Friday, January 16, 2015

SharePoint 2013: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 05D1D5D8-18D1-4B83-85ED-A0F99D53C885


You see the following in a farm server's System log:
Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Date:          [date/time]
Event ID:      10016
Task Category: None
Level:         Error
Keywords:      Classic
User:          SYSTEM
Computer:      [FarmServer]
The application-specific permission settings do not grant Local Launch 
permission for the COM Server application with CLSID 
 and APPID 
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost 
(Using LRPC) running in the application container Unavailable SID 
(Unavailable). This security permission can be modified using the Component 
Services administrative tool.
Event Xml:
Reviewing the event log, you find the error recurring several times a month at various times, but with no immediately evident pattern.

This issue involves the SMS Agent Host application.  You can find this association by launching regedit, and then searching for the AppID in the registry.  From my experience, this issue has not appeared to involve any immediately identifiable problems and so I have ignored it.  If there are subtler issues here, I have not observed them yet.

There is one, perhaps two, solutions to this issue.  The first involves straightforwardly granting application-specific Local Launch permission to the SYSTEM account.  The second involves adding the SYSTEM account to the Distributed COM Users group.  The first method appears to be the one most widely posted.  The second one I found a posting on and tried out, but found that it failed to resolve the problem.

Solution 1: Grant application-specific local launch permission to the SYSTEM account
  1. Login to the target machine using an administrator account.
  2. Launch the Component Services tool.
  3. In the navigation panel, at left, expand: Console Root > Component Services > Computers > My Computer > DCOM Config.
  4. Scroll down to SMS Agent Host.
  5. Right-click and choose Properties.
  6. Select the Security tab.
  7. In the Launch and Activation Permissions group, click the Edit button.
  8. If the SYSTEM account is not listed, add it.
  9. Select the SYSTEM account and then check Allow for all permissions

  10. CLick OK and OK again.
Solution 2: Add SYSTEM account to Distributed COM Users group
  1. Launch Computer Management as an administrator.
  2. In the left navigation panel, expand the tree under Computer Management to Local Users and Groups \ Groups.
  3. Select Distributed COM Users
  4. Double-click Distributed COM Users.
  5. Click the Add button.
  6. Click the Locations button.
  7. Select the server name.
  8. Click OK.
  9. Click the Advanced button.
  10. Click the Find Now button.
  11. Scroll down and select SYSTEM, and then click OK.
  12. Click OK again.

No comments: