Resolve EventLog Error 10016

20/02/2021

Resolve EventLog Error 10016

I understand your frustration. I recently just fixed some 10016 errors only to have them return.

I recently bought a 6800XT ATI card for £1019 due to the microchip shortage and pandemic Novatech decided to ramp up the cards price from £463. Upon installing the card it ran without an issue using basic drivers provided with Windows. However upon installing ATI Updated drivers and their Adrenaline suite. I was presented with a mirade of system freezes, shutdown, hangs, pauses, black greens, green screens.

I almost ripped the card out the case. I was unable to return it due to the pandemic and not knowing if I’d ever get another one due to the stock levels. I decided to attempt to resolve the issue.

Within my eventlog, at each shutdown I was presented by a 10016 error, here is the resolution.

These are the affected DCOM components and keys we find on many systems after updates:

1/ RunTimeBroker – 1st entry

“HKEY_CLASSES_ROOT\CLSID\{2593f8b9-4eaf-457c-b68a-50f6b8ea6b54}”

“HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{15c20b67-12e7-4bb6-92bb-7aff07997402}”

2/ RunTimeBroker – 2nd entry

“HKEY_CLASSES_ROOT\CLSID\{D63B10C5-BB46-4990-A94F-E40B9D520160}”

“HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}”

3/ ShellServiceHost

“HKEY_CLASSES_ROOT\CLSID\{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}”

“HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}”

4/ Windows Management and Instrumentation

“HKEY_CLASSES_ROOT\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}”
“HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}”

5/ Immersive Shell

“HKEY_CLASSES_ROOT\CLSID\{C2F03A33-21F5-47FA-B4BB-156362A2F239}”
“HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{316CDED5-E4AE-4B15-9113-7055D84DCC97}”

To fix these issues:

Download SetACL.exe from SetACL – Automate Permissions and Manage ACLs • Helge Klein

Copy to c:\windows\system32 and make sure you use the appropriate 32 or 64 bit file for your architecture.

Enable the built-in Administrator account, follow these steps:

Open Command Prompt (Admin).

In the elevated Command Prompt, type the following command and then press Enter.

Net user administrator /active:yes

To disable the built-in Administrator account, simply type

Net user administrator /active:no

in the elevated Command Prompt; but only do this after you have run all your script lines below.

Create text file scripts in this format: (Change CLSID and APPID for each DCOM). In other words, plug your CLSID and AppID alphanumeric lines from your Event Viewer error (10016) between { } in each line below and hit enter after each line is entered in the cmd prompt.

The current CLSID and AppID in the lines below are one of the common DCOM components that need addressed and you can just enter your CLSID or AppID’s instead.

Make sure you pay attention to \CLSID\ and \AppID\ in each line below so you plug your alphanumeric codes in right.

Do each script line one at a time, hitting “Enter” after each line:

reg query "HKEY_CLASSES_ROOT\CLSID\{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}" /ve

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{15C20B67-12E7-4BB6-92BB-7AFF07997402}" /ve


SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}" -ot reg -actn setowner -ownr "n:Administrators"

SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}" -ot reg -actn ace -ace "n:Administrators;p:full"

SetACL.exe -on "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{15C20B67-12E7-4BB6-92BB-7AFF07997402}" -ot reg -actn setowner -ownr "n:Administrators"

SetACL.exe -on "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{15C20B67-12E7-4BB6-92BB-7AFF07997402}" -ot reg -actn ace -ace "n:Administrators;p:full"

STOP: Don’t do these last two lines until you confirm the permissions are set – after checking in Component Services and all permissions are correct, you can proceed with the last two script lines below:

SetACL.exe -on "HKEY_CLASSES_ROOT\CLSID\{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}" -ot reg -actn setowner -ownr "n:SYSTEM"

SetACL.exe -on "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{15C20B67-12E7-4BB6-92BB-7AFF07997402}" -ot reg -actn setowner -ownr "n:NT SERVICE\TrustedInstaller"

Open Component Services and check launch and Activation permissions. If they are still not correct, copy and paste the four middle script lines to take ownership. Refresh the Component Services view and edit launch permissions.

15C20B67-12E7-4BB6-92BB-7AFF07997402 - PerAppRuntimeBroker

The main ones are SYSTEM, LOCAL SERVICE and NETWORK SERVICE

Once each are given Local Launch and Local Activation Allow permissions, run the last two script lines to set the Trusted Installer as owner and disable built-in administrator.

Reboot and check event log to confirm permissions are working and errors are gone.

If you know what your doing here is an Advanced PowerShell Script

You can paste directly into PowerShell (Admin mode, obviously…)

