Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, December 14, 2017 4:37 PM
Hi,
I'm having a problem using with an application which is using DCOM, and has stopped communicating with a remote PC since the remote PC had Windows 10 update 1709 installed.
The remote PC running the DCOM server showed the following two errors in its Event Log:
The machine wide limit settings do not grant Remote Activation permission for COM Server applications to the user MYPC\myusername} SID (S-1-5-21-4002460380-3287183360-1117026511-1002) from address 10.1.112.1 running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
The machine wide limit settings do not grant Remote Access permission for COM Server applications to the user NT AUTHORITY\ANONYMOUS LOGON SID (S-1-5-7) from address 10.1.112.1 running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
DCOM Machine Wide Limit & Default permissions were set up correctly before the update, and the application was functioning correctly.
I was able to get the application to function again by altering the Limits for Access Permissions & Launch and Activation Permissions, by clicking 'Edit Limits...' for both, and removing an Unknown Account & the ALL APPLICATION PACKAGES Group. This was done using comexp.msc.
If I re-add the ALL APPLICATION PACKAGES group, and assign it full permissions for both, the application stops working again, with the above errors.
The Unknown Account has the SID: S-1-15-3-1024-2405443489-874036122-4286035555-1823921595-1746547431-2453885448-3625952902-991631256
Does anyone know why the adding & granting full permissions to ALL APPLICATION PACKAGES causes errors?
Thanks,
Kenneth
All replies (6)
Monday, December 18, 2017 2:42 AM
Hi Kenneth,
Kindly refer to this article below to troubleshoot your issue
Event ID 10016 - DistributedCOM
https://www.windows10forums.com/articles/event-id-10016-distributedcom.47/
In this link, the application-specific permission settings do not grant Local Activation permission for COM Server applications, while on your scenario, the machine wide limit settings do not grant Remote Activation permission for COM Server applications, difference is just local and remote, try to modify the DistributedCOM component step-by-step as it guides.
Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Regards
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Tuesday, December 26, 2017 9:45 AM
Would you mind letting me know the update of the problem? If you need further assistance, feel free to let me know.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Wednesday, January 3, 2018 11:34 AM
Many thanks for your quick response. I've been on holiday over the new year, and have only just seen this.
I had a look at your link, and while I believe I have followed the appropriate steps, but the problem persists.
As you mentioned, my error message specifies remote activation and access permissions, but it also mentions machine wide limit. So, I specified Allow for both Local & Remote access, for both the ANONYMOUS LOGON, and my user account, for both Activation & Access (as per the error message) using the COM Security section of My Computer Properties, in Component Services.
Note that the error messages don't mention a specified component, so I was unable to follow the steps in your link exactly.
As I mentioned above, when I remove an Unknown Account & the ALL APPLICATION PACKAGES group from the machine wide limit settings (for both access & activation), the problem goes away, and my COM application works correctly. I don't think this is a suitable solution though.
Tuesday, January 16, 2018 10:13 AM
Hi,
I have still not managed to resolve this issue. Please see my comment dated Wednesday, January 03, 2018 11:34 AM.
Is there any chance you could advise what the Unknown Account & ALL APPLICATION PACKAGES do, and why they affect my DCOM application?
Thursday, March 22, 2018 1:06 PM
Kenneth,
Were you able to find a resolution to your issue?
I've been getting the same error with a similar configuration, but have not been able to find a resolution yet.
Brad
Thursday, January 24, 2019 12:38 AM
To fix this using Powershell. https://gallery.technet.microsoft.com/scriptcenter/Grant-Revoke-Get-DCOM-22da5b96