How to fix NAP Agent Service DCOM Error

Author: NetworkAdminKB.com
Created: 2011-02-23
Modified: 2011-03-08

Issue:

The following event appears in the System Event Log periodically

 

Event ID: 10016

Source: DistributedCOM

Description:

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

 and APPID

{B292921D-AF50-400C-9B75-0C57A7F29BA1}

 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

 

APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} corresponds to the DCOM NAP Agent Service, which in turn is part of the Network Access Protection Agent service.

 

Search the Registry for the CLSID to determine what product is calling the NAP Agent Service APPID.  In this case the CLSID is the Quarantine Private SHA Binding class, which is a Kaspersky Anti-virus product.

 

By default the service Network Access Protection Agent is stopped and the Start Type is set to Manual.

 

Cause:

The DCOM error is being generated because the application’s SHA encryption module is trying to register with the NAP Agent even when NAP is not enabled.  Several applications are known not to verify the NAP Agent is running before attempting to register themselves.

 

Solution:

Method 1

This DCOM error can be ignored if you don’t use NAP in your current environment. 

 

Method 2

Enable the Network Access Protection Agent

 

Method 3

Contact the vendor of the software trying to register with the NAP Agent to see if they have released a fix for this issue.

Article ID: 351, Created On: 9/20/2011, Modified: 9/20/2011