function enable-privilege
 {    param(
     ## The privilege to adjust. This set is taken from http://msdn.microsoft.com/en-us/library/bb530716(VS.85).aspx
      [ValidateSet(
     "SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege", "SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege",
     "SeCreatePagefilePrivilege", "SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege",
     "SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege",
     "SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege", "SeLockMemoryPrivilege",
     "SeMachineAccountPrivilege", "SeManageVolumePrivilege", "SeProfileSingleProcessPrivilege", "SeRelabelPrivilege",
     "SeRemoteShutdownPrivilege", "SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege",
     "SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege", "SeTakeOwnershipPrivilege", "SeTcbPrivilege",
     "SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege", "SeUndockPrivilege", "SeUnsolicitedInputPrivilege")]
     $Privilege,
     ## The process on which to adjust the privilege. Defaults to the current process.
     $ProcessId = $pid,
     ## Switch to disable the privilege, rather than enable it.
     [Switch] $Disable
     )
     ## Taken from P/Invoke.NET with minor adjustments.
  $definition = @'
  using System;
  using System.Runtime.InteropServices;
 public class AdjPriv
  {
   [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
   internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
    ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
 [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
   internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
   [DllImport("advapi32.dll", SetLastError = true)]
   internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
   [StructLayout(LayoutKind.Sequential, Pack = 1)]
   internal struct TokPriv1Luid
   {
    public int Count;
    public long Luid;
    public int Attr;
   }
 internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
   internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
   internal const int TOKEN_QUERY = 0x00000008;
   internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
   public static bool EnablePrivilege(long processHandle, string privilege, bool disable)
   {
    bool retVal;
    TokPriv1Luid tp;
    IntPtr hproc = new IntPtr(processHandle);
    IntPtr htok = IntPtr.Zero;
    retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
    tp.Count = 1;
    tp.Luid = 0;
    if(disable)
    {
     tp.Attr = SE_PRIVILEGE_DISABLED;
    }
    else
    {
     tp.Attr = SE_PRIVILEGE_ENABLED;
    }
    retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
    retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
    return retVal;
   }
  }
 '@
  $processHandle = (Get-Process -id $ProcessId).Handle
  $type = Add-Type $definition -PassThru
  $type[0]::EnablePrivilege($processHandle, $Privilege, $Disable)
 }
 ------------------------------------------------------------------------------------------------------------------------------------------------------
 function Takeown-Registry($key) 
 {    switch ($key.split('\')[0])
     {   "HKEY_CLASSES_ROOT" 
         {   $reg = [Microsoft.Win32.Registry]::ClassesRoot
             $key = $key.substring(18)
         }
         "HKEY_CURRENT_USER"
         {   $reg = [Microsoft.Win32.Registry]::CurrentUser
             $key = $key.substring(18)
         }
         "HKEY_LOCAL_MACHINE"
         {   $reg = [Microsoft.Win32.Registry]::LocalMachine
             $key = $key.substring(19)
         }
     }
 # take ownership $key = $reg.OpenSubKey($key, "ReadWriteSubTree", "TakeOwnership") $owner = [Security.Principal.NTAccount]"Administrators" $acl = $key.GetAccessControl() $acl.SetOwner($owner) $key.SetAccessControl($acl) # set FullControl $acl = $key.GetAccessControl() $rule = New-Object System.Security.AccessControl.RegistryAccessRule("Administrators", "FullControl", "Allow") $acl.SetAccessRule($rule) $key.SetAccessControl($acl) # reset owner $owner = [Security.Principal.NTAccount]"NT SERVICE\TrustedInstaller" $acl = $key.GetAccessControl() $acl.SetOwner($owner) $key.SetAccessControl($acl)
 }
 ------------------------------------------------------------------------------------------------------------------------------------------------------
 Grant authority to registry key
 Write-Host; Write-Host "Elevating privileges for this process" -f yellow; Write-Host
 do {$result = enable-privilege SeTakeOwnershipPrivilege } 
 until ($result -eq $true)
 do {$result = enable-privilege SeRestorePrivilege } 
 until ($result -eq $true)
 $key="HKEY_CLASSES_ROOT\AppID{15C20B67-12E7-4BB6-92BB-7AFF07997402}"
 Write-Host "Granting authority to $key"
 Takeown-Registry($key)
 $key="HKEY_CLASSES_ROOT\CLSID{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}"
 Write-Host "Granting authority to $key"
 Takeown-Registry($key)
 Write-Host; Write-Host "Done"; Write-Host

If All Else Fails

Now if you cannot be asked to solve all your Dcom errors and/or it’s just a gaming PC, you can disable Dcom Completely.

Press the Windows key or click on the start menu type

Component Services and click to open

This is the Component Services Panel, double click Computers

Right Click on My Computer and select Properties from the context menu.

Choose the Default Properties tab and untick Enable COM Internet Services, and Enable Distributed COM on this computer. Then restart the computer.

You should be able to now game or use an IDE without constant restarts plaguing your time.

If this is a work computer check with your IT Administrator, if any applications need this service. Or if one of your apps stops working, renable it to check if this is the cause.

RELATED POST

Easy to Customize
10/05/2022

Digital Forensics | The Bug Bounty Balance

Criminals often use burner phones, these phones often are built with easier data retrieval methods, due to the lack of security software included. Modern Android phones, will have the latest Android Security patch, they also feature things like onboard encryption (especially Samsung phones).

7/05/2022

Click-Baiting – What is it and how to detect it.

Clickbait typically refers to the practice of writing sensationalized or misleading headlines [more]

7/05/2022

What is Doxxing? – An how to protect against it

It is when an internet user, with malicious intent discovers information about you and uses it in a negative way, often adding their own opinion or taking things out of context. They use this to potentially stalk or drive their victim offline.

  • _blank
  • ALL CATEGORIES
  • https://ackerworx.uk//d/2addicted.mp3
  • https://ackerworx.uk//d/2addicted.mp3
  • Bad Wings
  • The Glitch Mob
  • _blank
  • ALL CATEGORIES
  • https://ackerworx.uk//d/BW.mp3
  • https://ackerworx.uk//d/BW.mp3
  • _blank
  • ALL CATEGORIES
  • https://ackerworx.uk//d/addicted.mp3
  • https://ackerworx.uk//d/addicted.mp3
  • Ryder Remix
  • _blank
  • ALL CATEGORIES
  • https://ackerworx.uk//d/bw2.mp3
  • https://ackerworx.uk//d/bw2.mp3