Geeks With Blogs

Mike H. - Another Geek In Need... WebLog

You may see this error - more than once - when working with your Microsoft Office SharePoint Server (MOSS) 2007 deployment. This animal / error generally shows itself after you have applied an upgrade to an existing deployment. For example, when upgrading from B2 MOSS to B2TR MOSS - or when applying a special service pack from MSFT - you may begin to see a lot of these errors pop up in the SYSTEM event log.

The error CLSID is followed by a class ID for the DCOM+ application that the service account trying to activate that application - does NOT have permission to activate.

For example, let's say I installed MOSS on a server, and used the account mossService as the service account (a least privileged, user account you created to run the MOSS service(s))., when I get this error, I could very well see an error like the following:

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{61738644-F196-11D0-9953-00C04FD919C1}

to the user <serverName>\mossService SID (S-1-5-21-<serviceSID>). This security permission can be modified using the Component Services administrative tool.

Copy the GUID following the CLSID above, and Start-->Run-->regedit

With the registry editor open, ensure that your cursor is on the computer at the beginning of the tree (make sure you are not in the middle of some previous edit session in the registry editor).

Edit-->Find and paste in the GUID. It'll stop at the application entry - and you will want to note the application name on the right side pane. In this example, it was the IIS WAMREG admin service that popped up.

Now, open Component Services (typically, from the server - Start-->Administrative Tools-->Component Services), expand Component Services, Computers, My Computer, DCOM Config. Scroll down and find the application (IIS WAMREG in this case). Right-Click-->Properties and select the Security tab. You'll have some options here - the first block Launch and Activation Permissions - ensure that the Customize radio button is selected, and click Edit. Now, add your service account - giving it launch and activate - and in some requirements - remote launch / activate permission.

Restart IIS and continue on.

NOTE: This is not applicable to MOSS setups only - and hopefully this will help someone else that sees these annoying DCOM errors in their SYSTEM event log.

Regards...

Posted on Tuesday, December 19, 2006 5:47 AM SharePoint Services , Microsoft Office SharePoint Server 2007 (MOSS) | Back to top


Comments on this post: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited
Requesting Gravatar...
Thanks Mike! I had the same issue. I found your posting via google even though we are in the same office...lol
Left by Mark Van Dyke on Jan 03, 2007 1:16 PM

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited
Requesting Gravatar...
Thanks.. Your post was of Great help to me.. I had a similar issue
Left by Harpreet on Jan 03, 2007 9:35 PM

# Backup and Restore with WSS3
Requesting Gravatar...
Have you ever had one of those easy jobs that just turned into a gigantic mess?Haven't we all...The new...
Left by Eben's blog on Jan 08, 2007 3:55 PM

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited
Requesting Gravatar...
Ditto the thanks, fixed an identical problem in WSS 3.0
Left by Ken on Jan 16, 2007 4:50 PM

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited
Requesting Gravatar...
This helped us with a wierd SMS Management Point issue we were seeing in our virtual lab.

Thanks :)
Left by John Sussenberger on Jan 19, 2007 11:25 AM

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited
Requesting Gravatar...
The problem is almost fixed. I'm not sure which account should I give the permission to. In my event log it is saying NT Authority\Network service SID. How can I tell what user account has been used to run this?
Left by Wilkin on Jan 21, 2007 8:11 PM

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited
Requesting Gravatar...
Hey Wilkin,

The user account is the one you're actually seeing in the event log. NETWORK SERVICE is being used and you are apparently receiving an error that it does not have the permissions for the DCOM application.

First, identify which application is in question. If it is something like SQL Server or BizTalk Server - you may have a issue that goes beyond the scope of my post. Please let me explain...

The NETWORK SERVICE and often local SERVICE accounts are used to execute services - like SQL Server, BTS, and very commonly, IIS application pools (AppPool). If these applications need to access remote servers - then you will need to create a specific service account to run that service. For example, if you have an IIS application that needs to connect to SQL Server on a remote server - NETWORK SERVICE will fail in this context because it is not allowed to access remote servers - this is by design. This is why it is a best practice to plan the accounts for the services that will be running.

Now, in scope of my original post - the issue is that a user account or even NETWORK SERVICE or local SYSTEM does not have launch or activate permissions - for one reason or another. You have to determine which application is in question, and follow the post to add the account to the launch/activate permissions.

If you have not resolved the issue - then it is very likely you are dealing with my previous desciption - a service / application that is needing to access a remote server.

Please feel free to ping me with details / particulars if you still cannot resolve the issue - and I will be more than happy to try and help.
Left by MikeH on Jan 21, 2007 9:13 PM

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited
Requesting Gravatar...
hi Mike, great article, thanks very much.

I am getting the *exact* same error and the user that needs authorization is NT AUTHORITY\NETWORK SERVICE.

I copied the GUID which is {0C0A3666-30C9-11D0-8F20-00805F2CD064}, following your instructions, the service that popped up on right side pane is appid followed by a long character starting with 9209B1A6-xxxx.
I could not find either the appid or this long character in Component Services. Any idea what I could be doing wrong?
Left by simflex on Feb 05, 2007 9:20 AM

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited
Requesting Gravatar...
Hi Simflex,

The AppId is representative of the application and on the right side you should see more information. If all you are seeing IS the app ID on the right side - that's a pain!.

