Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Event ID 10016 may be logged in the System log on a computer that is running Windows Server 2003 with Service Pack 1

Event ID 10016 may be logged in the System log on a computer that is running Windows Server 2003 with Service Pack 1

View products that this article applies to.

Symptoms

On a computer that is running Microsoft Windows Server 2003 with Service Pack 1 (SP1), an event that resembles the following may be logged in the System log:

↑ Back to the top

Cause

This issue may occur if the netman component in DCOM does not have the following permissions:
  • Remote Launch
  • Local Activation
  • Remote Activation

↑ Back to the top

Resolution

To resolve this issue, grant the permissions that are mentioned in the "Cause" section to the netman component in DCOM. To do this, follow these steps:
  1. Click Start, click Run, type dcomcnfg, and then click OK.
  2. In Component Services, double-click Component Services, and then double-click Computers.
  3. Expand My Computer, expand DCOM Config, and then click netman in the DCOM Config node.
  4. Right-click netman, and then click Properties.
  5. In the netman Properties dialog box, click the Security tab.
  6. Under Launch and Activation Permissions, click Edit.
  7. In the Launch Permission dialog box, click Add.
  8. In the Enter the object names to select box, type Network Service, and then click OK.
  9. While Network Service is selected, click to select the Allow check boxes for the following items:
    • Remote Launch
    • Local Activation

    • Remote Activation

  10. Click OK two times.

↑ Back to the top

More Information

DCOM security enhancements in Windows Server 2003 SP1

Microsoft Windows operating systems that are based on the Microsoft Windows NT kernel rely on remote procedure call (RPC) services to run. These operating systems include Microsoft Windows XP and Windows Server 2003. DCOM gives users a convenient way to use RPC services to distribute COM applications across their networks.

Windows Server 2003 SP1 helps enhance security in DCOM and RPC. RPC with DCOM lets you start or call a program on another computer. However, this ability makes RPC more vulnerable to malicious users. To help defend against this vulnerability, Windows Server 2003 SP1 verifies every program call against a computer-wide discretionary access control list (DACL). This process provides a minimum authorization standard for all program calls on a computer. The process does this by maintaining a list of users who have and do not have permission to access a system service.

Although many COM applications include some security-specific code, they may use weak settings. Therefore, the settings may grant unauthenticated access to a process. In earlier versions of Windows Server 2003, an administrator cannot override these settings to stregthen security.

The enhanced DCOM computer restriction settings that are included in Windows Server 2003 SP1 help administrators control incoming calls that use DCOM.

For more information about the DCOM security enhancements that are included in Windows Server 2003 SP1, visit the following Microsoft Web site:http://technet2.microsoft.com/WindowsServer/en/library/4c9a2873-2010-4dbb-b9dd-6a7d1e275f0f1033.mspx?mfr=true

↑ Back to the top

Keywords: kbexpertiseadvanced, kbtshoot, kb

↑ Back to the top

Article Info
Article ID : 931355
Revision : 1
Created on : 1/7/2017
Published on : 6/21/2014
Exists online : False
Views : 271