Sharepoint 2010 Event Id 10016 Everytime A document is Open from the Shared Documents Site

Windows 2012 R2 Server 64 Bit
IIS 8.5
SharePoint 2010 SP2 FARM 64 Bit

When ever I open a document from shared documents page I get this error

Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Date:          6/25/2015 11:45:20 AM
Event ID:      10016
Task Category: None
Level:         Error
Keywords:      Classic
User:          MYDOM\spfarm
Computer:      SERV013.FQDN.com
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user MYDOM\spfarm SID (S-1-5-21-3054588571-1341459584-784128302-3142) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
    <EventID Qualifiers="0">10016</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-25T15:45:20.319086700Z" />
    <EventRecordID>25657</EventRecordID>
    <Correlation />
    <Execution ProcessID="620" ThreadID="10848" />
    <Channel>System</Channel>
    <Computer>SERV013.FQDN.com</Computer>
    <Security UserID="S-1-5-21-3054588571-1341459584-784128302-3142" />
  </System>
  <EventData>
    <Data Name="param1">application-specific</Data>
    <Data Name="param2">Local</Data>
    <Data Name="param3">Activation</Data>
    <Data Name="param4">{8BC3F05E-D86B-11D0-A075-00C04FB68820}</Data>
    <Data Name="param5">{8BC3F05E-D86B-11D0-A075-00C04FB68820}</Data>
    <Data Name="param6">MYDOM</Data>
    <Data Name="param7">spfarm</Data>
    <Data Name="param8">S-1-5-21-3054588571-1341459584-784128302-3142</Data>
    <Data Name="param9">LocalHost (Using LRPC)</Data>
    <Data Name="param10">Unavailable</Data>
    <Data Name="param11">Unavailable</Data>
  </EventData>
</Event>

I went into the registry and found
“[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}]”
Changed Owner to administrators on the Windws 2012 server

Then opened Component Services on the Windows 2012 Server
Expand Computers
Expand My Computer
Highlighted DCOM on toolbar clicked details
Found 8BC3F05E-D86B-11D0-A075-00C04FB68820
changed permissions to add mydom/spfarm  with "Local Activation permissions



Still getting this error

Thoughts?

Thanks

Tom
LVL 23
Thomas GrassiSystems AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

colly92002Commented:
Hi There, this seems to be a commom fault where the server has not got the correct privilege  to run WMI, it could also be a client or firewall issue.

Have a look at these resources for more info:
http://blogs.msdn.com/b/distributedservices/archive/2009/01/21/dcom-error-10010-in-the-event-logs-and-sluggish-server-performance.aspx

https://social.technet.microsoft.com/Forums/en-US/96572b96-18a6-4d0c-a722-075e4bf0e8b0/dcom-error-event-10006?forum=smallbusinessserver

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Thomas GrassiSystems AdministratorAuthor Commented:
Colly92002

Thanks for responding

It is strange that I can open the document read only or for update with no problem just why the dcom error

So in
http://blogs.msdn.com/b/distributedservices/archive/2009/01/21/dcom-error-10010-in-the-event-logs-and-sluggish-server-performance.aspx

I added the domain users group with read access to HKCR\CLSID permissions
Restarted the server

Same error

Then in
https://social.technet.microsoft.com/Forums/en-US/96572b96-18a6-4d0c-a722-075e4bf0e8b0/dcom-error-event-10006?forum=smallbusinessserver

I tried this
The problem is that the server wants to activate the WMI on the remote computer but cant. The solution in this case is to allow WMI activation/access on the machine's firewall.

use the following command:

On Win7
 netsh advfirewall firewall set rule group="Windows Remote Management" new enable=yes


My Windows 7 Pro applied the firewall settings

Opened a shared document  and on the server I got the same error Dcom again.

Thoughts?
colly92002Commented:
Try the steps described in here:
https://support.microsoft.com/en-us/kb/899965

Appologies for the links, I've not seen this issue on a SharePoint farm before so I'm having to to search around for possible answers.  I notice you are running Windows 2012 R2 Server 64 Bit, is this fully patched and SharePoint fully patch with all CUs?
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

Thomas GrassiSystems AdministratorAuthor Commented:
Colly92002

Yes I run WSUS and my Servers and software get updated regularly

Now to the article above  That is for XP long gone.

But the first part I already did which I posted in my first posting of this question.


Only  thing I changed was adding Remote Launch and Remote Activation for user "spfarm"

The second part of that article not clear at all or does not match since this is Windows 2012 Server.

