For some reason, There is no way to map C: drive of DC1 from any machine on
network. The DC1 is still operational. On DC2, I can remotely start the Event
Log on DC1, Manage DC1 and map d$ but not c$ on DC1. Nobody can logon
locally, it logs you out immediately. There are some services cannot start
because file/path not found (C: is not accessible) Any way to logon locally?
The logs are below, warning message 1202 is repeat every 5 min.
Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 11/29/2004
Time: 6:47:27 PM
User: N/A
Computer: DC1
Description:
Security policies are propagated with warning. 0x534 : No mapping between
account names and security IDs was done.
For best results in resolving this event, log on with a non-administrative
account and search
http://support.microsoft.com for "troubleshooting 1202
events".
A user account in one or more Group policy objects (GPOs) could not be
resolved to a SID. This error is possibly caused by a mistyped nor deleted
user account referenced in either the User Rights or Restricted Groups branch
of a GPO. To resolve this event, contact an administrator in the domain to
perform the following actions:
1.Identify accounts that could not be resolved to a SID: From the command
prompt, type: FIND /I "Cannot find" %SYSTEMROOT%\Security\Logs\winlogon.log
The string following "Cannot find" in the FIND output identifies the problem
account names.
Example: Cannot find JohnDough.
In this case, the SID for username "JohnDough" could not be determined. This
most likely occurs because the account was deleted, renamed, or is spelled
differently (e.g. "JohnDoe").
2.Identify the GPOs that contain the unresolvable account name:
From the command prompt type FIND /I "JohnDough"
%SYSTEMROOT%\Security\templates\policies\gpt*.*
The output of the FIND command will resemble the following:
---------- GPT00000.DOM
---------- GPT00001.DOM
SeRemoteShutdownPrivilege=JohnDough
This indicates that of all the GPO’s being applied to this machine, the
unresolvable account exists only in one GPO. Specifically, the cached GPO
named GPT00001.DOM.
Now we need to determine the friendly name of this GPO in the next step.
3. Locate the friendly names of each of the GPOs that contain an
unresolvable account name. These GPOs were identified in the previous step.
From the command prompt, type: FIND /I "[Mapping]"
%SYSTEMROOT%\Security\Logs\winlogon.log
The string following "[Mapping] gpt0000?.dom =" in the FIND output
identifies the friendly names for all GPO’s being applied to this machine.
Example: [Mapping] gpt00001.dom = User Rights Policy
In this case, the GPO that contains the unresolvable account (gpt00001.dom)
has a friendly name of "User Rights Policy".
4. Remove unresolved accounts from each GPO that contains an unresolvable
account.
a. Start -> Run -> MMC.EXE
b. From the File menu select "Add/Remove Snap-in…"
c. From the "Add/Remove Snap-in" dialog box select "Add…"
d. In the "Add Standalone Snap-in" dialog box select "Group Policy" and
click "Add"
e. In the "Select Group Policy Object" dialog box click the "Browse" button.
f. On the "Browse for a Group Policy Object" dialog box choose the "All" tab
g. Right click on the first policy identified in step 3 and choose edit
h. Review each setting under Computer Configuration/ Windows Settings/
Security Settings/ Local Policies/ User Rights
Assignment or Computer Configuration/ Windows Settings/ SecuritySettings/
Restricted Groups for accounts identified in step 1.
i. Repeat steps 3g and 3h for all subsequent GPOs identified in step 3.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/29/2004
Time: 1:11:41 PM
User: N/A
Computer: DC1
Description:
The Trend ServerProtect Agent service failed to start due to the following
error:
The system cannot find the path specified.
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5723
Date: 11/29/2004
Time: 5:21:43 PM
User: N/A
Computer: DC1
Description:
The session setup from the computer WORKSTATION failed because there is no
trust account in the security database for this computer. The name of the
account referenced in the security database is WORKSTATION$.
Data:
0000: 8b 01 00 c0 ..À
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5790
Date: 11/29/2004
Time: 5:33:23 PM
User: N/A
Computer: DC1
Description:
The description for Event ID ( 5790 ) in Source ( NETLOGON ) cannot be
found. The local computer may not have the necessary registry information or
message DLL files to display messages from a remote computer. The following
information is part of the event: WORKSTATION, Access is denied. .
Data:
0000: 22 00 00 c0 "..À
Similar Threads