It is possible that the DCOM application is Network Connection Manager. I have seen this periodically when I have run into a server that has a group policy that is broke / disconnected.

Is IIS running on this host? If it is, open inetmgr (IIS Admin Console), epand web application pools, select the DefaultWebApp - right-click -> Properties - and under identity - change it from NETWORK SERVER to LOCAL SERVICE - you'll receive a warning - but proceed anyway.

Stop and re-start the application pool. Now, change it back to NETWORK SERVICE.

Now restart the computer.

Check and see if you're still getting the same errors.

It is very likely that you have a disconnect between a service / user account that 'was' being allowed to run a service - and it no longer is.

Let me know.
Left by MikeH on Feb 05, 2007 11:47 AM

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited
Requesting Gravatar...
Thank you mightily for your response Mike. It was indeed very nice of you.

I have done *exactly* as you have suggested but but the problem persists.

This is the more frequent occurrance now:

Driver Microsoft Office Document Image Writer Driver required for printer Microsoft Office Document Image Writer is unknown. Contact the administrator to install the driver before you log in again.

Thanks again for your response.
Left by simflex on Feb 05, 2007 12:51 PM

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited
Requesting Gravatar...
Hi

I am having exactly the same error. I am currently looking further into this problem and I am curious as to what this service does, and why it is using the network service account. It appears to me that this problem is using the account that is entered into the "Security account for this Application Pool" when the web application is created.

Any thoughts/comments would be greatly appreciated.
Left by Anthony on Feb 11, 2007 7:27 PM

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited
Requesting Gravatar...
Hi Anthony,

I apologize for not being able to get back to you sooner.

'What' the WEGRAM Admin service does it not very well documented - and you would likely find many at MSFT that simply would not know either.

Suffice to say, without it you can connect individually, or register another service with IIS.

There are times - when you're installing a server product, or even 3rd party add-on product - that the configuration for the launch/activation of this service can get buggered up.

For MOSS - it was simply enough to solve - but this may not always be the case.

Researching issues with the service reveals that 90%+ of those blogged issues has to do with ASP/ASP.Net applications - and not specific DCOM configuration issues that get hosed up like I ran into.

Please feel free to share anything more you find out about the service - I know that many in the community would appreciate that.
Left by MikeH on Feb 15, 2007 11:31 AM

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID - MOSS / SharePoint 2007 Server Issues Revisited
Requesting Gravatar...
Thanks for clearing the error. It really helps.
Left by Mbt on Mar 30, 2007 10:51 PM

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CL
Requesting Gravatar...
Looks like you copied this straight from: http://programminggems.blogspot.com/2007/02/application-specific-permission.html
Left by your conscience on Nov 13, 2007 9:04 PM

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CL
Requesting Gravatar...
"your conscience" - Did you bother to check the dates of the posts? The post on blogspot.com was 2 months after Mike's. Get a life.
Left by Get a life on Jan 11, 2008 5:04 PM

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CL
Requesting Gravatar...
Thanks a lot, your post helped us a lot!
Regards, Eugene
Left by Eugene on Feb 04, 2008 1:49 AM

# re: SharePoint 2007 Server Issues Revisited
Requesting Gravatar...
Awesome, big help! If you haven't already done so you should report the problem you used in the example as a bug in sharepoint services to microsoft. I had the same problem. Thanks for sharing the information.
Left by JT on Mar 20, 2008 1:48 AM

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CL
Requesting Gravatar...
I had this error, and the response from the Microsoft forum was this, but I can't get the file they describing. Any help?




Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.

Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".

<!-- Web.Config Configuration File -->

<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>


Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.

<!-- Web.Config Configuration File -->

<configuration>
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
</system.web>
</configuration>
Left by Jose on May 27, 2008 8:34 PM

# re: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CL
Requesting Gravatar...
Thx Mike,

This post saved me a lot of trouble!

Regards,
Sasa
Left by Sasa Popovic on Aug 15, 2008 6:28 AM

# Additional Step for Win 2008 R2
Requesting Gravatar...
In Windows 2008 R2 there is an additional step. The registry key you describe is owned by the TrustedInstaller and other users are only given read permission. The result is that DCOM permissions are grayed out. To fix this edit the permissions on the registry key and take ownership of it.

See detailed article here:

http://www.wictorwilen.se/Post/Fix-the-SharePoint-DCOM-10016-error-on-Windows-Server-2008-R2.aspx
Left by Eric on Dec 28, 2009 7:41 PM

# mbt trainers shoes
Requesting Gravatar...
MBT trainers shoes are physiological walking shoes. Masai Barefoot Technology´╝îor MBT for short and their manufacturer boasts great benefits of wearing and using MBT walking shoes properly.
Left by mbt walking shoes on Mar 25, 2010 8:44 PM

# Error 10016 For Windows Server 2008 R2
Requesting Gravatar...
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

For Windows Server 2008 R2
Left by Shaik on Apr 12, 2010 1:38 AM

# re: sshose
Requesting Gravatar...
mbt trainers

mbt trainers uk

mbt shoes us
Left by adwad on Aug 15, 2010 3:20 AM

Your comment:
 (will show your gravatar)
 


Copyright © Michael J. Hamilton, Sr. | Powered by: GeeksWithBlogs.net | Join free