Event ID 1202(SceCLi) and 1000(Userenv)

[Pascal]

Hello,

I had a problem with the sysvol on our DC's (we have 2)
I rebuild both of them, and it is working (tested with a
file)
But now I have a lot of ID 1202 and 1000:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 13-1-2004
Time: 22:46:42
User: NT AUTHORITY\SYSTEM
Computer: XXXXXXX
Description:
The Group Policy client-side extension Security was passed
flags (17) and returned a failure status code of (1332).


Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 13-1-2004
Time: 22:46:42
User: N/A
Computer: XXXXXXXXX
Description:
Security policies are propagated with warning. 0x534 : No
mapping between account names and security IDs was done.
Please look for more details in TroubleShooting section in
Security Help.

I did already try Mic. Know. Base Artic.'s
247482
But it did not find a user that was deleted and still had
to be deleted from the user rights policy
279432
the Default Domain Controllers policy was already there
but removed it and put it there again.
Used the secedit command to refresh.
Before I made a new Sysvol on both DC's I put the
following keys in the registry (maybe it has to do
something with this), because they were not there but
should be there (KB 259398)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup
DisableDFS: REG_DWORD: range: 0 or 1
0 = enabled; 1 = disabled
Default: 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlog
on\Parameters
Value: RegisterDnsARecords
Data type: REG_DWORD
Default value: 1 (1=Enabled, 0=Disabled)

I do not know anymore what to do.
Could someone please help me ?

greetings,
Pascal

 

[omko h]

www.eventid.net very usefull site.
your exact problem can be found there.
http://www.eventid.net/display.asp?eventid=1000&source=userenv
greets Omko Huizenga

 

[Guest]

Tnx for the fast reaction, but I already saw this site.
All the solutions did not see to be the right ones.

Pascal

 

[Gary Mudgett [MSFT]]

If you could post the winlogon.log file created using the steps in the
following article, we could take a look at it as well.
247482 Error Message: Security Policies Are Propagated with Warning.
0x534
http://support.microsoft.com/?id=247482

It also might help to delete the files from the
%systemroot%\security\templates\policies folder and then force the policies
to be refreshed to ensure that there are no read-only attributes also there
should not be any read-only attributes on any files in the Policies folders
either.

I don't see any problem with the registry settings that you mentioned.

--
Gary Mudgett, MCSE, MCSA
Windows 2000/2003 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Pascal]

tnx for the reply, but the winlogon.log file is empty
after http://support.microsoft.com/?id=247482 and
the deletion of the files in the %systemroot%
\security\templates\policies folder and then force the
policies to be refreshed does not solve the problem.

Do you have any other options ?

tnx again,
Pascal

 

[Richard McCall [MSFT]]

Make sure that All the User rights are Defined in the Default Domain
Controller Policy.
226243 HOW TO: Reset User Rights in the Default Domain Group Policy
http://support.microsoft.com/?id=226243

Did you make the registry entry described in article 247482. If so you
should have a populated winlogon.log file after a gp refresh. SECEDIT
/Refreshpolicy machine_policy /force

 

[Pascal]

should All the User rights be defined in both DC's ? (and
the same ?)
And what if the local user rights are also defined ?

I did make the adjustments in the registry.
Should the value be 2 hexadecimal or decimal
because I did get an empty log-file

-----Original Message-----
Make sure that All the User rights are Defined in the Default Domain
Controller Policy.
226243 HOW TO: Reset User Rights in the Default Domain Group Policy
http://support.microsoft.com/?id=226243

Did you make the registry entry described in article 247482. If so you
should have a populated winlogon.log file after a gp refresh. SECEDIT
/Refreshpolicy machine_policy /force
--
Richard McCall [MSFT]

"This posting is provided "AS IS" with no warranties, and confers no
rights."

tnx for the reply, but the winlogon.log file is empty
after http://support.microsoft.com/?id=247482 and
the deletion of the files in the %systemroot%
\security\templates\policies folder and then force the
policies to be refreshed does not solve the problem.

Do you have any other options ?

tnx again,
Pascal

the
steps in the then
force the policies and
confers no rights. schreef
in have
2)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlog

.

