Windows Server 2016 – Event ID 7000 & 7009

November 8, 2017

More Event ID Errors, it does not seem to stop … ?

Event ID 7000 and 7009 relating to a Service not starting at reboot.

image

The WseMgmtSvc service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

SOLUTION :

Go to Services and find Windows Server Essentials Management Service

image

Change the startup to Automatic – Delayed Start

image

Advertisements

Windows Server 2016 – Event ID 10016 DCOM Error

November 6, 2017

Recurring Errors Event ID 10016 in Eventlog

image

1. After investigating the root cause of this error I checked the registry for key

CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}

image

Check the OWNER permissions on this key using ADVANCED button.

image

Make sure it has SYSTEM as Owner. Which was already the case Sad smile

2. Next step would be the op de DCOMCNFG  and look for the CDP Activity Store

To check the Security Permissions, but I could not find it Sad smile

image

3. Next go to the Services and look for something like CDPxxx

Aha ! Here you find an interesting lead …

image

I restarted the service and watched the Event Viewer again. And indeed the error appeared again.

So this service was the root cause. Smile

When looking at the startup credentials it looked really strange

image

So I changed it to System and restarted it again, but no luck same error

And I had an other error appearing … ?

image

So finally I decided to disable the service using the registry …

image

Make sure you take the correct CDP registry key because there are multiple.

image

After login in and out again, I noticed that the service had changed again to 2 !! Sad smile

So you need to go the long way.

See here how to https://www.windows10forums.com/articles/event-id-10016-distributedcom.47/

If you look at the Event Viewer details you can see these 2 GUIDS

image

In order to set the proper ACL Security you need to download the tool mentioned in the blog above

image

SetACL and copy to \System32 folder.

I run the commands suggested in the blog and had 1 error :

– reg query “HKEY_CLASSES_ROOT\CLSID\{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}” /ve

– reg query “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F72671A9-012C-4725-9D2F-2A4D32D65169}” /ve

image

– SetACL.exe -on “HKEY_CLASSES_ROOT\CLSID\{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}” -ot reg -actn setowner -ownr “n:Administrators”

– SetACL.exe -on “HKEY_CLASSES_ROOT\CLSID\{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}” -ot reg -actn ace -ace “n:Administrators;p:full”

– SetACL.exe -on “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F72671A9-012C-4725-9D2F-2A4D32D65169}” -ot reg -actn setowner -ownr “n:Administrators”

– SetACL.exe -on “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F72671A9-012C-4725-9D2F-2A4D32D65169}” -ot reg -actn ace -ace “n:Administrators;p:full”

image

To fix it open the Regedit and set the OWNER to Administrator, it was having TRUSTEDINSTALLER.

image

Run the SETACL command again and it will work now.

Now that you access to the settings open DCOMCNFG. find the GUID

image

And set the proper security for the USER mentioned in the Event Viewer that was having ACCESS denied errors

image

Success !