Config: Windows 2000 SBS Server SP4

I am getting the following error every 5 minutes.

Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 8/17/2003
Time: 10:22:09 AM
User: N/A
Computer: CASADO1
Description:
Security policies are propagated with warning. 0xb : An
attempt was made to load a program with an incorrect
format.

I can not change user passwords without getting the
complex password required warning, nor can I access the
domain controller's security policy to turn off this
policy. I get a message "Windows can not open template
file" in the Domain Controller Security policy MMC.

Anyone have any suggestions on how to go about regaining
access to the domain controllers policy so I can clear
this up? I am logging on as the Enterprise Admin, but no
luck.

Thanks,
Chad Roush

Recreatedefpol is very bad, you're better off troubleshooting the issue.
Enable winlogon logging and on your next post, attach a winlogon.log.

245422 How to Enable Logging for Security Configuration Client Processing in
http://support.microsoft.com/?id=245422

--Shawn
This posting is provided "AS IS" with no warranties and confers no rights.



"Chad Roush" <(E-Mail Removed)> wrote in message
news:02f601c36523$74470ce0$(E-Mail Removed)...
> Which GUID should I be checking under, I show 3 different
> entries.
> {6AC1786C-016F-11D2-945F-00C04fB984F9}
> {31B2F340-016D-11D2-945F-00C04FB984F9}
> {0A230AA9-12D4-4B93-A5B1-0C727D330C8C}
>
> I looked at each GptTmpl.inf file and didn't see any extra
> carriage returns.
>
> From looking through different messages I and found a
> reference to a Recreatedefpol.vbs utility that will
> rebuild the policies. Would this help with my problem too?
> If so, where do I go about finding this script?
>
> Thanks,
> Chad
> >-----Original Message-----
> >Hi Chad,
> >
> >This problem is usually a result of there being extra
> carriage returns in
> >the Group Policy file(s).
> >Remove any extraneous carriage returns in the GptTmpl.inf
> file. Each line
> >except the
> >header (lines with "[]") should take the
> format "Variable"="Value".
> >
> >You may want to check each GptTmpl.inf as one exists for
> each policy.
> >This should clear things up and allow you to access them
> again.
> >
> >
> >Tom Ausburne MCSE, MCSA
> >Windows 2000 Directory Services
> >
> >
> >
> >
> >"Chad Roush" <(E-Mail Removed)> wrote in message
> >news:1f6c01c364e4$7889e550$(E-Mail Removed)...
> >> Config: Windows 2000 SBS Server SP4
> >>
> >> I am getting the following error every 5 minutes.
> >>
> >> Event Type: Warning
> >> Event Source: SceCli
> >> Event Category: None
> >> Event ID: 1202
> >> Date: 8/17/2003
> >> Time: 10:22:09 AM
> >> User: N/A
> >> Computer: CASADO1
> >> Description:
> >> Security policies are propagated with warning. 0xb : An
> >> attempt was made to load a program with an incorrect
> >> format.
> >>
> >> I can not change user passwords without getting the
> >> complex password required warning, nor can I access the
> >> domain controller's security policy to turn off this
> >> policy. I get a message "Windows can not open template
> >> file" in the Domain Controller Security policy MMC.
> >>
> >> Anyone have any suggestions on how to go about regaining
> >> access to the domain controllers policy so I can clear
> >> this up? I am logging on as the Enterprise Admin, but
> no
> >> luck.
> >>
> >> Thanks,
> >> Chad Roush
> >>
> >
> >
> >.
> >

Found the extra carriage return in the line

SeEnableDelegationPrivilege =

Took it out and refreshed the policy and everything is
working now. I couldn't get the reply via email button to
work so I couldn't attach the file. If you still want it
let me know. How would an extra carriage return get in
that file if all modifications are being made to the
policy via the MMC?

Thank you all for your help.

