DistributedCOM Event ID 10016

Today I encountered the following error in my event logs:

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}
and APPID
{B292921D-AF50-400C-9B75-0C57A7F29BA1}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

After a little digging through DCOM I was able to trace the APPID to the NAP Agent Service and the CLSID to the Quarantine Private SHA Binding class. 

The NAP Agent Service is a Microsoft service used to control Network Access for systems that don’t meet certain requirements.  More detail on it can be found here:

http://technet.microsoft.com/en-us/network/bb545879).

The Quarantine Private SHA Binding class is apparently an encryption module being called by one application or another.  Based on my reading I believe it is due to the SCCM client installed on the server.  Based on the following article, it would appear that the encryption module for some application is trying to register with the NAP agent:

http://networkadminkb.com/KB/a351/how-to-fix-nap-agent-service-dcom-error.aspx

Based on another article I read I think that in my case it is probably due to the SCCM client installed on the server. 

http://www.kozeniauskas.com/itblog/2010/10/28/dcom-event-10016/

I decided NOT to follow the suggestion to modify the DCOM permissions since they were probably configured that way for a reason.  Instead, I initially changed the Network Access Protection Agent service from Manual to Automatic and rebooted. It cleared the error, but upon second thought I decided that I didn’t want an unnecessary service running, especially if I didn’t know what other problems it might cause or what security holes I might be opening. 

My second swing at a resolution was to set the service back to manual and reboot, hoping that this was a one time registration and that it would not need to do it again.  It turned out that I was correct for a change, so my resolution steps are as follows:

  1. Set the NAP Agent Service to Automatic.
  2. Reboot (this allows SCCM to register with NAP).
  3. Set the NAP Agent Service back to manual and stop the service.
Advertisements
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: