Link to home
Start Free TrialLog in
Avatar of Member_2_6492660_1
Member_2_6492660_1Flag for United States of America

asked on

Sharepoint 2010 Event Id 10016 Everytime A document is Open from the Shared Documents Site

Windows 2012 R2 Server 64 Bit
IIS 8.5
SharePoint 2010 SP2 FARM 64 Bit

When ever I open a document from shared documents page I get this error

Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Date:          6/25/2015 11:45:20 AM
Event ID:      10016
Task Category: None
Level:         Error
Keywords:      Classic
User:          MYDOM\spfarm
Computer:      SERV013.FQDN.com
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user MYDOM\spfarm SID (S-1-5-21-3054588571-1341459584-784128302-3142) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
    <EventID Qualifiers="0">10016</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-25T15:45:20.319086700Z" />
    <EventRecordID>25657</EventRecordID>
    <Correlation />
    <Execution ProcessID="620" ThreadID="10848" />
    <Channel>System</Channel>
    <Computer>SERV013.FQDN.com</Computer>
    <Security UserID="S-1-5-21-3054588571-1341459584-784128302-3142" />
  </System>
  <EventData>
    <Data Name="param1">application-specific</Data>
    <Data Name="param2">Local</Data>
    <Data Name="param3">Activation</Data>
    <Data Name="param4">{8BC3F05E-D86B-11D0-A075-00C04FB68820}</Data>
    <Data Name="param5">{8BC3F05E-D86B-11D0-A075-00C04FB68820}</Data>
    <Data Name="param6">MYDOM</Data>
    <Data Name="param7">spfarm</Data>
    <Data Name="param8">S-1-5-21-3054588571-1341459584-784128302-3142</Data>
    <Data Name="param9">LocalHost (Using LRPC)</Data>
    <Data Name="param10">Unavailable</Data>
    <Data Name="param11">Unavailable</Data>
  </EventData>
</Event>

I went into the registry and found
“[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}]”
Changed Owner to administrators on the Windws 2012 server

Then opened Component Services on the Windows 2012 Server
Expand Computers
Expand My Computer
Highlighted DCOM on toolbar clicked details
Found 8BC3F05E-D86B-11D0-A075-00C04FB68820
changed permissions to add mydom/spfarm  with "Local Activation permissions



Still getting this error

Thoughts?

Thanks

Tom
ASKER CERTIFIED SOLUTION
Avatar of colly92002
colly92002
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Member_2_6492660_1

ASKER

Colly92002

Thanks for responding

It is strange that I can open the document read only or for update with no problem just why the dcom error

So in
http://blogs.msdn.com/b/distributedservices/archive/2009/01/21/dcom-error-10010-in-the-event-logs-and-sluggish-server-performance.aspx

I added the domain users group with read access to HKCR\CLSID permissions
Restarted the server

Same error

Then in
https://social.technet.microsoft.com/Forums/en-US/96572b96-18a6-4d0c-a722-075e4bf0e8b0/dcom-error-event-10006?forum=smallbusinessserver

I tried this
The problem is that the server wants to activate the WMI on the remote computer but cant. The solution in this case is to allow WMI activation/access on the machine's firewall.

use the following command:

On Win7
 netsh advfirewall firewall set rule group="Windows Remote Management" new enable=yes


My Windows 7 Pro applied the firewall settings

Opened a shared document  and on the server I got the same error Dcom again.

Thoughts?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Colly92002

Yes I run WSUS and my Servers and software get updated regularly

Now to the article above  That is for XP long gone.

But the first part I already did which I posted in my first posting of this question.


Only  thing I changed was adding Remote Launch and Remote Activation for user "spfarm"

The second part of that article not clear at all or does not match since this is Windows 2012 Server.

Where do I need to grant Network Services to?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Martusha

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
 {8BC3F05E-D86B-11D0-A075-00C04FB68820}
  and APPID
 {8BC3F05E-D86B-11D0-A075-00C04FB68820}
  to the user MYDOM\spfarm SID (S-1-5-21-3054588571-1341459584-784128302-3142)


The CLISD is Windows Management and Instrumentation  it is not IIS WAMREG Admin Service

I added WSS_WPG and WSS_ADMIN_WPG groups to 8BC3F05E-D86B-11D0-A075-00C04FB68820
Windows Management and Instrumentation  

Still same error 10016


So next I tried to do the same to IIS WAMREG Admin Service
But the Security Tab is greyed out

I went into the registry found IIS WAMREG Admin  {61738644-F196-11D0-9953-00C04FD919C1}
I changed the ownership to the local administrators group
hit apply and hit OK

Still greyed out

That was the same procedure I did for the other Component Services

Is IIS WAMREG Admin the one I need to add WSS_WPG and WSS_ADMIN_WPG groups too?