Where do I need to grant Network Services to?
martushaProduct managerCommented:
Hi,

1. Open the Component Services tool: Start > Run > dcomcnfg.exe
2. Navigate the Component Services tree: Computers > My Computer > DCOM Config.
3. At the Services list, scroll to IIS WAMREG Admin Service: Here you will see the GUID (Application ID) as referenced in the error message.
4. Properties ->Security tab -> make sure the Customize radio button is selected and then click the Edit button.
5. Click the Add button, and then set the Location to the Local Machine. Then add the groups WSS_WPG and WSS_ADMIN_WPG -> OK
6. Click the Add button, and then set the Location to the Domain. Then add the application pool accounts (perhaps you already added spfarm there).
7. After adding the users you need to make sure they all have Local Activation privileges.
8. This process needs to be completed for each web front end server, if you have more then one.
Thomas GrassiSystems AdministratorAuthor Commented:
Martusha

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
 {8BC3F05E-D86B-11D0-A075-00C04FB68820}
  and APPID
 {8BC3F05E-D86B-11D0-A075-00C04FB68820}
  to the user MYDOM\spfarm SID (S-1-5-21-3054588571-1341459584-784128302-3142)


The CLISD is Windows Management and Instrumentation  it is not IIS WAMREG Admin Service

I added WSS_WPG and WSS_ADMIN_WPG groups to 8BC3F05E-D86B-11D0-A075-00C04FB68820
Windows Management and Instrumentation  

Still same error 10016


So next I tried to do the same to IIS WAMREG Admin Service
But the Security Tab is greyed out

I went into the registry found IIS WAMREG Admin  {61738644-F196-11D0-9953-00C04FD919C1}
I changed the ownership to the local administrators group
hit apply and hit OK

Still greyed out

That was the same procedure I did for the other Component Services

Is IIS WAMREG Admin the one I need to add WSS_WPG and WSS_ADMIN_WPG groups too?

If so how do I do that with the security tabs being greyed out

Thoughts

Note is there a document that shows you all the SharePoint security setup step by step?
Thomas GrassiSystems AdministratorAuthor Commented:
Guys

Still getting 10016 errors

I opened this up the other day

http://www.experts-exchange.com/questions/28693717/Windows-2012-DCOMCNFG-Service-Greyed-Out.html

He suggested that I add the groups to the high level My Computer in Dcom

I did that and still get the errors

So not being able to modify the IIS Admin Service with WSS groups is the problem

How do we get this fixed?
Thomas GrassiSystems AdministratorAuthor Commented:
Martusha

Finally got  WSS_WPG and WSS_ADMIN_WPG added to IIS Admin Service
Also added SPFARM

All have
Local Lunch
Local Activation


After adding them and hitting apply and OK

I am still getting same 10016 error

Do I need to restart IIS? SharePoint Services? Server?

Thoughts
Thomas GrassiSystems AdministratorAuthor Commented:
Update

Just tried  IISRESET /noforce

Still getting the 10016 error


Thoughts?
martushaProduct managerCommented:
Hi Thomas!

Do you get the same error with the same APPID?
Thomas GrassiSystems AdministratorAuthor Commented:
Martusha

not sure what you mean by

Do you get the same error with the same APPID?

Please explain further
martushaProduct managerCommented:
this ID: 8BC3F05E-D86B-11D0-A075-00C04FB68820. Is it the same now?

Description:
 The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
 {8BC3F05E-D86B-11D0-A075-00C04FB68820}
  and APPID
 {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Thomas GrassiSystems AdministratorAuthor Commented:
Martusha

this ID: 8BC3F05E-D86B-11D0-A075-00C04FB68820. Is it the same now?

Yes every time exact same appid

and as you can see above I was able to get the dcom entries updated

Could there be another place to do this?
martushaProduct managerCommented:
How much sharepoint servers is in your farm? maybe you need to add permissions on each SP servers
Thomas GrassiSystems AdministratorAuthor Commented:
Martusha

I only have one Server running SharePoint 2010
martushaProduct managerCommented:
Did you reboot server after changing permissions? If no, you should do that.
Thomas GrassiSystems AdministratorAuthor Commented:
No I have not restarted the server
Only did an iisrestart / noforce

I can try that later today
martushaProduct managerCommented:
OK, please try to restart first and then we will see if ths error remains.
Thomas GrassiSystems AdministratorAuthor Commented:
Martusha,

Just restarted the server.

After waiting a few minutes I tried opening a shared document

Exact same error

This is a strange one

What else can we check?

