Event ID 10016 may be logged in the System log on a computer that is running Windows Server 2003 with Service Pack 1

Applies to: Microsoft Windows Server 2003 Service Pack 1Microsoft Windows Server 2003 Standard Edition (32-bit x86)Microsoft Windows Server 2003 Enterprise Edition (32-bit x86)

Symptoms


On a computer that is running Microsoft Windows Server 2003 with Service Pack 1 (SP1), an event that resembles the following may be logged in the System log:

Cause


This issue may occur if the netman component in DCOM does not have the following permissions:
  • Remote Launch
  • Local Activation
  • Remote Activation

Resolution


To resolve this issue, grant the permissions that are mentioned in the "Cause" section to the netman component in DCOM. To do this, follow these steps:
  1. Click Start, click Run, type dcomcnfg, and then click OK.
  2. In Component Services, double-click Component Services, and then double-click Computers.
  3. Expand My Computer, expand DCOM Config, and then click netman in the DCOM Config node.
  4. Right-click netman, and then click Properties.
  5. In the netman Properties dialog box, click the Security tab.
  6. Under Launch and Activation Permissions, click Edit.
  7. In the Launch Permission dialog box, click Add.
  8. In the Enter the object names to select box, type Network Service, and then click OK.
  9. While Network Service is selected, click to select the Allow check boxes for the following items:
    • Remote Launch
    • Local Activation

    • Remote Activation

  10. Click OK two times.

More Information


DCOM security enhancements in Windows Server 2003 SP1

Microsoft Windows operating systems that are based on the Microsoft Windows NT kernel rely on remote procedure call (RPC) services to run. These operating systems include Microsoft Windows XP and Windows Server 2003. DCOM gives users a convenient way to use RPC services to distribute COM applications across their networks.

Windows Server 2003 SP1 helps enhance security in DCOM and RPC. RPC with DCOM lets you start or call a program on another computer. However, this ability makes RPC more vulnerable to malicious users. To help defend against this vulnerability, Windows Server 2003 SP1 verifies every program call against a computer-wide discretionary access control list (DACL). This process provides a minimum authorization standard for all program calls on a computer. The process does this by maintaining a list of users who have and do not have permission to access a system service.

Although many COM applications include some security-specific code, they may use weak settings. Therefore, the settings may grant unauthenticated access to a process. In earlier versions of Windows Server 2003, an administrator cannot override these settings to stregthen security.

The enhanced DCOM computer restriction settings that are included in Windows Server 2003 SP1 help administrators control incoming calls that use DCOM.

For more information about the DCOM security enhancements that are included in Windows Server 2003 SP1, visit the following Microsoft Web site:http://technet2.microsoft.com/WindowsServer/en/library/4c9a2873-2010-4dbb-b9dd-6a7d1e275f0f1033.mspx?mfr=true