Getting 1202 SceCli errors on my Win2k Pro machines. It's
Error Code 0x3e5 - Overlapped I/O operation is in
progress. We're running Win2k AD, native mode and have a
very sparse Default Domain GPO. None of the clients have
3rd-part backup software running. I've enabled logging on
a workstation and the winlogon.log showed some errors in
the middle...


----Reading Configuration template info...


----Configure User Rights...
Ignore *S-1-5-21-1971330368-1301089228-
1840722437-1002.
Ignore *S-1-5-21-1971330368-1301089228-
1840722437-1002.
Ignore *S-1-5-21-1971330368-1301089228-
1840722437-1002.
Ignore *S-1-5-21-1971330368-1301089228-
1840722437-1002.
There are pending user right changes from
downlevel APIs. Some of the account rights are not
removed by policy engine.
Configure S-1-5-21-1971330368-1301089228-
1840722437-1002.
Ignore S-1-5-21-1971330368-1301089228-
1840722437-1002 because there are pending user right
changes for this account from downlevel APIs.
Configure S-1-5-21-1971330368-1301089228-
1840722437-1001.
Configure S-1-5-21-1971330368-1301089228-
1840722437-1000.
Configure S-1-5-32-544.
Configure S-1-5-32-551.
Configure S-1-5-21-834351874-1802768738-
1501187911-2671.
Configure S-1-1-0.
Configure S-1-5-32-545.
Configure S-1-5-32-547.
Configure S-1-5-6.
Configure S-1-5-21-1971330368-1301089228-
1840722437-501.

User Rights configuration completed with error.


Any ideas why this might be happening?

Hi Sandy-

If you have SMS in your environment that is the cause. SMS Client uses
older APIs to apply for user rights settings it may want to do it's job.
The events are benign (all settings apply as they should), but if you would
like to see the messages not appear, you can set the SMS Client service to
manual startup and then manually start it after boot.

If SMS is not present in your environment please post a reply.
--
Tim Springston
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
"Sandy Wood" <(E-Mail Removed)> wrote in message
news:079001c361f1$7128fcb0$(E-Mail Removed)...
> Getting 1202 SceCli errors on my Win2k Pro machines. It's
> Error Code 0x3e5 - Overlapped I/O operation is in
> progress. We're running Win2k AD, native mode and have a
> very sparse Default Domain GPO. None of the clients have
> 3rd-part backup software running. I've enabled logging on
> a workstation and the winlogon.log showed some errors in
> the middle...
>
>
> ----Reading Configuration template info...
>
>
> ----Configure User Rights...
> Ignore *S-1-5-21-1971330368-1301089228-
> 1840722437-1002.
> Ignore *S-1-5-21-1971330368-1301089228-
> 1840722437-1002.
> Ignore *S-1-5-21-1971330368-1301089228-
> 1840722437-1002.
> Ignore *S-1-5-21-1971330368-1301089228-
> 1840722437-1002.
> There are pending user right changes from
> downlevel APIs. Some of the account rights are not
> removed by policy engine.
> Configure S-1-5-21-1971330368-1301089228-
> 1840722437-1002.
> Ignore S-1-5-21-1971330368-1301089228-
> 1840722437-1002 because there are pending user right
> changes for this account from downlevel APIs.
> Configure S-1-5-21-1971330368-1301089228-
> 1840722437-1001.
> Configure S-1-5-21-1971330368-1301089228-
> 1840722437-1000.
> Configure S-1-5-32-544.
> Configure S-1-5-32-551.
> Configure S-1-5-21-834351874-1802768738-
> 1501187911-2671.
> Configure S-1-1-0.
> Configure S-1-5-32-545.
> Configure S-1-5-32-547.
> Configure S-1-5-6.
> Configure S-1-5-21-1971330368-1301089228-
> 1840722437-501.
>
> User Rights configuration completed with error.
>
>
> Any ideas why this might be happening?

Hello Sandy,

I was having the same terribly problem. Have you followed
the steps that are described in the event viewer to the
letter? Here is what I did:

You can either do that or create a null group called Power
Users.

--Shawn

This posting is provided "AS IS" with no warranties and
confers no rights.



"Dragonfly" <(E-Mail Removed)> wrote in message
news:0c2401c360c8$1e8c1b10$(E-Mail Removed)...
I have the following error messages in the Events log on
all of my servers in the domain. (SceCli Errors 1202)

After carefully following Microsoft's instructions, these
messages are still appearing.

In step 1, the account was identified as "Power Users" ?

In step 2, GPT00000.dom was discover, however, no other
lines were under it. IE. SeRemoteShutDownPrivilige=****

In step 3, the friendly name on the GPO was "Default
Domain Policy" - this is rather worrying now !

