Event ID 1202: Security policies are propagated with warning. 0xb

[Chad Roush]

Config: Windows 2000 SBS Server SP4

I am getting the following error every 5 minutes.

Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 8/17/2003
Time: 10:22:09 AM
User: N/A
Computer: CASADO1
Description:
Security policies are propagated with warning. 0xb : An
attempt was made to load a program with an incorrect
format.

I can not change user passwords without getting the
complex password required warning, nor can I access the
domain controller's security policy to turn off this
policy. I get a message "Windows can not open template
file" in the Domain Controller Security policy MMC.

Anyone have any suggestions on how to go about regaining
access to the domain controllers policy so I can clear
this up? I am logging on as the Enterprise Admin, but no
luck.

Thanks,
Chad Roush

 

[Shawn Rabourn \(MS\)]

Recreatedefpol is very bad, you're better off troubleshooting the issue.
Enable winlogon logging and on your next post, attach a winlogon.log.

245422 How to Enable Logging for Security Configuration Client Processing in
http://support.microsoft.com/?id=245422

--Shawn
This posting is provided "AS IS" with no warranties and confers no rights.

Which GUID should I be checking under, I show 3 different
entries.
{6AC1786C-016F-11D2-945F-00C04fB984F9}
{31B2F340-016D-11D2-945F-00C04FB984F9}
{0A230AA9-12D4-4B93-A5B1-0C727D330C8C}

I looked at each GptTmpl.inf file and didn't see any extra
carriage returns.

From looking through different messages I and found a
reference to a Recreatedefpol.vbs utility that will
rebuild the policies. Would this help with my problem too?
If so, where do I go about finding this script?

Thanks,
Chad

-----Original Message-----
Hi Chad,

This problem is usually a result of there being extra carriage returns in
the Group Policy file(s).
Remove any extraneous carriage returns in the GptTmpl.inf file. Each line
except the
header (lines with "[]") should take the format "Variable"="Value".

You may want to check each GptTmpl.inf as one exists for each policy.
This should clear things up and allow you to access them again.


Tom Ausburne MCSE, MCSA
Windows 2000 Directory Services

Config: Windows 2000 SBS Server SP4

I am getting the following error every 5 minutes.

Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 8/17/2003
Time: 10:22:09 AM
User: N/A
Computer: CASADO1
Description:
Security policies are propagated with warning. 0xb : An
attempt was made to load a program with an incorrect
format.

I can not change user passwords without getting the
complex password required warning, nor can I access the
domain controller's security policy to turn off this
policy. I get a message "Windows can not open template
file" in the Domain Controller Security policy MMC.

Anyone have any suggestions on how to go about regaining
access to the domain controllers policy so I can clear
this up? I am logging on as the Enterprise Admin, but no
luck.

Thanks,
Chad Roush

.

 

[Chad Roush]

Found the extra carriage return in the line

SeEnableDelegationPrivilege =

Took it out and refreshed the policy and everything is
working now. I couldn't get the reply via email button to
work so I couldn't attach the file. If you still want it
let me know. How would an extra carriage return get in
that file if all modifications are being made to the
policy via the MMC?

Thank you all for your help.

Chad

-----Original Message-----
It looks Like Tom nailed it on the head. Could you send us the gpttmpl.inf
file? {31b...}

--Shawn
This posting is provided "AS IS" with no warranties and confers no rights.

Thanks for your input, here is the log file.

Chad

Error 0 to send control flag 1 over to server.
GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )

