en[EVENT10016] ShellServiceHost, LOCAL SERVICE

このサイトを検索 | Search this site

,Japan

Regarding event ID10016, we will share the repair procedure.

The outline of the log is as shown at the beginning.
See the next section for details on the log.

This log is

Notifies that the Windows built-in account LOCAL SERVICE cannot access the DCOM component ShellServiceHost.

ShellServiceHost is APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} in the event log.

[Tools used]

ExecTI
Component services

Note that Microsoft recommends "ignoring" because fixing DCOM errors can have side effects.

Please read the postscript for the source.

Event Log

Event Log
message	CLSID for application-specific permission settings {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} And APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} Local Activation permission for the COM server application to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) at the address LocalHost (using LRPC) running on the application container unavailable SID (unavailable) Can not give. This security permission can be changed using the Component Services administration tool.
Log name	system
Source	DistributedCOM (DCOM)
Event ID	10016
level	error
user	LOCAL SERVICE
APPID	{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
APPID name	ShellServiceHost

Repair procedure

Notes

When performing the repair procedure,

Log in to Windows using an account with administrator privileges.
* Administrator (built-in account without s)

You can check if your account has administrative privileges in Computer Management.

Administrators account that is a member of the group is the account that has administrator privileges.

Please read the related article at the end for more information.

This section uses two tools.

ExecTI
Component services

ExecTI is used to launch component services with TrustedInstaller privileges. It is released as free software.

[Procedure Summary]

Launch ExecTI
Start component services
Display properties of ShellServiceHost
Add [LOCAL SERVICE]
Change permissions for LOCAL SERVICE
Restart your PC
End of procedure

1. Launch ExecTI

ExecTI is published on Winaero.com.

[Download ExecTI-Launch]

Access Winaero.com
Download ExecTI.zip (compressed file)
Unzip to any location
Double-click ExecTI.exe

Please read the related article for detailed instructions.

External link

ExecTI | winaero.com

Download and use of ExecTI: Scrap 2nd.

2. Start the component service

In this procedure, component services started from the start menu cannot be used.

Start the component service from ExecTI.

The command used is [comexp.msc].

Enter comexp.msc in the box next to Open and click OK .

The appearance of the component service is the same as that normally started, so it is indistinguishable, but since it is started with TrustedInstaller privileges, you can change settings that can not be handled normally, so please be careful with the operation.

3. Display the properties of ShellServiceHost

Application ID and name
Application ID name	ShellServiceHost
APPID	{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}

APPID is described as "Application ID" in Component Services.

Open "DCOM Configuration" from Component Services.

Console Root> Component Services> Computer> My Computer> DCOM Configuration

There is no search function.

Select DCOM configuration
Look for {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} from the Application ID column in the right pane
Right-click ShellServiceHost to show properties

4. Add [LOCAL SERVICE]

Open the edit screen for "Launch and Activation Permissions".

Security> Launch and Activation Permissions: Customize> Edit

Display the search screen.

Add> Advanced> Search

Select LOCAL SERVICE from the search results and click OK .

(Add button)

(Search results: LOCAL SERVICE)

5. Change LOCAL SERVICE permissions

Perform the following steps:

Point to LOCAL SERVICE to select
Check [Activate Locally] in the permission box and click OK .

6. Restart your PC

After restarting the PC, wait about 5 minutes before checking the event viewer.

When the PC boots, various processes are running in the background, so it is recommended that you wait until it stabilizes.

If logging stops, the procedure is successful.

Afterword

You can use a registry editor instead of ExecTI.

[Tool used]

Registry editor
Component services

The advantage is that you do not need to install ExecTI.

The disadvantages are

In the worst case, Windows will not start because the risk of incorrect operation of the registry editor increases.

I wrote the procedure in another article, so please read the related article at the end of the sentence.

About DCOM errors

Microsoft suggests that DCOM errors are the result of Windows working as designed and should be ignored.

And

Repairing DCOM errors may cause unexpected side effects.

DCOM event ID 10016 is logged on Windows

These 10016 events are logged when a Microsoft component attempts to access a DCOM component without the required permissions. In this case, this behavior is as specified.
~
These events can be ignored because they are designed to not adversely affect functionality. This is the recommended action for these events.
~
To work around this problem, change the permissions on the DCOM component so that it does not log this error. However, these errors are not recommended, even if they do not adversely affect functionality, because changing permissions can have unexpected side effects.
support.microsoft.com

External link

Verification: Windows 10 Pro November 2019 Update, v1909.18363.535

SC2