Quick Solution 3 : SharePoint User Profile Synchronization fail to start with event Id 10016

  • Article

Error Message

 

  Log Name: System 
 Source: Microsoft-Windows-DistributedCOM 
 Date: 4/8/2011 10:49:29 AM 
 Event ID: 10016 
 Task Category: None 
 Level: Error 
 Keywords: Classic 
 User: NETWORK SERVICE 
 Computer: <server name> 
 Description: 
 The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Or

  Log Name: System 
 Source: Microsoft-Windows-DistributedCOM 
 Date: 4/8/2011 10:49:29 AM 
 Event ID: 10016 
 Task Category: None 
 Level: Error 
 Keywords: Classic 
 User: NETWORK SERVICE 
 Computer: <server name> 
 Description: 
 The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {A0A8C0AC-FC70-4EE2-93A8-4A2257AE8619} and APPID {38AFE312-B8E5-4354-A11F-9224307B28AC} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Causes

The issue is caused by the user NT AUTHORITY\NETWORK SERVICE SID does not have permissions to activate the DistributedCOM locally.

Solutions

In order to solve the issue, please grant Local Activation permission for the COM Server applications to the user NT AUTHORITY\NETWORK SERVICE. By default, the group Distributed COM Users has the permissions. So, please add NT AUTHORITY\NETWORK SERVICE to Distributed COM Users directly to fix the issue:

  1. Open Computer Management(Administrative Tools > Computer Management)
  2. Double-click Local Users and Groups
  3. Click Groups
  4. Double-click Distributed COM Users
  5. Click Add
  6. Set the location to be local machine by clicking Locations
  7. Type Network Service in the Enter the object name to select textbox
  8. Click OK to apply

Comments

  • Anonymous
    November 30, 2012
    So many sites have the espoused the method of taking ownership of the registry for the DCOM objects and then granting permission on the DCOM object - nice alternative!

  • Anonymous
    February 11, 2013
    Hi, I tried this - it doesn't work. I added my Sharepoint Farm Account to the group and I am still seeing 10016 errors in the event log, specifically with DCOM App ID's {61738644-F196-11D0-9953-00C04FD919C1} and {000C101C-0000-0000-C000-000000000046} Unless you grant ownership of their respective registry keys to the local Administrators group and then explicitly grant Launch and Activation permissions using Dcomcnfg then you still see these errors. I was hoping this would be a neat and quick solution to this problem but I'm afraid it isn't.....