question

viren2703 avatar image
0 Votes"
viren2703 asked CandyLuo-MSFT edited

How To supress EventID 10016 from Server through XML query

Hi Team,
Microsoft published article to ignore alert 10016 or change permission on registry, DCOM through PowerShell. Microsoft not recommending to change permission so I will suppress the event from Event viewer. (https://docs.microsoft.com/en-us/troubleshoot/windows-client/application-management/event-10016-logged-when-accessing-dcom#workaround)
Now, I am login one server Open Event Viewer > Custom Views > Create Custom Views >
click on XML and paste below query there ( I have changed the value as per instruction but still not able to suppress the event from server.

param1 application-specific
param2 Local
param3 Activation
param4 {D63B10C5-BB46-4990-A94F-E40B9D520160}
param5 {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
param6 USAAPP011
param7 SolarwindSC
param8 S-1-5-21-24129734311-1542330202-33436134825-1190
param9 LocalHost (Using LRPC)

i am not getting any error but unable to suppress the event from Event viewer .

<QueryList>
<Query Id="0" Path="System">
<Select Path="System"></Select>
<Suppress Path="System">
[System[(EventID=10016)]]
and
*[EventData[
(
Data[@Name='param4'] and Data='{D63B10C5-BB46-4990-A94F-E40B9D520160}' and
Data[@Name='param5'] and Data='{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}' and
Data[@Name='param4'] and Data='S-1-5-21-24129734311-1542330202-33436134825-1190'
)
]]
</Suppress>
</Query>
</QueryList>

Can expert help me to resolve the issue or share your input how you suppress event ID 10016 for specific one SID.

windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

CandyLuo-MSFT avatar image
0 Votes"
CandyLuo-MSFT answered CandyLuo-MSFT edited

Hi,

From your post:

102386-1.jpg

Param8 corresponds to the security context SID instead of param4. Change the yellow marked param4 to Param8 and then see if it can works.

Best Regards,
Candy


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


[1]: /answers/storage/attachments/102319-1.jpg


1.jpg (43.8 KiB)
1.jpg (55.3 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.