2019-06-15T22:07:36Z kzstock [Event ID 10016] RuntimeBroker Part2:APPID{15C20B67-12E7-4BB6-92BB-7AFF07997402}|DistributedCOM (DCOM)
Scrap 2nd.
3

[Event ID 10016] RuntimeBroker Part2:APPID{15C20B67-12E7-4BB6-92BB-7AFF07997402}|DistributedCOM (DCOM)

1st:
2: 2019-03-26
Verification: Windows 10 Pro October 2018 Update, v1809

※ The above snapshot is
It is the one when the RuntimeBroker written in this article is displayed with Registry Editor.


Describes the event ID 10016, which is now recorded when updated to W10 v1809.

Event ID 10016 will be handled differently depending on the name of the DCOM that is the cause, but this time it is due to DCOM: RuntimeBroker that you noted in the past, but it is an error of different version of APPID.

nameAPPID
RuntimeBroker
(this time)
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
RuntimeBroker{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

Although event ID 10016 can be repaired using component services provided with Windows 10, it is not possible to change RuntimeBroker settings by default.

Before using Component Services, there is a procedure to change the ownership of RuntimeBroker using Registry Editor.

The repair procedure uses two tools.

  • Registry editor
  • Component service

The procedure is so difficult that if you are not familiar with the computer, you do not need to repair it.

If you are concerned about event errors like me, how about trying to repair it?

DCOM: Distributed Component Object Model


Error message

The messages recorded in the Event Viewer are as follows.

Event viewer message
messageCLSID for application-specific permission settings
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 And APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 Local activation permission for the COM server application on the application container Unavailable SID (not available) running address LocalHost (using LRPC) user xxx\yyy SID (S-1-5-21-3828101160-65458516 -1957545066-001) can not be given. This security permission can be changed using the Component Services Management Tool.
Log namesystem
SourceDistributedCOM (DCOM)
Event ID10016
levelerror
userLogin User
APPID{15C20B67-12E7-4BB6-92BB-7AFF07997402}
APPID NameRuntimeBroker

Repair procedure

This procedure uses Registry Editor and Component Services, so make sure to back up your original data before you start working in case of contingencies.

At the same time, log in to Windows with an account that belongs to Administrators, and then execute.


Summary of procedure
Add "Users" to the RuntimeBroker access right registered in the component service, and grant "Activate from local" right.

The repair procedure is six steps.

    (Registry editor)
  1. Change the owner of APPID
  2. Add Administrators to the group name or user name
  3. Set Administrators to Full Control
    (Component service)
  1. Start component service
  2. Add Users to Launch and Activation Permissions
    (Registry editor)
  1. Revert owner
  2. Procedure end

1. Procedure to change the owner of APPID

This procedure uses Registry Editor.

Change the owner of APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} from TrustedInstaller to Administrators.

Then, change the permissions of Administrators to "Full Control".

Registry operation is at your own risk
Before operating the registry editor
Make a backup of the registry in case of unforeseen circumstances.

1.1 Start Registry Editor
Run (Win + R), enter regedit for the name, and click OK to start Registry Editor.
1.2 Search for APPID
Launch search dialog (Ctrl + F /Edit> Search),
Enter APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} recorded in the Event Viewer to search.

It hits in multiple places, but the value under, \HKEY_CLASSES_ROOT\AppID\, is an edit object.

Search value{15C20B67-12E7-4BB6-92BB-7AFF07997402}
result\HKEY_ CLASSES _ ROOT\AppID\{15C20B67-12E7-4BB6-92BB-7AFF07997402}
1.3 Select Access Permissions
Right-click {15C20B67-12E7-4BB6-92BB-7AFF07997402} and select "Access Permissions".

1.4 Select advanced settings
Click "Advanced" in the lower right.
The image shows Administrators but not in some environments.

Access denied
I feel like I can change Administrators to full control when Administrators is displayed, but when it is executed, the following dialog will be displayed, so I can not change to full control until I get ownership.

1.5 Click Change
Since the owner at the top left of the screen to be transitioned is TrustedInstaller, click Change.

Owner: TrustedInstaller
1.6 Click on Advanced Settings
Click Advanced on the Select Users or Groups screen.

User or Group Selection> Advanced Settings
1.7 Select Administrators
When you click Search, Administrators will be listed in the search results. Select it and then select OK.

Administrator and Administrators because there is, if you need to select the direction which has an s at the end.

