I get this error in the event log on my Issuing CA on startup: Event Type: Error Event Source: DCOM Event Category: None Event ID: 10016 Date: 12/28/2010 Time: 10:58:46 AM User: MyDomain\administrator Computer: MyServer Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {D99E6E73-FC88-11D0-B498-00A0C90312F3} to the user MyDomain\Administrator SID (S-1-5-21-2722954942-458309614-2947989593-500). This security permission can be modified using the Component Services administrative tool. It doesn't seem to stop any functionality or starting up. I've looked in the registry and found the CLSID is for the CertSrv.Admin component, which I can't find in DCOMCNFG to check the permissions. Any ideas?

Hi, To better understand the issue, please help confirm the following: What OS version is running on the CA server? Does the event occur each time you restart the CA service? Is there any other error logged at the same time? Thanks.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hey Jason, Sorry for the lacking info... OS: WS03 R2 SP2 Yes, the event occurs each time the service is started/restarted No other error events logged correspond to it. The error occurs identically twice on startup. Thanks for any feedback!

You should look at the CertSvc component in DCOMCNFG. Else you can look up the APPID in registry under HKCR to confirm the service name. AccessPermission value there represents the application-specific permission settings. Its best to add it via the DCOM console.Sumesh P - Microsoft Online Community Support

Thanks Sumesh, As noted in my original post, I did go into the registry and found the COM component name. That COM component does not exist in DCOMCNFG.

I checked and found that the display name in dcomcfg is CertSrv Request, the service name is CertSvc which you can see in the properties. Can you check that?Sumesh P - Microsoft Online Community Support

Also make sure that the LOCAL SERVICE has explicit read rights under [This key and sub keys]: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg Missing permissions there has also resulted in the DCOM error shown above. Sumesh P - Microsoft Online Community Support