[Mapping] gpt00000.dom = Default Domain Policy
-------------------------------------------
08/18/2003 04:34:46
Administrative privileged user logged on.
Invoke Registry Value Delay Filter.
Analyze machine\software\microsoft\windows
nt\currentversion\setup\recoveryconsole\securitylevel.
Analyze machine\software\microsoft\windows
nt\currentversion\setup\recoveryconsole\setcommand.
Analyze machine\software\microsoft\windows
nt\currentversion\winlogon\allocatecdroms.
Analyze machine\software\microsoft\windows
nt\currentversion\winlogon\allocatedasd.
Analyze machine\software\microsoft\windows
nt\currentversion\winlogon\allocatefloppies.
Analyze machine\software\microsoft\windows
nt\currentversion\winlogon\cachedlogonscount.
Analyze machine\software\microsoft\windows
nt\currentversion\winlogon\passwordexpirywarning.
Analyze machine\software\microsoft\windows
nt\currentversion\winlogon\scremoveoption.
Analyze
machine\software\microsoft\windows\currentversion\policies\
system\disablecad.
Analyze
machine\software\microsoft\windows\currentversion\policies\
system\dontdisplaylastusername.
Analyze
machine\software\microsoft\windows\currentversion\policies\
system\legalnoticecaption.
Analyze
machine\software\microsoft\windows\currentversion\policies\
system\legalnoticetext.
Analyze
machine\software\microsoft\windows\currentversion\policies\
system\shutdownwithoutlogon.
Analyze
machine\system\currentcontrolset\control\lsa\auditbaseobjec
ts.
Analyze
machine\system\currentcontrolset\control\lsa\crashonauditfa
il.
Analyze
machine\system\currentcontrolset\control\lsa\fullprivilegea
uditing.
Analyze
machine\system\currentcontrolset\control\lsa\lmcompatibilit
ylevel.
Analyze
machine\system\currentcontrolset\control\lsa\restrictanonym
ous.
Analyze
machine\system\currentcontrolset\control\print\providers\la
nman print services\servers\addprinterdrivers.
Analyze
machine\system\currentcontrolset\control\session
manager\memory management\clearpagefileatshutdown.
Analyze
machine\system\currentcontrolset\control\session
manager\protectionmode.
Analyze
machine\system\currentcontrolset\services\lanmanserver\para
meters\autodisconnect.
Analyze
machine\system\currentcontrolset\services\lanmanserver\para
meters\enableforcedlogoff.
Analyze
machine\system\currentcontrolset\services\lanmanserver\para
meters\enablesecuritysignature.
Analyze
machine\system\currentcontrolset\services\lanmanserver\para
meters\requiresecuritysignature.
Analyze
machine\system\currentcontrolset\services\lanmanworkstation
\parameters\enableplaintextpassword.
Analyze
machine\system\currentcontrolset\services\lanmanworkstation
\parameters\enablesecuritysignature.
Analyze
machine\system\currentcontrolset\services\lanmanworkstation
\parameters\requiresecuritysignature.
Analyze
machine\system\currentcontrolset\services\netlogon\paramete
rs\disablepasswordchange.
Analyze
machine\system\currentcontrolset\services\netlogon\paramete
rs\requiresignorseal.
Analyze
machine\system\currentcontrolset\services\netlogon\paramete
rs\requirestrongkey.
Analyze
machine\system\currentcontrolset\services\netlogon\paramete
rs\sealsecurechannel.
Analyze
machine\system\currentcontrolset\services\netlogon\paramete
rs\signsecurechannel.
Analyze
MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl.
Analyze MACHINE\Software\Microsoft\Non-Driver
Signing\Policy.
Analyze MACHINE\Software\Microsoft\Driver
Signing\Policy.
Parsing template
C:\WINNT\security\templates\policies\gpt00000.dom.
Copy local policy.


----Un-initialize configuration engine...

[Mapping] gpt00001.inf = Default Domain Controllers Policy
-------------------------------------------
08/18/2003 04:34:46
Administrative privileged user logged on.
Parsing template
C:\WINNT\security\templates\policies\gpt00001.inf.
Error 11: An attempt was made to load a program with an
incorrect format.
Error convertting section Privilege Rights.
----Configuration engine is initialized with error.----


----Un-initialize configuration engine...
**************************

-----Original Message-----
Recreatedefpol is very bad, you're better off troubleshooting the issue.
Enable winlogon logging and on your next post, attach a winlogon.log.

245422 How to Enable Logging for Security Configuration Client Processing in
http://support.microsoft.com/?id=245422

--Shawn
This posting is provided "AS IS" with no warranties and confers no rights.



Which GUID should I be checking under, I show 3 different
entries.
{6AC1786C-016F-11D2-945F-00C04fB984F9}
{31B2F340-016D-11D2-945F-00C04FB984F9}
{0A230AA9-12D4-4B93-A5B1-0C727D330C8C}

I looked at each GptTmpl.inf file and didn't see any extra
carriage returns.

From looking through different messages I and found a
reference to a Recreatedefpol.vbs utility that will
rebuild the policies. Would this help with my

problem
too?

If so, where do I go about finding this script?

Thanks,
Chad
-----Original Message-----
Hi Chad,

This problem is usually a result of there being extra
carriage returns in
the Group Policy file(s).
Remove any extraneous carriage returns in the GptTmpl.inf
file. Each line
except the
header (lines with "[]") should take the
format "Variable"="Value".

You may want to check each GptTmpl.inf as one exists for
each policy.
This should clear things up and allow you to access them
again.


Tom Ausburne MCSE, MCSA
Windows 2000 Directory Services




Config: Windows 2000 SBS Server SP4

I am getting the following error every 5 minutes.

Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 8/17/2003
Time: 10:22:09 AM
User: N/A
Computer: CASADO1
Description:
Security policies are propagated with warning.

0xb :
An

attempt was made to load a program with an incorrect
format.

I can not change user passwords without getting the
complex password required warning, nor can I

access
the

domain controller's security policy to turn off this
policy. I get a message "Windows can not open template
file" in the Domain Controller Security policy MMC.

Anyone have any suggestions on how to go about regaining
access to the domain controllers policy so I can clear
this up? I am logging on as the Enterprise Admin, but
no
luck.

Thanks,
Chad Roush



.



.

.