Event ID: 10016 Source: DistributedCOM, how to know the APPID corresponds to


Event ID: 10016
Source: DistributedCOM
Description:
The application-specific permission settings donot grant Local Launch permission for the COM Server application with CLSID
{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}
 and APPID
{B292921D-AF50-400C-9B75-0C57A7F29BA1}
 to the user NT AUTHORITYSYSTEM SID(S-1-5-18) from address LocalHost (Using LRPC). This security permission can bemodified using the Component Services administrative tool.
APPID{B292921D-AF50-400C-9B75-0C57A7F29BA1} corresponds to the DCOM NAP AgentService, which in turn is part of the Network Access Protection Agentservice.
Search the Registryfor the CLSID to determine what product is calling the NAP Agent ServiceAPPID.  In this case the CLSID is the Quarantine Private SHA Bindingclass, which is a Kaspersky Anti-virus product.
By default the serviceNetwork Access Protection Agent is stopped and the Start Type is set toManual.
Cause:
The DCOM error isbeing generated because the application’s SHA encryption module is trying toregister with the NAP Agent even when NAP is not enabled.  Severalapplications are known not to verify the NAP Agent is running before attemptingto register themselves.
Solution:
Method 1
This DCOM error can beignored if you don’t use NAP in your current environment. 
Method 2
Enable the NetworkAccess Protection Agent
Method 3
Contact the vendor ofthe software trying to register with the NAP Agent to see if they have releaseda fix for this issue

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s