We have an application that runs on several Windows 2008 R2 servers. One server is getting errors. IIS7, Asp.Net, VB.Net code tries to do a CreateObject of a component (VB6 ActiveX dll) hosted in Component Services, COM+ application. COM+ application, Security: Enforce access checks for this application: unchecked! COM+ application, Identity has been tested with domain user which is member of Local Administrators and "Interactive user". The COM+ application settings is exactly the same as for other servers with no problem. IIS7, Asp.Net, VB.Net code, called by xxx\AdminUser, member of Local Administrators in Internet Explorer on server: objClass = CreateObject("CustomComponent.Class") Error: System.Exception: Cannot create ActiveX component. Comments: web.config: <system.web><identity impersonate="true"/><authentication mode="Windows"/> App pool account is set to a domain user which is member of Local Administrators and IIS_IUSRS. If a vbscript is executed by same user xxx\AdminUser on server: Set objClass = CreateObject("CustomComponent.Class") No error! What security settings on Windows 2008 can cause this behaviour? Eventlog: Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2010-08-25 11:08:42 Event ID: 10016 Task Category: None Level: Error Keywords: Classic User: xxx\AdminUser Computer: HKRM001.xxx Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {3C9AE404-F41C-41C0-9492-6D1C171227D9} and APPID {C23F9DB7-5752-4BE3-BEBC-B6D51EF291C5} to the user xxx\AdminUser SID (S-1-5-21-17504556-1190397940-1991257822-4610) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Comments: CLSID {3C9AE404-F41C-41C0-9492-6D1C171227D9}: CustomComponent.Class (VB6 ActiveX dll, called above) APPID {C23F9DB7-5752-4BE3-BEBC-B6D51EF291C5}: COM+ Application, Component Services (APPID not found under DCOM config or AppId in registry as it is a COM+ Application) Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 2010-08-25 11:08:42 Event ID: 10016 Task Category: None Level: Error Keywords: Classic User: xxx\AdminUser Computer: HKRM001.xxx Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {ECABAFBC-7F19-11D2-978E-0000F8757E2A} and APPID {02D4B3F1-FD88-11D1-960D-00805FC79235} to the user xxx\AdminUser SID (S-1-5-21-17504556-1190397940-1991257822-4610) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Comments: CLSID {ECABAFBC-7F19-11D2-978E-0000F8757E2A}: comsvcs.dll APPID {02D4B3F1-FD88-11D1-960D-00805FC79235}: Component Services, System Application (APPID not found under DCOM config or AppId in registry as it is a COM+ Application)

To correct this error do the following: 1. Open Component Services, go to Computers -> My Computers -> DCOM Config. 2. Expand DCOM config until you get down to the CLSID, they appear after the named items. 3. Right click the CLSID, check the launch parameters; they will probably be set to custom and not containing any accounts. 4. Use the SID in the event log item, run it against PsGetSid, to get which account is needed. 5. Put that account in and configure the necessary requested launch permissions. I recommand also that you have a look to this link: http://www.eventid.net/display.asp?eventid=10016&eventno=4718&source=DCOM&phase=1 Best regards.

To correct this error do the following: 1. Open Component Services, go to Computers -> My Computers -> DCOM Config. 2. Expand DCOM config until you get down to the CLSID, they appear after the named items. 3. Right click the CLSID, check the launch parameters; they will probably be set to custom and not containing any accounts. 4. Use the SID in the event log item, run it against PsGetSid, to get which account is needed. 5. Put that account in and configure the necessary requested launch permissions. I recommand also that you have a look to this link: http://www.eventid.net/display.asp?eventid=10016&eventno=4718&source=DCOM&phase=1 Best regards.

Is this application and the VB 6 ActiveX DLL 32 bit or 64 bit? -- Mike Burr

CLSID not found under DCOM config since it is an ActiveX DLL running in a COM+ Application.

VB 6 ActiveX DLL 32 bit

This was helpful! Thanks! Fayssal El Moufatich