If so how do I do that with the security tabs being greyed out

Thoughts

Note is there a document that shows you all the SharePoint security setup step by step?
Guys

Still getting 10016 errors

I opened this up the other day

https://www.experts-exchange.com/questions/28693717/Windows-2012-DCOMCNFG-Service-Greyed-Out.html

He suggested that I add the groups to the high level My Computer in Dcom

I did that and still get the errors

So not being able to modify the IIS Admin Service with WSS groups is the problem

How do we get this fixed?
Martusha

Finally got  WSS_WPG and WSS_ADMIN_WPG added to IIS Admin Service
Also added SPFARM

All have
Local Lunch
Local Activation


After adding them and hitting apply and OK

I am still getting same 10016 error

Do I need to restart IIS? SharePoint Services? Server?

Thoughts
Update

Just tried  IISRESET /noforce

Still getting the 10016 error


Thoughts?
Hi Thomas!

Do you get the same error with the same APPID?
Martusha

not sure what you mean by

Do you get the same error with the same APPID?

Please explain further
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Martusha

this ID: 8BC3F05E-D86B-11D0-A075-00C04FB68820. Is it the same now?

Yes every time exact same appid

and as you can see above I was able to get the dcom entries updated

Could there be another place to do this?
How much sharepoint servers is in your farm? maybe you need to add permissions on each SP servers
Martusha

I only have one Server running SharePoint 2010
Did you reboot server after changing permissions? If no, you should do that.
No I have not restarted the server
Only did an iisrestart / noforce

I can try that later today
OK, please try to restart first and then we will see if ths error remains.
Martusha,

Just restarted the server.

After waiting a few minutes I tried opening a shared document

Exact same error

This is a strange one

What else can we check?

Thanks
Really strange. Let me think.
Maybe you have an antivirus installed? Check firewall, maybe there are some issues. Clear checkmarks for local area connections.
Also maybe you need to adjust the remote launch permissions as well, because there is a farm.
Martusha

Maybe you have an antivirus installed?     No antivirus

Check firewall, maybe there are some issues Firewall where on the SharePoint server or on the computer trying to open the shared document? If it was a firewall issue then I would not even be able to access the site or even open the document.  Remember I can open the document.

Clear checkmarks for local area connections. Where do you mean to do this?


Also maybe you need to adjust the remote launch permissions as well On which one?

because there is a farm  I only have one Server running SharePoint and it is setup in Farm mode.


Note:

Yesterday I went to another computer on the network a Windows Vista computer it is 32 bit using IE 9
I went to Shared Documents and opened the same document I have been testing with and it opened it ok and no event id 10016  All my other computers have IE 11    

Thoughts?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Martusha

spfarm has
Local Launch
Remote Launch
Local Activation
Remote Activation

All are selected

That is on the Windows Management and Instrumentation  in Component Services
this ID: 8BC3F05E-D86B-11D0-A075-00C04FB68820

Thoughts
In services console restart windows management instrumentation. I'm no sure if it helps, but just try.
Martusha

restarted the services

Same results  

this is very strange but I know we will get it working.

Thoughts
Could you also check what permission added for Authenticated Users on the Windows Management and Instrumentation  in Component Services -> should be local launch, local activation and remote activation.
Martusha

yes Authenticated Users have
local launch
local activation
remote activation

should we add Remote launch

Thoughts
No, I don't think we need that.

Could you check windows firewall rules on server. check the inbound and outbound rues for all windows management instrumentation related rules are disabled.
Martusha

In Firewall inbound

Windows Management Instrumentation (Async-In)    Disabled
Windows Management Instrumentation (DCOM-IN)  Disabled
Windows Management Instrumentation (WMI-IN) Disabled

In firewall Outbound
Windows Management Instrumentation (WMI-IN) Disabled


Same on my computer also  all disabled

Thoughts
Could you check again the event info, maybe now it is related to different user, not spfarm?
Martusha

good thought

The error message is the exact same error every time no variation at all

we have authenticated users in there what else can we be missing here?
Martusha

I checked this

Windows Services
Windows Management Instrumentation Service
Automatic and running
Logon as Local System

