Every time a maintenance plan generated SQL agent job tries to execute, the following error occurs in the system event log:
Log Name: System
Date: 02.02.2013 16:00:02
Event ID: 10016
Task Category: None
User: SQL AGENT Service account
Computer: SQL Server
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
to the user “SQL AGENT Service account ”SID (S-1-5-21-) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Searching the registry for the CLSID revealed that the DCOM application in question is MsDtsServer100:
A quick peek in the settings reveals that only local administrators and SYSTEM are granted the Local Launch permission by default:
During further analysis I discovered that this error only occurred on one of the cluster nodes (the server in question is part of a two node failover cluster). I then found that the SQLAgent service account was added to local admins on the other cluster node, but not on this one. Whether or not the SQL Agent service account should be a member of local admins or not is debatable, but it sure gives you a lot of gripe if it isn’t.
1: Add the SQL Agent service account to the local administrators group on the server.
2: Or give the SQL Agent service account explicit local launch permissions on MsDtsServer100 using dcomcnfg: