Categories
Windows

Windows 10 Event 10016 Fix: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user

Ran into a lot of DCOM (DistributedCOM) errors on Windows 10 machines after upgrades.  Looks like the TrustedInstaller from a previous application and the RunTime Broker did not give System and Local Administrators permission during a Windows 10 upgrade.  It just an annoying thing but also slows down a windows 10 Login.

The Error

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

and APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Background

It would appear that an Apple application was installed on these machines at some point and that it did not do a proper install.  The W10 upgrade exacerbated the issue due to missing security accounts after a W10 upgrade.  The fix is to give local administrators and System rights to the DCOM.  To do this you have to modify premissions on two registry keys and then change the DCOM premissions.  Pretty easy to do.

FIX

Regedit Take Ownership

You will need to take ownership then set rights against two different keys.  The keys are:

HKEY_CLASSES_ROOT\AppID\{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}

HKEY_CLASSES_ROOT\CLSID\{D63B10C5-BB46-4990-A94F-E40B9D520160}

  1. Open Regedit with Administrators privileges and navigate to the keys above (remember you have to do this twice)
    1. WinKey + X >> Command Prompt (Admin) >> Type in Regedit
  2. Right click the key >> permissions
  3. Click advanced
  4. At the top change the Owner to COMPUTERNAME\Administrators
    1. Please note if you are domain joined you’ll have to change where you are searching from to your local computer
  5. Look in the Permission Entries field
    1. If the local system administrators group is listed ensure it has full control
    1. if the administrators group is not listed add it and give it full control.  (note you can only do this if you are a member of the administrators group and it is now the owner)
  6. Click okay a lot >> Ensure you apply permissions to all child objects

Change DCOM Permissions

Need to ensure DCOM permissions are setup

  1. Open DCOMCNFG as an Administrator
    1. WinKey + X >> Command Prompt (Admin) >> Type in DCOMCNFG
  2. Navigate to Component Services >> Computers >> My Computer >> DCOM Config
  3. Find the RunTimeBroker  >> Right Click >> Properties >> SecurityTab
  4. Launch and Activation Permissions >> Edit >> Add System and give it full control
    1. I also added the Administrators group just for testing

While changing permissions I was prompted several times to remove bad account references.  I did this as the computer knows which accounts have been removed.

Summary

At this point you should have sorted the DCOM errors.  Give your computer a reboot and away you can go.