SharePoint 2013: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 000C101C-0000-0000-C000-000000000046

Problem

The following error appears in a SharePoint Server 2013 farm server system log (Windows Server 2012):

Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Date:          [date/time]
Event ID:      10016
Task Category: None
Level:         Error
Keywords:      Classic
User:          NETWORK SERVICE
Computer:      [farmserver]
Description:
The machine-default permission settings do not grant Local Activation 
permission for the COM Server application with CLSID 
{000C101C-0000-0000-C000-000000000046} and APPID 
{000C101C-0000-0000-C000-000000000046}  to the user 
NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost 
(Using LRPC) running in the application container Unavailable SID 
(Unavailable). This security permission can be modified using the 
Component Services administrative tool.
Event Xml:
...

The error seems to occur in a block of times, randomly on any given day.  There error seems simple to resolve: just grant NETWORK SERVICE local activation permission.  However, checking in the server Component Services for the component,

and then viewing the properties of that component,

you find that you cannot modify its properties.

Solution

1. Login to the machine using an administrator account.
2. Launch an elevated command prompt.
3. Execute: regedit.exe.
4. Navigate the tree to: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{000C101C-0000-0000-C000-000000000046}. 
   
5. Right-click the key and then select Permissions.
6. Click the Advanced button.  By default, the TrustedInstaller account has full control.

   Though it may appear that you can edit the permissions of the listed accounts and groups, if you attempt to do so, you will experience an error:
   

   

7. Click the Change link at the top right.
8. Enter the local Administrators group, and then click OK.
9. Now select the local administrators group, and then click the Edit button.
10. Change the permissions to Full Control, and then click OK.
11. Click OK again and again.
12. Close the registry editor.
13. Close the Component Services control panel.

    You can try again right-clicking the component and editing its security settings, but you will likely find them still disabled.  This is because the Component Services panel reflects the security settings that were active at the time you first opened it.  To see the changes, you need to close and re-open the panel.

14. Open the Component Services control panel as Administrator.
15. Expand the tree under Console Root to DCOM Config.
16. In the right panel, scroll down until you find 000C101C-0000-0000-C000-000000000046.
17. Right-click this component, and then select Properties.
18. Select the Security tab.
    
19. In the Launch and Activation Permissions group, select the Customize option and then click the Edit button.
20. Add the NETWORK SERVICE account, and then grant it Local Launch (likely already selected) and Local Activation.
    
21. Click OK.

References

1. Error 10016: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046}
2. Event ID 10016, KB 920783, and the WSS_WPG Group
3. Event ID error messages 10016 and 10017 are logged in the System log after you install Windows SharePoint Services 3.0

Notes

• This seems to be a common error that occurs in farms, as I have seen it occur 2007, 2010 and now 2013 SharePoint versions, across all server types (WFE, App, etc).
• All farm servers are Windows Server 2012.