FIM Troubleshooting: Event ID 10016 - The application-specific permission settings do not grant Local Activation permission for the COM Server application

Issue

After running an upgrade on the FIM Synchronization Service a previously scheduled task does not run as expected.  We see the following error in the System Event Log.

Event ID 10016

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{835BEE60-8731-4159-8BFF-941301D76D05}

and APPID

{835BEE60-8731-4159-8BFF-941301D76D05}

to the user Contoso\fim_service SID (S-1-5-21-3612223499-222092101-3127446173-58346) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Troubleshooting

Checking Component Services -> Computers -> My Computer -> DCOM Config -> Forefront Identity Manager Synchronization Service -> General, we see the App ID matches the App ID of the error.

 

On the Security Tab, Launch and Activation Permissions -> Edit, we see the FIMSyncAdmin, FIMSyncBrowse, FIMSyncPasswordSet, FIMSyncOperators, and FIMSyncJoiners groups are set to allow launch and activation both locally and remotely.  In this instance, the install was done to create new local groups, when FIM was previously configured with domain groups for FIMSyncAdmin etc.

Resolution

 Added the account which was kicking off the Scheduled Task (svc_fimservice) to the FIMSyncAdmins group that was specified during the FIM Synchronization Service installer.