Component Services
Windows Management Instrumentation
this ID: 8BC3F05E-D86B-11D0-A075-00C04FB68820

Security
Launch and Activation Permissions
Customize

Authenticated Users                            Local Launch Local Activation Remote Activation
Network Service                                    Local Launch Remote Launch Local Activation Remote Activation
WSS_ADMIN_WPG (local group)         Local Launch Remote Launch Local Activation Remote Activation
WSS_WPG (local group)                       Local Launch Remote Launch Local Activation Remote Activation
SPFARM                                                  Local Launch Remote Launch Local Activation Remote Activation
SPMYSITE                                                Local Launch Remote Launch Local Activation Remote Activation
Administrators (local group)               Local Launch Remote Launch Local Activation Remote Activation


HTH
Thomas,

It is really strange... Seems everything should be ok. This error could be safely ignored, but it floods event logs.

Could you check in IIS -> application pools, what account is running the application pool of your sharepoint site where those documents are located. And add this account to security permissions of WMI in component services.
Also give Remote launch to authenticated users (do not think it will help, but just try).

I'm out of suggestions for now. :(
no luck

yes the event log is flooded with these errors.

What am I missing here this is driving me crazy.

I see one application pool entry named

SharePoint Web Services Root  which is using an identity of LocalService

Where my site SharePoint - 80 is using an identity of mydom\spfarm


see attached

Thoughts
sharepoint-app-pool.png
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Colly

Yes in regedit I found
hkey_classes_root\clsid\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
on key Default in Edit string  Value name Default, value data is Windows Management and Instrumentation

This is the one I have been adding the users to all along in Dcomcnfg

I understand how to find that I dont understand what accounts this error really needs
the event error show domain\spfarm so you would think that is the one but I have added a few and still get the error
authenticated users should cover all the domain user accounts

I saw in AD i have local service and found it on the local server users and groups
that is the only one left that I found in the application pool entries that I do not have in dcomcnfg

So the real question here is what accounts are needed in Windows Management and Instrumentation to stop this error

Thoughts
Try creating a new web app in CA, create a site collection and site, put a new document in the shared folder, and see if you still get the error.  

Also might be worth considering restarting your DC (is this also 2012?).

If you are still getting the error then I'm all out of ideas :(   Might be worth opening a MS support ticket as this smells of a bug.
Colly

Just resrted my DC's last night
Also restarted this server last night
All the above are Windows 2012

I can not figure out why I always uncover bugs you would think this has been seen before

I could introduce more issue if I create another site example I have another site already mysite.mydom.com but that one is giving me cannot load user profile
see this https://www.experts-exchange.com/questions/28695390/Sharepoint-2010-Could-not-load-user-profile.html

It was working then all of a sudden it stopped they were thinking a sync problem but my sync is running fine

can you take a look at that one ?
if we get that working then we can try a document from that site

Thanks
Update

1. still happening every time user opens shared document

2. I have one machine that it works on, why would that be?

                                only one of the many
Ok

Today created new site new collection site

Added a shared document

opened the document got same error 10016

We are missing something here

Error is the same every time no matter which site I try.
SOLUTION
Avatar of Mohit Nair
Mohit Nair
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Mohit

Which CLID are you asking about?

I changed these

Windows Management and Instrumentation
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

IIS WAMREG Admin
{61738644-F196-11D0-9953-00C04FD919C1}

IIS Admin Service
{A9E69610-B80D-11D0-B9B9-00A0C922E750}


Using dcomcnfg add SPFARM account, WSS_ADMIN_WPG and  WSS_WPG groups Local Launch and Local Activation permissions

Still getting the exact same event error 10016
Hi Tom!
I thought maybe you need to install last CU or SP for your sharepoint?

Ps: I'm now on vacation and have limited interet access.
Martusha

Enjoy your vacation.

My SharePoint is running Service Pack 2 which as far as I know is the latest release

I found Kb3054961 which I will apply  and possibly kb2687446

Will post results after I apply the above two
Martusha

Found some more CU updates will apply and update status later today.
To all

No change after applying some of the updates not all are needed.

Anyone have any ideas

This is very strange
Just applied KB3054975  CU July 2015

No change same Error 10016
I just ran the SharePoint 2010 Products Configuration Wizard to success steps 10 of 10

Still getting this error 10016


Thoughts
Closing this out as unsolved but still awarding point because of the good effort.

I decided to Completed rebuild the Farm from the beginning.

Hopefully this will help

Thanks for all your help