Event ID 10016 and "failed to perform search request" errors using Archive Explorer

book

Article ID: 100021215

calendar_today

Updated On:

Description

Error Message

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: S-1-5-21-2806425669-1845551589-1542785695-10622
Computer: EVServer
Description:
The application-specific permission settings do not grant Remote Launch permission for the COM Server application with CLSID {EB0F5829-7144-4978-9C14-AEE8EC8E7249} to the user Domain\User SID (S-1-5-21-2806425669-1542785695--10622) from address 10.0.0.1. This security permission can be modified using the Component Services administrative tool.
v-437-10016

Cause

DCOM permissions

Resolution

The CLSID shown in the Event may be different in each circumstance. This CLSID will match the DCOM component GUID. To find the correct Application name that relates to the GUID mentioned, follow these steps:
  1. Open the Registry
     
  2. Copy the complete GUID, including the {}
     
  3. Click in the Registry toolbar and choose Edit -> Find...
     
  4. Paste the GUID into the Find what textbox and select Match whole string only.
     
  5. Click on Find Next.

Once the application name which the GUID refers to has been found perform the following steps with regard to DCOM configuration:
  1. Click Start > Run  and type dcomcnfg (followed by return)
     
  2. Expand Component Services > Computers > My Computer > DCOM Config.
     
  3. Find the Application name in the list of components.
     
  4. Right-click on the application and choose Properties.
     
  5. Click on Security and edit Launch and Activation Permissions.
     
  6. Add the Everyone and Anonymous Logon user and allow all Local and Remote Launch and Activation options
     
  7. Click on Edit Access Permissions and add the Everyone group and allow both Local and Remote Access.

After setting the DCOM permissions, follow these steps for the Local Security Policy:
  1. Open the Local Security policy (Start > Run > secpol.msc).
     
  2. Open Local Policies > Security Options.
     
  3. Select the DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax, right click and choose Properties.
     
  4. Click Edit Security.
     
  5. Add the Anonymous Logon user and allow all Local and Remote Launch and Activation options.
     
This should then allow the search to perform as expected, and for the system to not log further DCOM errors.
 

 

Issue/Introduction

While performing a search using Enterprise Vault Search (EVS), the error "failed to perform search request" appears and EventID 10016 is logged in the Windows System Event log.

Additional Information

ETrack: 1632351
Powered by Wolken Software