 

[Gary Mudgett [MSFT]]

The value would be 2 (Hex or Dec, it is the same for that number). It is
curious that the winlogon.log file is empty. There should be some
information put in it.

Because the Default Domain Controller policy would apply to both servers
they would be the same.

Maybe a userenv.log file will give some clues as it will capture what is
going on when the machine queries and applies the polices when doing a
"secedit /refreshpolicy machine_policy /enforce" and checking the
Application event logs for the errors.
221833 How to Enable User Environment Debug Logging in Retail Builds of
Windows
http://support.microsoft.com/?id=221833


--
Gary Mudgett, MCSE, MCSA
Windows 2000/2003 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

should All the User rights be defined in both DC's ? (and
the same ?)
And what if the local user rights are also defined ?

I did make the adjustments in the registry.
Should the value be 2 hexadecimal or decimal
because I did get an empty log-file

-----Original Message-----
Make sure that All the User rights are Defined in the Default Domain
Controller Policy.
226243 HOW TO: Reset User Rights in the Default Domain Group Policy
http://support.microsoft.com/?id=226243

Did you make the registry entry described in article 247482. If so you
should have a populated winlogon.log file after a gp refresh. SECEDIT
/Refreshpolicy machine_policy /force
--
Richard McCall [MSFT]

"This posting is provided "AS IS" with no warranties, and confers no
rights."

tnx for the reply, but the winlogon.log file is empty
after http://support.microsoft.com/?id=247482 and
the deletion of the files in the %systemroot%
\security\templates\policies folder and then force the
policies to be refreshed does not solve the problem.

Do you have any other options ?

tnx again,
Pascal


-----Original Message-----
If you could post the winlogon.log file created using the
steps in the
following article, we could take a look at it as well.
247482 Error Message: Security Policies Are
Propagated with Warning.
0x534
http://support.microsoft.com/?id=247482

It also might help to delete the files from the
%systemroot%\security\templates\policies folder and then
force the policies
to be refreshed to ensure that there are no read-only
attributes also there
should not be any read-only attributes on any files in
the Policies folders
either.

I don't see any problem with the registry settings that
you mentioned.

--
Gary Mudgett, MCSE, MCSA
Windows 2000/2003 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and
confers no rights.

Tnx for the fast reaction, but I already saw this site.
All the solutions did not see to be the right ones.

Pascal
-----Original Message-----
www.eventid.net very usefull site.
your exact problem can be found there.
http://www.eventid.net/display.asp?
eventid=1000&source=userenv
greets Omko Huizenga



"Pascal" <[email protected]> schreef
in
bericht
Hello,

I had a problem with the sysvol on our DC's (we have
2)
I rebuild both of them, and it is working (tested
with a
file)
But now I have a lot of ID 1202 and 1000:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 13-1-2004
Time: 22:46:42
User: NT AUTHORITY\SYSTEM
Computer: XXXXXXX
Description:
The Group Policy client-side extension Security was
passed
flags (17) and returned a failure status code of
(1332).


Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 13-1-2004
Time: 22:46:42
User: N/A
Computer: XXXXXXXXX
Description:
Security policies are propagated with warning.
0x534 :
No
mapping between account names and security IDs was
done.
Please look for more details in TroubleShooting
section
in
Security Help.

I did already try Mic. Know. Base Artic.'s
247482
But it did not find a user that was deleted and still
had
to be deleted from the user rights policy
279432
the Default Domain Controllers policy was already
there
but removed it and put it there again.
Used the secedit command to refresh.
Before I made a new Sysvol on both DC's I put the
following keys in the registry (maybe it has to do
something with this), because they were not there but
should be there (KB 259398)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup
DisableDFS: REG_DWORD: range: 0 or 1
0 = enabled; 1 = disabled
Default: 0



HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlog
on\Parameters
Value: RegisterDnsARecords
Data type: REG_DWORD
Default value: 1 (1=Enabled, 0=Disabled)

I do not know anymore what to do.
Could someone please help me ?

greetings,
Pascal




.



.

.