Thanks
martushaProduct managerCommented:
Really strange. Let me think.
martushaProduct managerCommented:
Maybe you have an antivirus installed? Check firewall, maybe there are some issues. Clear checkmarks for local area connections.
martushaProduct managerCommented:
Also maybe you need to adjust the remote launch permissions as well, because there is a farm.
Thomas GrassiSystems AdministratorAuthor Commented:
Martusha

Maybe you have an antivirus installed?     No antivirus

Check firewall, maybe there are some issues Firewall where on the SharePoint server or on the computer trying to open the shared document? If it was a firewall issue then I would not even be able to access the site or even open the document.  Remember I can open the document.

Clear checkmarks for local area connections. Where do you mean to do this?


Also maybe you need to adjust the remote launch permissions as well On which one?

because there is a farm  I only have one Server running SharePoint and it is setup in Farm mode.


Note:

Yesterday I went to another computer on the network a Windows Vista computer it is 32 bit using IE 9
I went to Shared Documents and opened the same document I have been testing with and it opened it ok and no event id 10016  All my other computers have IE 11    

Thoughts?
martushaProduct managerCommented:
In Component Services find that service by ID and give spfarm remote launch permissions (you did this with local launch).
Thomas GrassiSystems AdministratorAuthor Commented:
Martusha

spfarm has
Local Launch
Remote Launch
Local Activation
Remote Activation

All are selected

That is on the Windows Management and Instrumentation  in Component Services
this ID: 8BC3F05E-D86B-11D0-A075-00C04FB68820

Thoughts
martushaProduct managerCommented:
In services console restart windows management instrumentation. I'm no sure if it helps, but just try.
Thomas GrassiSystems AdministratorAuthor Commented:
Martusha

restarted the services

Same results  

this is very strange but I know we will get it working.

Thoughts
martushaProduct managerCommented:
Could you also check what permission added for Authenticated Users on the Windows Management and Instrumentation  in Component Services -> should be local launch, local activation and remote activation.
Thomas GrassiSystems AdministratorAuthor Commented:
Martusha

yes Authenticated Users have
local launch
local activation
remote activation

should we add Remote launch

Thoughts
martushaProduct managerCommented:
No, I don't think we need that.

Could you check windows firewall rules on server. check the inbound and outbound rues for all windows management instrumentation related rules are disabled.
Thomas GrassiSystems AdministratorAuthor Commented:
Martusha

In Firewall inbound

Windows Management Instrumentation (Async-In)    Disabled
Windows Management Instrumentation (DCOM-IN)  Disabled
Windows Management Instrumentation (WMI-IN) Disabled

In firewall Outbound
Windows Management Instrumentation (WMI-IN) Disabled


Same on my computer also  all disabled

Thoughts
martushaProduct managerCommented:
Could you check again the event info, maybe now it is related to different user, not spfarm?
Thomas GrassiSystems AdministratorAuthor Commented:
Martusha

good thought

The error message is the exact same error every time no variation at all

we have authenticated users in there what else can we be missing here?
Thomas GrassiSystems AdministratorAuthor Commented:
Martusha

I checked this

Windows Services
Windows Management Instrumentation Service
Automatic and running
Logon as Local System

Component Services
Windows Management Instrumentation
this ID: 8BC3F05E-D86B-11D0-A075-00C04FB68820

Security
Launch and Activation Permissions
Customize

Authenticated Users                            Local Launch Local Activation Remote Activation
Network Service                                    Local Launch Remote Launch Local Activation Remote Activation
WSS_ADMIN_WPG (local group)         Local Launch Remote Launch Local Activation Remote Activation
WSS_WPG (local group)                       Local Launch Remote Launch Local Activation Remote Activation
SPFARM                                                  Local Launch Remote Launch Local Activation Remote Activation
SPMYSITE                                                Local Launch Remote Launch Local Activation Remote Activation
Administrators (local group)               Local Launch Remote Launch Local Activation Remote Activation


HTH
martushaProduct managerCommented:
Thomas,

It is really strange... Seems everything should be ok. This error could be safely ignored, but it floods event logs.

Could you check in IIS -> application pools, what account is running the application pool of your sharepoint site where those documents are located. And add this account to security permissions of WMI in component services.
Also give Remote launch to authenticated users (do not think it will help, but just try).

I'm out of suggestions for now. :(
Thomas GrassiSystems AdministratorAuthor Commented:
no luck

yes the event log is flooded with these errors.

What am I missing here this is driving me crazy.

