using Registry Editor.
Event Log
message | CLSID for application-specific permission settings {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} And APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} Local activation permissions for the COM server application on the user xxx\yyy SID (S-1-5-21-3828101160-65458516) at the address LocalHost (using LRPC) running in the application container unavailable SID (not available) -1957545066-1001) cannot be given. This security permission can be modified using the Component Services administration tool. |
log name | system |
Source | DistributedCOM (DCOM) |
Event id | 10016 |
level | error |
user | Login User |
APPID | {15C20B67-12E7-4BB6-92BB-7AFF07997402} |
APPID name | RuntimeBroker |
Repair procedure
[Outline of procedure]- Make ExecTI ready for use (download, installation)
- Launch Component Services from ExecTI
- Add Users to APPID: {15C20B67-12E7-4BB6-92BB-7AFF07997402} and enable "Activate from Local"
- Restart your PC
- End of procedure
1. Start Component Service from ExecTI
1-1. Obtain and launch ExecTI
ExecTI is free software that can start Registry Editor and Component Services with TrustedInstaller privileges.
1-2. Start Component Services
The command to start Component Services is comexp.msc.Type comexp.msc in the box next to Open and click OK to start Component Services with TrustedInstaller privileges. The appearance of the component service is the same as that normally started.
2. Add Users to APPID and enable "Activate from Local"
2-1. Display APPID properties
ExecTI:comexp.msc > Console Root > Component Services > Computers > My Computer > DCOM Configuration
Let's switch the display mode of the component service to "Details".Since there is no search function, APPID: {15C20B67-12E7-4BB6-92BB-7AFF07997402} can be found by visually selecting the DCOM configuration from the "Application ID" column in the right pane.
The APPID name is RuntimeBroker, but there are two types, so be careful not to make a mistake. Display properties when found.
2-2. Display boot and activation permissions
ShellServiceHost Properties> Security Tab> Launch and Activation Permissions> Edit
Click Edit to bring up the Windows Security dialog. Click Remove and launch and activation permissions will be displayed.Launch and activation permissions
2-3. Add Users
Add > Detailed settings > Search
Click Add> Advanced and click Search from the dialog that appears. Select Users from the search results and click OK .Make sure xxx\Users appears in the box under "Enter the object names to select" and click OK . (Xxx: computer name)
If you go back to the launch and activation permissions screen and Users is in the selected state, you are successful.
2-4. Enable local activation
With xxx\Users selected, check "☑Activate from local" in the box under Permissions and click OK .3. End of procedure
Restart your PC and check the Event Viewer.Some Windows services start delayed, so let's check the Event Viewer after the Windows startup process has calmed down.
If no error log is recorded, the repair procedure was successful.
Afterword
According to Microsoft official website,It says "Event ID 10016 can be safely ignored", so you don't have to take any risks to repair it.
And
This behavior seems to be by design because the 10016 event logged in the event log is logged when a Microsoft component accesses a DCOM component without having the required permissions.
if so,
Is the specification wrong?
DCOM Event ID 10016 is logged on Windows 10 and Windows Server 2016
This issue occurs because the particular process does not have the permissions on the DCOM component that are listed in the event log.
~
You can safely ignore these events.
support.microsoft.com
Validation: Windows 10 Pro October 2018 Update, v1809
:SC2
このサイトを検索 | Search this site