SharePoint 2010 Troubleshooting: DCOM Error 10016 - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046}
Problem
The following error appears in a SharePoint Server 2010 farm server system log:
Log Name: System Source: Microsoft-Windows-DistributedCOM Date: [date] Event ID: 10016 Task Category: None Level: Error Keywords: Classic User: [domain]\[FarmAccount] Computer: [FarmServerName] Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user [domain]\[FarmAccount] SID... from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Discussion
This error is being logged to the System event log due to the farm account not having permission to access the DCOM component at 000C101C-0000-0000-C000-000000000046.
Solution
- Grant Farm Account Permissions to Component
Open the Component Services tool on the server.
Look for the DCOM component 000C101C-0000-0000-C000-000000000046.
Right-click this component and select Properties.
Select the Security tab.
If all options are disabled, complete the steps in section Change Component Owner, and then return; and then close and launch Component Services.
If after changing the key ownership, you find that these options are still disabled, close Component Services and then re-open it.
In the Launch and Activation Permissions section, select Customize.
Click the Edit button.
Add the farm account.
When initially added, the account will only have (Allow) Local Launch checked.
Check (Allow) Local Activation.
Click OK.
Click Apply, and then click OK.
Reset IIS.
Stop and then start SharePoint 2010 Timer.
- Change Component Owner
Start Registry Editor in Administrator mode on the server.
Find key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\000C101C-0000-0000-C000-000000000046} .
Right-click this key, and then select Permissions. The Permissions dialog appears.
You may see your administrator group here and think that you can set Full Control for your group. However, if you try this, you will get an Access is denied error prompt
Click the Advanced button.The Advanced Security Settings dialog appears.
Select the Owner tab.
By default, the Current Owner will be the TrustedInstaller account.
Select your administrator account or group, and check Replace owner on subcontainers and objects, and then click Apply.
Click OK.The Advanced Security Settings dialog closes, and the focus returns to the Permissions dialog.
Select your administrator account of group, and then check Full Control.
Click OK.The Permissions dialog closes.
Exit Registry Editor.
References
- The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} – SharePoint 2010
- Event ID 10016, KB 920783, and the WSS_WPG Group: outstanding article on this very issue by jeremy jameson.
- Event ID error messages 10016 and 10017 are logged in the System log after you install Windows SharePoint Services 3.0: its for 2007, but provides helpful information for 2010.
Notes
- UPDATE 1/8/15: I added two references to this posting that provide helpful insight and guidance on resolving this issue.Also applicable to 2013 since the same groups are used.