In step 4, I went through this GPO and I have no reference
to "User Rights" nor any "Restricted Groups".

However, in "Local Security Settings" on the server, there
is quite a few references to "Power Users". Ie.
"Access this computer from the network",
"Profile Single Process"
"Shutdown the system" ect.

Should I remove the "Power Users" groups from these
settings?

Your help is need here, thanks in advance.

Do a search for "from dragonfly" on here and under "Active
Directory" newsgroups for more solutions.

I hope this helps you.



>-----Original Message-----
>Getting 1202 SceCli errors on my Win2k Pro machines. It's
>Error Code 0x3e5 - Overlapped I/O operation is in
>progress. We're running Win2k AD, native mode and have a
>very sparse Default Domain GPO. None of the clients have
>3rd-part backup software running. I've enabled logging on
>a workstation and the winlogon.log showed some errors in
>the middle...
>
>
>----Reading Configuration template info...
>
>
>----Configure User Rights...
> Ignore *S-1-5-21-1971330368-1301089228-
>1840722437-1002.
> Ignore *S-1-5-21-1971330368-1301089228-
>1840722437-1002.
> Ignore *S-1-5-21-1971330368-1301089228-
>1840722437-1002.
> Ignore *S-1-5-21-1971330368-1301089228-
>1840722437-1002.
> There are pending user right changes from
>downlevel APIs. Some of the account rights are not
>removed by policy engine.
> Configure S-1-5-21-1971330368-1301089228-
>1840722437-1002.
> Ignore S-1-5-21-1971330368-1301089228-
>1840722437-1002 because there are pending user right
>changes for this account from downlevel APIs.
> Configure S-1-5-21-1971330368-1301089228-
>1840722437-1001.
> Configure S-1-5-21-1971330368-1301089228-
>1840722437-1000.
> Configure S-1-5-32-544.
> Configure S-1-5-32-551.
> Configure S-1-5-21-834351874-1802768738-
>1501187911-2671.
> Configure S-1-1-0.
> Configure S-1-5-32-545.
> Configure S-1-5-32-547.
> Configure S-1-5-6.
> Configure S-1-5-21-1971330368-1301089228-
>1840722437-501.
>
> User Rights configuration completed with error.
>
>
>Any ideas why this might be happening?
>.
>

I read through the kb article, but my error wasn't one
that it spoke about. Were you having the same I/O errors?
>-----Original Message-----
>Hello Sandy,
>
>I was having the same terribly problem. Have you
followed
>the steps that are described in the event viewer to the
>letter? Here is what I did:
>
>You can either do that or create a null group called
Power
>Users.
>
>--Shawn
>
>This posting is provided "AS IS" with no warranties and
>confers no rights.
>
>
>
>"Dragonfly" <(E-Mail Removed)> wrote in message
>news:0c2401c360c8$1e8c1b10$(E-Mail Removed)...
>I have the following error messages in the Events log on
>all of my servers in the domain. (SceCli Errors 1202)
>
>After carefully following Microsoft's instructions, these
>messages are still appearing.
>
>In step 1, the account was identified as "Power Users" ?
>
>In step 2, GPT00000.dom was discover, however, no other
>lines were under it. IE. SeRemoteShutDownPrivilige=****
>
>In step 3, the friendly name on the GPO was "Default
>Domain Policy" - this is rather worrying now !
>
>In step 4, I went through this GPO and I have no
reference
>to "User Rights" nor any "Restricted Groups".
>
>However, in "Local Security Settings" on the server,
there
>is quite a few references to "Power Users". Ie.
>"Access this computer from the network",
>"Profile Single Process"
>"Shutdown the system" ect.
>
>Should I remove the "Power Users" groups from these
>settings?
>
>Your help is need here, thanks in advance.
>
>Do a search for "from dragonfly" on here and
under "Active
>Directory" newsgroups for more solutions.
>
>I hope this helps you.
>
>
>
>>-----Original Message-----
>>Getting 1202 SceCli errors on my Win2k Pro machines.
It's
>>Error Code 0x3e5 - Overlapped I/O operation is in
>>progress. We're running Win2k AD, native mode and have
a
>>very sparse Default Domain GPO. None of the clients
have
>>3rd-part backup software running. I've enabled logging
on
>>a workstation and the winlogon.log showed some errors
in
>>the middle...
>>
>>
>>----Reading Configuration template info...
>>
>>
>>----Configure User Rights...
>> Ignore *S-1-5-21-1971330368-1301089228-
>>1840722437-1002.
>> Ignore *S-1-5-21-1971330368-1301089228-
>>1840722437-1002.
>> Ignore *S-1-5-21-1971330368-1301089228-
>>1840722437-1002.
>> Ignore *S-1-5-21-1971330368-1301089228-
>>1840722437-1002.
>> There are pending user right changes from
>>downlevel APIs. Some of the account rights are not
>>removed by policy engine.
>> Configure S-1-5-21-1971330368-1301089228-
>>1840722437-1002.
>> Ignore S-1-5-21-1971330368-1301089228-
>>1840722437-1002 because there are pending user right
>>changes for this account from downlevel APIs.
>> Configure S-1-5-21-1971330368-1301089228-
>>1840722437-1001.
>> Configure S-1-5-21-1971330368-1301089228-
>>1840722437-1000.
>> Configure S-1-5-32-544.
>> Configure S-1-5-32-551.
>> Configure S-1-5-21-834351874-1802768738-
>>1501187911-2671.
>> Configure S-1-1-0.
>> Configure S-1-5-32-545.
>> Configure S-1-5-32-547.
>> Configure S-1-5-6.
>> Configure S-1-5-21-1971330368-1301089228-
>>1840722437-501.
>>
>> User Rights configuration completed with error.
>>
>>
>>Any ideas why this might be happening?
>>.
>>
>.
>

