CO_E_INIT_SCM_EXEC_FAILURE on OLE launch fix

Quick answer for advanced users

Run regsvr32 /s %windir%\system32\ole32.dll from an elevated command prompt, then restart the OLE service with net start SBSVC. That registers the COM infrastructure again and re-creates the security descriptor for SBSVC. No reboot needed.

Why this happens

You're looking at CO_E_INIT_SCM_EXEC_FAILURE (0x80004011) when you try to launch any COM+ application or even open Component Services snap-in. The exact trigger I've seen most often: you install some third-party middleware that tweaks DCOM security, or you accidentally nuke the COM registration database during an uninstall of a development tool. What's actually happening here is the Service Control Manager (SCM) can't start the OLE service — its internal name is SBSVC. The SCM tries to launch SBSVC, that fails because the service's security descriptor in the registry is corrupted or missing, and Windows returns 0x80004011. The registry path involved is HKLM\SYSTEM\CurrentControlSet\Services\SBSVC\Security. If that key's SDDL string is wrong, the SCM refuses to start the service. Funny thing: the service binary itself (ole32.dll) is intact, but the launch permission is gone.

Step-by-step fix

1. Open an admin command prompt. Press Win+R, type cmd, hit Ctrl+Shift+Enter. Accept UAC.
2. Stop the OLE service if it's stuck. Run net stop SBSVC. If it says the service isn't running, ignore the error — we're just making sure.
3. Re-register the COM+ core DLL. Run this:
   

   regsvr32 /s %windir%\system32\ole32.dll

   The /s flag suppresses the annoying popup. What this does: it re-creates the registry entries for COM infrastructure, including the Security subkey under SBSVC. The reason step 3 works is that regsvr32 calls the DLL's DllInstall routine, which regenerates the default security descriptor for SBSVC. That descriptor was missing or corrupted.
4. Start the service. Run net start SBSVC. You should see 'The OLE service started successfully.'
5. Verify. Open Component Services (dcomcnfg) and try to expand 'Component Services' > 'Computers' > 'My Computer'. It should load without the error.

Alternative fix if the main one fails

If re-registering doesn't help, the problem might be a corrupted COM+ catalog. Try this:

1. Open an admin command prompt.
2. Run cd /d %windir%\system32\Com
3. Run regsvr32 /s comsvcs.dll (this re-registers the COM+ services DLL).
4. Then run regsvr32 /s comadmin.dll (the COM+ admin library).
5. Restart the OLE service again with net stop SBSVC && net start SBSVC.

If you're on a domain controller or a machine with Active Directory installed, you might also need to reset the DCOM launch permission via dcomcnfg > 'My Computer' properties > 'COM Security' tab. Click 'Edit Default' under 'Launch and Activation Permissions' and make sure 'Administrators' group has 'Local Launch' and 'Local Activation' allowed.

Prevention tip

Don't blindly uninstall apps that hook into COM+ — like certain antivirus or legacy backup tools. Before uninstalling, check if they registered custom COM components. If you see HKLM\SOFTWARE\Classes\AppID entries tied to the software, note them down. After uninstall, verify SBSVC still has its Security registry key. You can check with sc sdshow SBSVC — it should return a long SDDL string starting with D:(A;;CCLCSWLOCRRC;;;AU). If it returns anything shorter or empty, re-run the regsvr32 fix above. I keep that command in a batch file on my servers just in case.