SharePoint causes DCOM Errors - Event Id: 10016
Typically after a SharePoint installation when you use separate accounts for the different services, you will notice DCOM errors in the Event Log on the SharePoint server. This is because the accounts for the Application Pools don't have the necessary rights to launch the IIS WAMREG Admin Service.
If you view one of the errors, it should look something like this:
We are specifically looking for a message like this: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {61738644-F196-11D0-9953-00C04FD919C1}
- To resolve these errors, we need to grant Launch and Activation rights to the Application Pool accounts.
- By default, it should have the SharePoint managed groups (local accounts) WSS_WPG and WSS_ADMIN_WPG already. If it doesn't (most likely you are running Kerberos) you'll need to add these as well.
Open the Component Services tool
- Start > Run > dcomcnfg.exe
Navigate the Component Services tree
- Computers > My Computer > DCOM Config.
At the Services list, scroll to IIS WAMREG Admin Service
Here you will see the GUID (Application ID) as referenced in the error message.
To assign the permissions, right-click on the object and select Properties.
Click the Security tab, make sure the Customize radio button is selected and then click the Edit button.
The final step is to add the Local server groups and Application Pool service accounts to give them permission.
- For the Local server groups
Click the Add button, and then set the Location to the Local Machine
Then add the groups WSS_WPG and WSS_ADMIN_WPG
Click the OK button
- For the Application Pool accounts (assuming domain accounts)
- Click the Add button, and then set the Location to the Domain
- Then add the application pool accounts
- Click the OK button
- For the Local server groups
After adding the users you need to make sure they have Local Activation privileges
Select the account and check the Allow checkbox for “Local Activation” permission.
Repeat this step for each of the account groups.
When you have finished for all users/accounts, click the OK button
This process needs to be completed for each web front end server
- Dan