0

The following is appearing in the application server role events.

The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} to the user [Domain][User] SID ([SID]) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

I've solved a similar (application permission) problem on "IIS WAMREG admin Service" before by going into Component Services and assigning the correct permissions (Activate & Launch). However, the previous method seems impossible as all the properties are disabled for app id {000C101C-0000-0000-C000-000000000046}, also I noticed that it doesn't have a name - there are a few applications without a name, but the properties aren't disabled on them.

This is a fresh install of server 2008 (Std not R2) with sharepoint server 2010. Nothing appears to be "broken" that I notice, but I get many errors (over 100 for a single minute around 1am) in the event log and this isn't fun.

I've found a few pointers on google here, here & here, but am not convinced I should be changing the registry to solve this. According to this the app is MSIServer, but that doesn't appear. Does anyone know what the problem is, and why this is happening, and why I can't change the properties to solve the problem?

Mr Shoubs
  • 363
  • 2
  • 9
  • 32

2 Answers2

1

I've posted my thoughts on this problem over here: http://tristanwatkins.com/index.php/product-version-job-dcom-10016-strikes-again/

More info on this here now:

http://tristanwatkins.com/index.php/inside-manage-patch-status/

http://tristanwatkins.com/index.php/testing-manage-patch-status/

Cheers,

Tristan

Mark Henderson
  • 68,823
  • 31
  • 180
  • 259
  • Chosen solution: Live with the warnings/errors until a better option becomes available. I find it pretty silly that Microsoft leave situations like this. Would you suggest that I revert my previous fix for IIS WAMREG admin Service and ignore those errors also? – Mr Shoubs Aug 20 '10 at 12:05
1

Nope, leave those fixes in place. The IIS WAM REG and oSearch activation are fine since you want the SharePoint Application Pool identities to be able to activate those components, but since the Windows Installer Service runs as Local System and is used to install install stuff it is practically elevating the Farm account to admin, which is fine if you're happy with those risks and you can just make the Farm account a local admin but if you want to maintain the least-priveleged model I see this as more of a problem.

I'm still working on identifying a better long-term fix. Stay tuned.