I see one application pool entry named

SharePoint Web Services Root  which is using an identity of LocalService

Where my site SharePoint - 80 is using an identity of mydom\spfarm


see attached

Thoughts
sharepoint-app-pool.png
colly92002Commented:
Try this from MS support:
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows%20Operating%20System&ProdVer=5.2&EvtID=10016&EvtSrc=DCOM&LCID=1033

For reference the steps are:
    Using Regedit, navigate to the following registry value:    HKCR\Clsid\clsid value\localserver32
    The clsid value is the information displayed in the message.
    In the right pane, double-click Default. The Edit String dialog box is displayed. Leave this dialog box open.
    Click Start, and then click Control Panel.
    Double-click Administrative Tools, and then double-click Component Services.
    In the Component Services snap-in, expand Computers, expand My Computer, and double-click DCOM Config.
    In the right pane, locate the program by using its friendly name.
    Right-click the program name, and then select Properties.
    On the Security tab, in the Launch and Activation Permissions group box, select Customize, and then click Edit.
Thomas GrassiSystems AdministratorAuthor Commented:
Colly

Yes in regedit I found
hkey_classes_root\clsid\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
on key Default in Edit string  Value name Default, value data is Windows Management and Instrumentation

This is the one I have been adding the users to all along in Dcomcnfg

I understand how to find that I dont understand what accounts this error really needs
the event error show domain\spfarm so you would think that is the one but I have added a few and still get the error
authenticated users should cover all the domain user accounts

I saw in AD i have local service and found it on the local server users and groups
that is the only one left that I found in the application pool entries that I do not have in dcomcnfg

So the real question here is what accounts are needed in Windows Management and Instrumentation to stop this error

Thoughts
colly92002Commented:
Try creating a new web app in CA, create a site collection and site, put a new document in the shared folder, and see if you still get the error.  

Also might be worth considering restarting your DC (is this also 2012?).

If you are still getting the error then I'm all out of ideas :(   Might be worth opening a MS support ticket as this smells of a bug.
Thomas GrassiSystems AdministratorAuthor Commented:
Colly

Just resrted my DC's last night
Also restarted this server last night
All the above are Windows 2012

I can not figure out why I always uncover bugs you would think this has been seen before

I could introduce more issue if I create another site example I have another site already mysite.mydom.com but that one is giving me cannot load user profile
see this http://www.experts-exchange.com/questions/28695390/Sharepoint-2010-Could-not-load-user-profile.html

It was working then all of a sudden it stopped they were thinking a sync problem but my sync is running fine

can you take a look at that one ?
if we get that working then we can try a document from that site

Thanks
Thomas GrassiSystems AdministratorAuthor Commented:
Update

1. still happening every time user opens shared document

2. I have one machine that it works on, why would that be?

                                only one of the many
Thomas GrassiSystems AdministratorAuthor Commented:
Ok

Today created new site new collection site

Added a shared document

opened the document got same error 10016

We are missing something here

Error is the same every time no matter which site I try.
Mohit NairSenior AssociateCommented:
Thomas GrassiSystems AdministratorAuthor Commented:
Mohit

Which CLID are you asking about?

I changed these

Windows Management and Instrumentation
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

IIS WAMREG Admin
{61738644-F196-11D0-9953-00C04FD919C1}

IIS Admin Service
{A9E69610-B80D-11D0-B9B9-00A0C922E750}


Using dcomcnfg add SPFARM account, WSS_ADMIN_WPG and  WSS_WPG groups Local Launch and Local Activation permissions

Still getting the exact same event error 10016
martushaProduct managerCommented:
Hi Tom!
I thought maybe you need to install last CU or SP for your sharepoint?

Ps: I'm now on vacation and have limited interet access.
Thomas GrassiSystems AdministratorAuthor Commented:
Martusha

Enjoy your vacation.

My SharePoint is running Service Pack 2 which as far as I know is the latest release

I found Kb3054961 which I will apply  and possibly kb2687446

Will post results after I apply the above two
Thomas GrassiSystems AdministratorAuthor Commented:
Martusha

Found some more CU updates will apply and update status later today.
Thomas GrassiSystems AdministratorAuthor Commented:
To all

No change after applying some of the updates not all are needed.

Anyone have any ideas

This is very strange
Thomas GrassiSystems AdministratorAuthor Commented:
Just applied KB3054975  CU July 2015

No change same Error 10016
Thomas GrassiSystems AdministratorAuthor Commented:
I just ran the SharePoint 2010 Products Configuration Wizard to success steps 10 of 10

Still getting this error 10016


Thoughts
Thomas GrassiSystems AdministratorAuthor Commented:
Closing this out as unsolved but still awarding point because of the good effort.

I decided to Completed rebuild the Farm from the beginning.

Hopefully this will help

Thanks for all your help
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SharePoint

From novice to tech pro — start learning today.