This post is migrated from previous hosting provider. There are still some issues with old posts. Please make a comment on this post with any issues.

Fix the SharePoint DCOM 10016 error on Windows Server 2008 R2

Tags: SharePoint, Security, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2

If you have been installing SharePoint you have probably also seen and fixed the DCOM 10016 error. This error occurs in the event log when the SharePoint service accounts doesn't have the necessary permissions (Local Activation to the IIS WAMREG admin service). Your farm will still function, but your event log will be cluttered.

On a Windows Server 2003 or Windows Server 2008 machine you would just fire up the dcomcnfg utility (with elevated privileges) and enable Local Activation for your domain account.

But for Windows Server 2008 R2 (and Windows 7, since they share the same core) you cannot do this, the property dialog is all disabled due to permission restrictions. It doesn't matter if you are logged in as an administrator or using elevated privileges. The change is probably due to some new security improvements.

DCOMCNG - all disabled

The reason for it being disabled is that this dialog is mapped to a key in the registry which the Trusted Installer is owner of and everyone else only has read permissions. The key used by the IIS WAMREG admin is:

HKEY_CLASSES_ROOT\AppID\{61738644-F196-11D0-9953-00C04FD919C1}

Registry permissions on R2 Registry permissions on R1

Image on the left shows the default permissions for Windows Server 2008 R2 and on the right the default settings for Windows Server 2008.

To be able to change the Launch and Activation Permissions with dcomcnfg you have to change the ownership if this key. Start the registry editor (regedit), find the key, click Advanced in the Permissions dialog of this key and select the Owner tab. Now change the owner of the key to the administrators group for example, then set full control to the administrators group. Make sure not to change the permissions for the TrustedInstaller.

Now you have to restart the dcomcnfg application and once find the IIS WAMREG application and then set the Launch and Activation settings that you need to get rid of the DCOM 10016 error.

Unlocked!

Good luck!

WARNING: Changing the registry may seriously damage your server. All is on your own risk!

No Comments

Comments have been disabled for this content.

About Wictor...

Wictor Wilén is a Director and SharePoint Architect working at Connecta AB. Wictor has achieved the Microsoft Certified Architect (MCA) - SharePoint 2010, Microsoft Certified Solutions Master (MCSM) - SharePoint  and Microsoft Certified Master (MCM) - SharePoint 2010 certifications. He has also been awarded Microsoft Most Valuable Professional (MVP) for four consecutive years.

And a word from our sponsors...

SharePoint 2010 Web Parts in Action