Ivan,

We're running Veritas BackupExec on our network and every
server, including the DCs have 'Agents' that take care of
the connection to the Veritas server. I'm not sure
it's 'real-time' - we schedule our backups to run at
night but not during the day. Maybe the Agents are
causing errors? Do you have any notes on Veritas
regarding these errors?
>-----Original Message-----
>
>Hi Sandy,
>
>The Events 1202 that you are receiving are not very
common errors. Are you
>running any kind of real-time backup software on the DCs
(not on the
>clients)? I¡¯ve been able to find a few references to
this being caused by
>some real-time backup or disk-mirroring software. Some
customer solve the
>problem by recreating the domain controller policies.
>
>Ivan Sheng
>Microsoft Online Partner Support
>MCSD,MCSE4,2000,MCDBA,CCNA,ASE
>Get Secure! ¨C www.microsoft.com/security
>
>This posting is provided ¡°as is¡± with no warranties
and confers no rights.
>
>.
>

Hey Tim,

Thanks for the post - we do have SMS in our environment,
SMS 2.0, SP5. So would you say that SMS is getting the
rights it's requesting?
>-----Original Message-----
>Hi Sandy-
>
>If you have SMS in your environment that is the cause.
SMS Client uses
>older APIs to apply for user rights settings it may want
to do it's job.
>The events are benign (all settings apply as they
should), but if you would
>like to see the messages not appear, you can set the SMS
Client service to
>manual startup and then manually start it after boot.
>
>If SMS is not present in your environment please post a
reply.
>--
>Tim Springston
>Microsoft Corporation
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>"Sandy Wood" <(E-Mail Removed)> wrote in message
>news:079001c361f1$7128fcb0$(E-Mail Removed)...
>> Getting 1202 SceCli errors on my Win2k Pro machines.
It's
>> Error Code 0x3e5 - Overlapped I/O operation is in
>> progress. We're running Win2k AD, native mode and have
a
>> very sparse Default Domain GPO. None of the clients
have
>> 3rd-part backup software running. I've enabled logging
on
>> a workstation and the winlogon.log showed some errors
in
>> the middle...
>>
>>
>> ----Reading Configuration template info...
>>
>>
>> ----Configure User Rights...
>> Ignore *S-1-5-21-1971330368-1301089228-
>> 1840722437-1002.
>> Ignore *S-1-5-21-1971330368-1301089228-
>> 1840722437-1002.
>> Ignore *S-1-5-21-1971330368-1301089228-
>> 1840722437-1002.
>> Ignore *S-1-5-21-1971330368-1301089228-
>> 1840722437-1002.
>> There are pending user right changes from
>> downlevel APIs. Some of the account rights are not
>> removed by policy engine.
>> Configure S-1-5-21-1971330368-1301089228-
>> 1840722437-1002.
>> Ignore S-1-5-21-1971330368-1301089228-
>> 1840722437-1002 because there are pending user right
>> changes for this account from downlevel APIs.
>> Configure S-1-5-21-1971330368-1301089228-
>> 1840722437-1001.
>> Configure S-1-5-21-1971330368-1301089228-
>> 1840722437-1000.
>> Configure S-1-5-32-544.
>> Configure S-1-5-32-551.
>> Configure S-1-5-21-834351874-1802768738-
>> 1501187911-2671.
>> Configure S-1-1-0.
>> Configure S-1-5-32-545.
>> Configure S-1-5-32-547.
>> Configure S-1-5-6.
>> Configure S-1-5-21-1971330368-1301089228-
>> 1840722437-501.
>>
>> User Rights configuration completed with error.
>>
>>
>> Any ideas why this might be happening?
>
>
>.
>

Hi Sandy-

It is probably getting or removing the rights it needs/needed just fine.
The trick would be understanding what exactly it is trying to do. You can
watch what is happening as it does it by enabling WINLOGON logging. I would
not be alarmed by it, unless you are seeing specific problems with SMS doing
it's job.