Chad
>-----Original Message-----
>It looks Like Tom nailed it on the head. Could you send
us the gpttmpl.inf
>file? {31b...}
>
>--Shawn
>This posting is provided "AS IS" with no warranties and
confers no rights.
>
>
>"Chad Roush" <(E-Mail Removed)> wrote in message
>news:003501c365b1$7cb21c10$(E-Mail Removed)...
>> Thanks for your input, here is the log file.
>>
>> Chad
>>
>> Error 0 to send control flag 1 over to server.
>> GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
>> GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
>>
>> [Mapping] gpt00000.dom = Default Domain Policy
>> -------------------------------------------
>> 08/18/2003 04:34:46
>> Administrative privileged user logged on.
>> Invoke Registry Value Delay Filter.
>> Analyze machine\software\microsoft\windows
>> nt\currentversion\setup\recoveryconsole\securitylevel.
>> Analyze machine\software\microsoft\windows
>> nt\currentversion\setup\recoveryconsole\setcommand.
>> Analyze machine\software\microsoft\windows
>> nt\currentversion\winlogon\allocatecdroms.
>> Analyze machine\software\microsoft\windows
>> nt\currentversion\winlogon\allocatedasd.
>> Analyze machine\software\microsoft\windows
>> nt\currentversion\winlogon\allocatefloppies.
>> Analyze machine\software\microsoft\windows
>> nt\currentversion\winlogon\cachedlogonscount.
>> Analyze machine\software\microsoft\windows
>> nt\currentversion\winlogon\passwordexpirywarning.
>> Analyze machine\software\microsoft\windows
>> nt\currentversion\winlogon\scremoveoption.
>> Analyze
>>
machine\software\microsoft\windows\currentversion\policies\
>> system\disablecad.
>> Analyze
>>
machine\software\microsoft\windows\currentversion\policies\
>> system\dontdisplaylastusername.
>> Analyze
>>
machine\software\microsoft\windows\currentversion\policies\
>> system\legalnoticecaption.
>> Analyze
>>
machine\software\microsoft\windows\currentversion\policies\
>> system\legalnoticetext.
>> Analyze
>>
machine\software\microsoft\windows\currentversion\policies\
>> system\shutdownwithoutlogon.
>> Analyze
>>
machine\system\currentcontrolset\control\lsa\auditbaseobjec
>> ts.
>> Analyze
>>
machine\system\currentcontrolset\control\lsa\crashonauditfa
>> il.
>> Analyze
>>
machine\system\currentcontrolset\control\lsa\fullprivilegea
>> uditing.
>> Analyze
>>
machine\system\currentcontrolset\control\lsa\lmcompatibilit
>> ylevel.
>> Analyze
>>
machine\system\currentcontrolset\control\lsa\restrictanonym
>> ous.
>> Analyze
>>
machine\system\currentcontrolset\control\print\providers\la
>> nman print services\servers\addprinterdrivers.
>> Analyze
>> machine\system\currentcontrolset\control\session
>> manager\memory management\clearpagefileatshutdown.
>> Analyze
>> machine\system\currentcontrolset\control\session
>> manager\protectionmode.
>> Analyze
>>
machine\system\currentcontrolset\services\lanmanserver\para
>> meters\autodisconnect.
>> Analyze
>>
machine\system\currentcontrolset\services\lanmanserver\para
>> meters\enableforcedlogoff.
>> Analyze
>>
machine\system\currentcontrolset\services\lanmanserver\para
>> meters\enablesecuritysignature.
>> Analyze
>>
machine\system\currentcontrolset\services\lanmanserver\para
>> meters\requiresecuritysignature.
>> Analyze
>>
machine\system\currentcontrolset\services\lanmanworkstation
>> \parameters\enableplaintextpassword.
>> Analyze
>>
machine\system\currentcontrolset\services\lanmanworkstation
>> \parameters\enablesecuritysignature.
>> Analyze
>>
machine\system\currentcontrolset\services\lanmanworkstation
>> \parameters\requiresecuritysignature.
>> Analyze
>>
machine\system\currentcontrolset\services\netlogon\paramete
>> rs\disablepasswordchange.
>> Analyze
>>
machine\system\currentcontrolset\services\netlogon\paramete
>> rs\requiresignorseal.
>> Analyze
>>
machine\system\currentcontrolset\services\netlogon\paramete
>> rs\requirestrongkey.
>> Analyze
>>
machine\system\currentcontrolset\services\netlogon\paramete
>> rs\sealsecurechannel.
>> Analyze
>>
machine\system\currentcontrolset\services\netlogon\paramete
