13,721 questions
DCOM asks to record GRAPH.EXE
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 56.00000000000001%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOS%3C/text%3E%3C/svg%3E)
Owen’s Fairchild
15
Reputation points
dcomcnfg gives this error:
---------------------------
DCOM Configuration Warning!
---------------------------
The CLSID {00020800-0000-0000-C000-000000000046}, item C:\Program Files\Microsoft Office\Root\Office16\GRAPH.EXE and title Microsoft Graph Application has the named value AppID, but is not recorded under \\HKEY_CLASSES_ROOT\AppId. Do you wish to record it?
---------------------------
Yes No
---------------------------
(This also occurred with CNFNOT32, VPREVIEW, and SDXHelper)
I started looking into this after I saw this event log error:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user PlumPC\carte SID (S-1-5-21-3144050359-1279354473-1612148908-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
(Here is the XML data for the error)
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2024-12-22T16:37:55.9043533Z" />
<EventRecordID>29759</EventRecordID>
<Correlation ActivityID="{dd0702fd-548c-0009-8622-2fdd8c54db01}" />
<Execution ProcessID="1660" ThreadID="2636" />
<Channel>System</Channel>
<Computer>Nope</Computer>
<Security UserID="S-1-5-21-3144050359-1279354473-1612148908-1001" />
</System>
- <EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}</Data>
<Data Name="param5">{15C20B67-12E7-4BB6-92BB-7AFF07997402}</Data>
<Data Name="param6">Nope</Data>
<Data Name="param7">Nope</Data>
<Data Name="param8">S-1-5-21-3144050359-1279354473-1612148908-1001</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Unavailable</Data>
<Data Name="param11">Unavailable</Data>
</EventData>
</Event>
I think PID 1660 points to "Service Host: Remote Procedure Call (2)"
if I expand that in Task Manager, I get "Remote Procedure Call (RPC)" and "RPC Endpoint Mapper" and both do not have PIDs.
What do these mean? What do I do?
Microsoft Security Microsoft Graph
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 32%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
Shaun Clapham 0 Reputation points2025-01-31T17:41:49.5333333+00:00 SAME ISSUE HERE, DO REGISTER OR NO???
Sign in to comment
Sign in to answer