locked
DCOM error 10016 Runtimebroker RRS feed

  • Question

  • Looks like if SQL service account is changed, we'll see Event ID 10016 DCOM Error for Runtimebroker to the new service account instead of System.

    Also, hit and miss, some server would have access denied to api.log under system32\logs\sum...

    The question is "what is the impact on these two errors?" 

    I only see how they can be fixed but now what issue they cause.  Without the fix, everything 'appears' to be fine.  Since there are hundreds of servers in question, I need to know if these can be just ignored or they cause issues down the road.


    The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     and APPID 
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     to the user 

    Monday, September 11, 2017 4:40 PM

Answers

  • Hi JT_CP,

    You can ignore this error message, this file is used to record log, when you change some setting of application or do some update, we will see this error message. 

    Best Regards,

    Teige


    MSDN Community Support<br/> Please remember to click &quot;Mark as Answer&quot; the responses that resolved your issue, and to click &quot;Unmark as Answer&quot; if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact <a href="mailto:MSDNFSF@microsoft.com">MSDNFSF@microsoft.com</a>.

    • Marked as answer by JT_CP Tuesday, October 1, 2019 6:07 PM
    Tuesday, October 17, 2017 8:50 AM

All replies

  • Hi JT_CP,

     

    Have you checked if your SQL Server can work well with DCOM?

     

    The Event ID 10016 means that the SQL Server service account do not have enough permission on the COM component. Actually, we need to grant Access Permissions and Launch and Activition Permissions to the SQL Server service account on the COM component.

     

    Besides, the error related to api.log under system32\logs\sum… can also be a permission issue, please check the permission on this file.

     

    There is also a blog about how to grant Local Activation permission for your reference.

    http://blog.ronnypot.nl/?p=258  

     

    Best Regards,

    Teige

     


    MSDN Community Support<br/> Please remember to click &quot;Mark as Answer&quot; the responses that resolved your issue, and to click &quot;Unmark as Answer&quot; if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact <a href="mailto:MSDNFSF@microsoft.com">MSDNFSF@microsoft.com</a>.

    Tuesday, September 12, 2017 2:58 AM
  • The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     and APPID 
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     to the user 

    There is also a blog about how to grant Local Activation permission for your reference.

    http://blog.ronnypot.nl/?p=258  

    That blog describes a manual method of grant permissions to accounts for an APPID.  It works, but would be a pain to implement on "hundreds of servers", and it leaves the registry permissions changed from defaults.

    Consider using this PowerShell script to change the permissions, if you decide to do that:

    Grant, Revoke, Get DCOM permissions using PowerShell


    -Tony

    • Proposed as answer by Siko Wednesday, October 17, 2018 12:56 PM
    Friday, September 15, 2017 9:28 PM
  • Thanks for the info.  I am aware on how to fix the issue.

    The question was really on "what is the impact on these two errors?" 

    If there are no justifications, we most likely won't spend the effort.  That said, I don't see any issues with our SQL boxes but really like to know the downside.


    • Edited by JT_CP Thursday, September 28, 2017 12:04 AM
    Thursday, September 28, 2017 12:03 AM
  • Hi JT_CP,

    This error message is related to security permission for the COM Server application with CLSID, this may cause some related service not started, you'd better not ignore it.

    Best Regards,

    Teige


    MSDN Community Support<br/> Please remember to click &quot;Mark as Answer&quot; the responses that resolved your issue, and to click &quot;Unmark as Answer&quot; if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact <a href="mailto:MSDNFSF@microsoft.com">MSDNFSF@microsoft.com</a>.

    Tuesday, October 10, 2017 8:10 AM
  • All the services do start and things are working.   So I am unable to find what does not work due to these.

    The other issue with change SQL service account is the permissions error for "C:\Windows\system32\LogFiles\Sum\Api.log" which I don't know either what is the impact.

    Tuesday, October 10, 2017 10:51 PM
  • Teige, you have not stated why it had better not be ignored.  Neither the original poster nor I have ever found a reason to grant these permissions.  When you work in a highly-secure environment, you have to justify every permission change.  Can you tell us why SQL requires Launch and Activation permissions on RuntimeBroker?  If not, just say that you don't know.
    Wednesday, October 11, 2017 2:09 PM
  • Hi JT_CP,

    You can ignore this error message, this file is used to record log, when you change some setting of application or do some update, we will see this error message. 

    Best Regards,

    Teige


    MSDN Community Support<br/> Please remember to click &quot;Mark as Answer&quot; the responses that resolved your issue, and to click &quot;Unmark as Answer&quot; if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact <a href="mailto:MSDNFSF@microsoft.com">MSDNFSF@microsoft.com</a>.

    • Marked as answer by JT_CP Tuesday, October 1, 2019 6:07 PM
    Tuesday, October 17, 2017 8:50 AM
  • Thank JE-BCBSSC, it is correct that I can not make permission changes without justifications.

    So from your answer, when "certain, unknown function make change" they will not be logged and that's the only issue with the DCOM error with runtime broker and api.log?


    Wednesday, February 14, 2018 6:52 PM