Fix Event 10016 on {C2F03A33-21F5-47FA-B4BB-156362A2F239}

In an attempt to clear my event log, I came across error event 10016 for {C2F03A33-21F5-47FA-B4BB-156362A2F239}:

The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY \ LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool

Normally I ignore error 10016 in my event viewer. But there were so many of them this time that I decided to correct the error messages anyway.
In this post, I explain how you can solve this problem. I attempt to describe this as easily as possible. All instructions are straightforward. Sometimes with a screenshot to clarify.

Introduction to resolve event 10016

In this guide, the only requirement is an Administrator account.
This is the high-level planning:

  • Take ownership on the CLSID in the Registry Editor
  • Set permissions on the CLSID in the Registry Editor
  • Take ownership on the APPID in the Registry Editor
  • Set permissions on the APPID in the Registry Editor
  • Putting Launch and Activation Permissions into Component Services administrative tool (DCOM)

No worries if this is unclear. Follow the steps below and you’ll be fine 🙂

Step 1

Make sure you are logged in as an Administrator. To check if your account has Administrator rights,

  1. Press Start (Windows logo) ->
  2. Select your Account photo ->
  3. Select Change account settings.
  4. You will see Administrator under your name.

windows 10 check local administrator

Step 2

Open the Event Viewer. Note the following things:

  • Permissions: Local Activation
  • CLSID: {C2F03A33-21F5-47FA-B4BB-156362A2F239}
  • APPID: {316CDED5-E4AE-4B15-9113-7055D84DCC97}
  • User: NT Authority \ Local Service

    error 10016 {C2F03A33-21F5-47FA-B4BB-156362A2F239}

Are these the same for you? Fantastic! Just follow my steps!
Do you have other values? Then write them down and replace them in the steps below!

Step 3

Open your Registry Editor as an Administrator. To do so:

  1. Click Start (Windows logo)
  2. Type regedit
  3. Right-click Regedit
  4. Click Run as administrator
    02.event 10061 eventvwr regedit as administrator

Step 4

In the Registry Editor, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2F03A33-21F5-47FA-B4BB-156362A2F239}

Did you notice another CLSID in step 2? Then replace {…} with your CLSID!
To make sure that you are in the right key in the Registry Editor, you can also compare the APPID. Like in this screenshot:

check clsid and appid

Also immediately write down the Application Name. In my case, that is Immersive Shell. You will need this Application Name in step 9. Do you have another application name printed? Record this.

Step 5

In the Registry Editor:

  1. Right-click {C2F03A33-21F5-47FA-B4BB-156362A2F239}
  2. Select Permissions

    registry set permissions {c2f03a33-21f5-47fa-b4bb-156362a2f239}

Step 6

In the window Permissions for {C2F03A33-21F5-47FA-B4BB-156362A2F239} :

  1. Click Administrators once (so that it is selected)
  2. Check the box Full Control – Allow
  3. Click Advanced

In the Advanced Security Settings window for {C2F03A33-21F5-47FA-B4BB-156362A2F239}

  1. Click on Change
  2. Type Administrators
  3. Click OK
  4. Click OK
  5. Click OK

registry change ownership {c2f03a33-21f5-47fa-b4bb-156362a2f239}

 

Well done! You have now set the rights to the CLSID correctly.
In the next step, we will do the same for APPID

Step 7

In the Registry Editor, navigate to HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ APPID \ {316CDED5-E4AE-4B15-9113-7055D84DCC97}.

  1. Right-click {316CDED5-E4AE-4B15-9113-7055D84DCC97}
  2. Select Permissions
    registry set permissions {316cded5-e4ae-4b15-9113-7055d84dcc97}

In the window Permissions for {316CDED5-E4AE-4B15-9113-7055D84DCC97}

  1. Click Administrators once (so that it is selected)
  2. Check the box Full Control – Allow
  3. Click on Advanced

In the Advanced Security Settings window for {316CDED5-E4AE-4B15-9113-7055D84DCC97}

  1. Click Change
  2. Type Administrators
  3. Click OK
  4. Click OK
  5. Click OK

registry change ownership {316cded5-e4ae-4b15-9113-7055d84dcc97}

You have now also set the rights to the APPID correctly
In the following steps we will finish: we will set the correct permissions in the Component Services

Step 8

Open your Component Servies as an Administrator. To do so:

  1. Click Start (Windows logo)
  2. Type Component services
  3. Right-click Component Services
  4. Click Run as administrator
    17.event 10061 component services as administrator

Step 9

In Component Services

  1. Navigate to Component Services -> Computers -> My computer -> DCOM Config
  2. Scroll down to Immersive Shell (as we noted in step 4. Was there another application name for you? Then look it up.)
  3. Right-click the Immersive Shell application name
  4. Click Properties
    Component Services dcom Immersive shell properties

Step 10

In the Immersive Shell Properties window

  1. Click Customize under Launch and Activation Permissions.
  2. Click Edit
  3. In the Launch and Activation window, click Add.
  4. Type local service and click OK. (the name “local service” corresponds to the User we noted in step 2)dcom add local service to Immersive Shell

Step 11

Now that we have added Local Service:

  1. Select LOCAL SERVICE, check “Local Activation” (we also noted the Local Activation in step 2, as Permissions)
  2. Click OK
  3. Click OK again to close all windows

dcom set local service local activation

That should be it! Reboot your computer and see whether the errors return (or not, hopefully).
Is something unclear or do you run into something? Let me know in a comment! I would like to help you

Note 1

You may face a Windows Security message at step 10. if so, select Remove.

one or more of the permission entries attached to the registry value

Sources:
https://support.microsoft.com/en-us/help/4022522/dcom-event-id-10016-is-logged-in-windows
https://www.itexperience.net/2018/12/02/event-id-10016-fix-the-application-specific-permission-settings-do-not-grant-local-activation-permission-for-the-com-server-application-with-clsid/

 

5 2 votes
Article Rating
Subscribe
Notify of
guest
8 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Brian

Thank you. For the great details

Swang

Thanks for the detailed instructions! I followed all the steps but still see the following message afterwards. Any suggestions? Thanks again!
===========================================================
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 5/8/2020 10:26:53 AM
Event ID: 10016
Task Category: None
Level: Warning
Keywords: Classic
User: A114\A-114
Computer: A114
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user A114\A-114 SID (S-1-5-21-2622747839-1649908113-937840111-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Jerry

I get unable to save permission changes when trying to set administrator full control. Using regeditor as admin.

charles powell

i do not have CLSID in my HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ … im lost mate

Andrew

Listen man, I respect the effort, but you don’t ‘solve an issue’ just by granting all the permissions you can find that might allow it. Some things are -meant- to fail, and where there’s no functional impact, just leave it the hell alone.

Your solution here is akin to hearing a loud banging on the door, late at night, so you go and open the door wide open cos hey, who cares why the banging is happening, you just want it to stop so you can get back to sleep.

Andrew

I guess I should clarify. The things you do when you grant your user account all these permissions to the registry and CLSID classes is basically to make your computer a humming invitation to the next ransomware or trojan dreamt up by a kid in a box in North Korea.

Ati

This fix didn’t work for me. Win 10 1903 version. 🙁 Event log full with this warning…

Last edited 4 years ago by Ati
lopi

Me too. Win 10 2020

Last edited 4 years ago by lopi
8
0
Would love your thoughts, please comment.x
()
x