245422 How to Enable Logging for Security Configuration Client Processing in
http://support.microsoft.com/?id=245422

--
Tim Springston
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
"Sandy Wood" <(E-Mail Removed)> wrote in message
news:0f2a01c36279$66e2a480$(E-Mail Removed)...
> Hey Tim,
>
> Thanks for the post - we do have SMS in our environment,
> SMS 2.0, SP5. So would you say that SMS is getting the
> rights it's requesting?
> >-----Original Message-----
> >Hi Sandy-
> >
> >If you have SMS in your environment that is the cause.
> SMS Client uses
> >older APIs to apply for user rights settings it may want
> to do it's job.
> >The events are benign (all settings apply as they
> should), but if you would
> >like to see the messages not appear, you can set the SMS
> Client service to
> >manual startup and then manually start it after boot.
> >
> >If SMS is not present in your environment please post a
> reply.
> >--
> >Tim Springston
> >Microsoft Corporation
> >
> >This posting is provided "AS IS" with no warranties, and
> confers no rights.
> >"Sandy Wood" <(E-Mail Removed)> wrote in message
> >news:079001c361f1$7128fcb0$(E-Mail Removed)...
> >> Getting 1202 SceCli errors on my Win2k Pro machines.
> It's
> >> Error Code 0x3e5 - Overlapped I/O operation is in
> >> progress. We're running Win2k AD, native mode and have
> a
> >> very sparse Default Domain GPO. None of the clients
> have
> >> 3rd-part backup software running. I've enabled logging
> on
> >> a workstation and the winlogon.log showed some errors
> in
> >> the middle...
> >>
> >>
> >> ----Reading Configuration template info...
> >>
> >>
> >> ----Configure User Rights...
> >> Ignore *S-1-5-21-1971330368-1301089228-
> >> 1840722437-1002.
> >> Ignore *S-1-5-21-1971330368-1301089228-
> >> 1840722437-1002.
> >> Ignore *S-1-5-21-1971330368-1301089228-
> >> 1840722437-1002.
> >> Ignore *S-1-5-21-1971330368-1301089228-
> >> 1840722437-1002.
> >> There are pending user right changes from
> >> downlevel APIs. Some of the account rights are not
> >> removed by policy engine.
> >> Configure S-1-5-21-1971330368-1301089228-
> >> 1840722437-1002.
> >> Ignore S-1-5-21-1971330368-1301089228-
> >> 1840722437-1002 because there are pending user right
> >> changes for this account from downlevel APIs.
> >> Configure S-1-5-21-1971330368-1301089228-
> >> 1840722437-1001.
> >> Configure S-1-5-21-1971330368-1301089228-
> >> 1840722437-1000.
> >> Configure S-1-5-32-544.
> >> Configure S-1-5-32-551.
> >> Configure S-1-5-21-834351874-1802768738-
> >> 1501187911-2671.
> >> Configure S-1-1-0.
> >> Configure S-1-5-32-545.
> >> Configure S-1-5-32-547.
> >> Configure S-1-5-6.
> >> Configure S-1-5-21-1971330368-1301089228-
> >> 1840722437-501.
> >>
> >> User Rights configuration completed with error.
> >>
> >>
> >> Any ideas why this might be happening?
> >
> >
> >.
> >

Hi Sandy,

It seems they are not real time backup softere. Regarding this issue, I did
further research and suggest you read the following articles:

Event ID 1000 and 1202 Messages May Occur Every Five Minutes on the WGID:324
ID: 279432.KB.EN-US
http://support.microsoft.com/default...B;EN-US;279432

Troubleshooting SCECLI 1202 Events WGID:518
ID: 324383.KB.EN-US
http://support.microsoft.com/default...B;EN-US;324383

Please let me know if they helps.

Ivan Sheng
Microsoft Online Partner Support
MCSD,MCSE4,2000,MCDBA,CCNA,ASE
Get Secure! ¨C www.microsoft.com/security

This posting is provided ¡°as is¡± with no warranties and confers no rights.