>> rs\signsecurechannel.
>> Analyze
>>
MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl.
>> Analyze MACHINE\Software\Microsoft\Non-Driver
>> Signing\Policy.
>> Analyze MACHINE\Software\Microsoft\Driver
>> Signing\Policy.
>> Parsing template
>> C:\WINNT\security\templates\policies\gpt00000.dom.
>> Copy local policy.
>>
>>
>> ----Un-initialize configuration engine...
>>
>> [Mapping] gpt00001.inf = Default Domain Controllers
Policy
>> -------------------------------------------
>> 08/18/2003 04:34:46
>> Administrative privileged user logged on.
>> Parsing template
>> C:\WINNT\security\templates\policies\gpt00001.inf.
>> Error 11: An attempt was made to load a program with an
>> incorrect format.
>> Error convertting section Privilege Rights.
>> ----Configuration engine is initialized with error.----
>>
>>
>> ----Un-initialize configuration engine...
>> **************************
>>
>> >-----Original Message-----
>> >Recreatedefpol is very bad, you're better off
>> troubleshooting the issue.
>> >Enable winlogon logging and on your next post, attach a
>> winlogon.log.
>> >
>> >245422 How to Enable Logging for Security Configuration
>> Client Processing in
>> >http://support.microsoft.com/?id=245422
>> >
>> >--Shawn
>> >This posting is provided "AS IS" with no warranties and
>> confers no rights.
>> >
>> >
>> >
>> >"Chad Roush" <(E-Mail Removed)> wrote in message
>> >news:02f601c36523$74470ce0$(E-Mail Removed)...
>> >> Which GUID should I be checking under, I show 3
>> different
>> >> entries.
>> >> {6AC1786C-016F-11D2-945F-00C04fB984F9}
>> >> {31B2F340-016D-11D2-945F-00C04FB984F9}
>> >> {0A230AA9-12D4-4B93-A5B1-0C727D330C8C}
>> >>
>> >> I looked at each GptTmpl.inf file and didn't see any
>> extra
>> >> carriage returns.
>> >>
>> >> From looking through different messages I and found a
>> >> reference to a Recreatedefpol.vbs utility that will
>> >> rebuild the policies. Would this help with my
problem
>> too?
>> >> If so, where do I go about finding this script?
>> >>
>> >> Thanks,
>> >> Chad
>> >> >-----Original Message-----
>> >> >Hi Chad,
>> >> >
>> >> >This problem is usually a result of there being
extra
>> >> carriage returns in
>> >> >the Group Policy file(s).
>> >> >Remove any extraneous carriage returns in the
>> GptTmpl.inf
>> >> file. Each line
>> >> >except the
>> >> >header (lines with "[]") should take the
>> >> format "Variable"="Value".
>> >> >
>> >> >You may want to check each GptTmpl.inf as one exists
>> for
>> >> each policy.
>> >> >This should clear things up and allow you to access
>> them
>> >> again.
>> >> >
>> >> >
>> >> >Tom Ausburne MCSE, MCSA
>> >> >Windows 2000 Directory Services
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >"Chad Roush" <(E-Mail Removed)> wrote in message
>> >> >news:1f6c01c364e4$7889e550$(E-Mail Removed)...
>> >> >> Config: Windows 2000 SBS Server SP4
>> >> >>
>> >> >> I am getting the following error every 5 minutes.
>> >> >>
>> >> >> Event Type: Warning
>> >> >> Event Source: SceCli
>> >> >> Event Category: None
>> >> >> Event ID: 1202
>> >> >> Date: 8/17/2003
>> >> >> Time: 10:22:09 AM
>> >> >> User: N/A
>> >> >> Computer: CASADO1
>> >> >> Description:
>> >> >> Security policies are propagated with warning.
0xb :
>> An
>> >> >> attempt was made to load a program with an
incorrect
>> >> >> format.
>> >> >>
>> >> >> I can not change user passwords without getting
the
>> >> >> complex password required warning, nor can I
access
>> the
>> >> >> domain controller's security policy to turn off
this
>> >> >> policy. I get a message "Windows can not open
>> template
>> >> >> file" in the Domain Controller Security policy
MMC.
>> >> >>
>> >> >> Anyone have any suggestions on how to go about
>> regaining
>> >> >> access to the domain controllers policy so I can
>> clear
>> >> >> this up? I am logging on as the Enterprise Admin,
>> but
>> >> no
>> >> >> luck.
>> >> >>
>> >> >> Thanks,
>> >> >> Chad Roush
>> >> >>
>> >> >
>> >> >
>> >> >.
>> >> >
>> >
>> >
>> >.
>> >
>
>
>.
>