Advanced settings> Search

Enter the object to be selected. Confirm that PCName\Administrators has been added, click OK, and click OK on the transition screen.
Add> Administrators

If the owner has changed to Administrators on the 1.5 screen described above, the procedure you have performed is successful.

2. Add Administrators to the group name or user name

It is similar to the procedure in the previous section, so don't confuse it.

This procedure adds Administators as a group that can access {15C20B67-12E7-4BB6-92BB-7AFF07997402}.

If you are in an environment where Administrators exist, skip this step.
  1. Click "Add" on the Security tab
  2. Click "Advanced" on the transition screen
  3. Click "Search" on the transition screen
  4. Click “Administrators” from the search result list on the transition screen to select it
  5. Click “OK”
  6. Verify that Administrators have been added to the group name or user name

3. Set to full control

  1. Select Administrators by Group Name or User Name
  2. Permission full control 許可 Check Allow
  3. Click OK
Administrators: Full Control

4. Start Component Services
W10> Start Menu> Windows Management Tools> Component Services

This procedure uses component services.

Component services can be started in any of the following ways:

  • Launch Run and enter dcomcnfg for the name and click OK
  • W10> Start menu> Windows Management Tools> Transition to Component Services

Please read the following article if you need detailed explanations.

5. Add Users to Launch and Activation Permissions

5.1 Search for application ID

The APPID is visually searched from the “Application ID” column displayed in the right pane when DCOM configuration is selected. There is no search function.

Console Root 
∨ Component Services 
 ∨ Computer 
  ∨ My Computer 
   構成DCOM Configuration
DCOM configuration

Change the display mode to "Details" and look for {15C20B67-12E7-4BB6-92BB-7AFF07997402} in the Application ID column.

The name is RuntimeBroker.
There are two RuntimeBroker, so don't make a mistake.

Application ID and Name
APPID NameAPPID
RuntimeBroker{15C20B67-12E7-4BB6-92BB-7AFF07997402}

5.2 Add Users to RuntimeBroker {15C20B67-12E7-4BB6-92BB-7AFF07997402}

5.2.1
RuntimeBroker {15C20B67-12E7-4BB6-92BB-7AFF07997402}> Right click> Properties
RuntimeBroker: Property
5.2.2
Security tab> Launch and Activation Permissions> Edit

Launch and Activation Permissions> Edit

Select "Delete" if Windows security is displayed.
Windows security

One or more of the permission entries attached to the Registry Value can not be displayed due to unrecognized or application-specific (callback) types.

-Click Remove to remove unrecognized and callback permissions entries. Please note that inherited permission entries are not deleted. The reason is that you can delete only at the level of the corresponding parent, or you can disable inheritance on this object.

-Click Cancel to view only the recognized permission entries as read-only, without changing the permissions.

5.2.3
Add> Advanced> Search

Click Search from the dialog that appears with Add> Advanced> Advanced. Click OK while selecting Users from the search results list .

Search result> OK
5.2.4
User or group selection

Confirm that "Users" has been added under "Please enter the object name to be selected" and click OK .

User or group selection
5.2.5
Launch and Activation Permissions

With Users selected, check “Activate from local” under “Permission” and click OK. Click OK (or OK after application) to transition to the RuntimeBroker property screen.
Users

6. Revert owner

Return the owner of AppID\{15C20B67-12E7-4BB6-92BB-7AFF07997402} to TrustedInstaller.

Since TrustedInstaller does not hit even if it searches, it inputs directly.
The values ​​to be entered are as follows.

Input valueNT SERVICE\TrustedInstaller

7. End of procedure

This is the end of the procedure.

Restart your computer and check the event viewer.
If the message is no longer logged, the procedure is successful.

Afterword

2019/03/26

I found a software called ExecTI that can start component services with a TrustedInstaller account.

ExecTI is software created by the same development team as Winaero Tweaker, a tool for adjusting Windows system settings.

When you start component service from ExecTI, you will log in to the PC with a TrustedInstaller account and start component service, so the owner will bother to match with the owner of AppID\{15C20B67-12E7-4BB6-92BB-7AFF07997402}. You do not have to change to Administrators.

More than half of the long steps in the previous section will be unnecessary. At the same time, you can reduce the risk by not using Registry Editor.

Therefore, we recommend RuntimeBroker Plan-B, the repair procedure using ExecTI.

Read related articles for information on ExecTI, Winaero Tweaker.



end
次の投稿 前の投稿 ホーム

0 件のコメント:

コメントを投稿

にゃんつくばっと