SharePoint causes DCOM Errors - Event Id: 10016

  • Article

Typically after a SharePoint installation when you use separate accounts for the different services, you will notice DCOM errors in the Event Log on the SharePoint server.  This is because the accounts for the Application Pools don't have the necessary rights to launch the IIS WAMREG Admin Service.

image

If you view one of the errors, it should look something like this:

image

We are specifically looking for a message like this: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {61738644-F196-11D0-9953-00C04FD919C1}

  • To resolve these errors, we need to grant Launch and Activation rights to the Application Pool accounts. 
  • By default, it should have the SharePoint managed groups (local accounts) WSS_WPG and WSS_ADMIN_WPG already.  If it doesn't (most likely you are running Kerberos) you'll need to add these as well.

  1. Open the Component Services tool

    1. Start > Run > dcomcnfg.exe

  2. Navigate the Component Services tree

    1. Computers > My Computer > DCOM Config.

  3. At the Services list, scroll to IIS WAMREG Admin Service

    1. Here you will see the GUID (Application ID) as referenced in the error message.

      image

  4. To assign the permissions, right-click on the object and select Properties.

    image

  5. Click the Security tab, make sure the Customize radio button is selected and then click the Edit button.

    image

  6. The final step is to add the Local server groups and Application Pool service accounts to give them permission.

    1. For the Local server groups

      1. Click the Add button, and then set the Location to the Local Machine

      2. Then add the groups WSS_WPG and WSS_ADMIN_WPG

      3. Click the OK button

        image

    2. For the Application Pool accounts (assuming domain accounts)
      1. Click the Add button, and then set the Location to the Domain
      2. Then add the application pool accounts
      3. Click the OK button

  7. After adding the users you need to make sure they have Local Activation privileges

    1. Select the account and check the Allow checkbox for “Local Activation” permission.

    2. Repeat this step for each of the account groups.

    3. When you have finished for all users/accounts, click the OK button

      image

  8. This process needs to be completed for each web front end server

 

- Dan