Local Group Policy corrupt?

[mikekuch]

I have 2 windows 2000 servers, Server 1 and server 2.
Server 2 is an exchange 2000 server. Both are DCs. The
application event log on server 2 is recording two errors
as follows:

Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 11/17/2003
Time: 1:02:54 AM
User: N/A
Computer: ENTERPRISE
Description:
Security policies are propagated with warning. 0x4b8 : An
extended error has occurred.
Please look for more details in TroubleShooting section in
Security Help.


Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 11/17/2003
Time: 1:02:54 AM
User: NT AUTHORITY\SYSTEM
Computer: ENTERPRISE
Description:
The Group Policy client-side extension Security was passed
flags (17) and returned a failure status code of (1208).


Also, when I go to Administrative Tools / Local Security
Policy and try to open any of the three options (Audit,
User Rights Assignments, Security Options) the following
message is displayed on the right side of the screen;

"Windows cannot open the local policy database.

An unknown error occured when attempting to open the
database."

Also on this server is GFI FaxMaker and GFI
MailEssentials, Symantec AVF for Exchange and Symantec
Anti-virus Server.

My questions are;

1. Does this mean my local policy database is corrupt?
2. Is there a way to restore the policies without having
to reinstall Exchange and all the other programs on the
server?
3. What is the best way to approach this issue?

My thanks for any help given.

Mike

 

[Diana Smith [MSFT]]

Hello Mike,

Here's some information that may help you:

300267 You Cannot Open a Local Policy in Windows 2000
http://support.microsoft.com/?id=300267

Other things to try
============
A. Replace the database:

1. Move %SystemRoot%\Security\Edb.*, %SystemRoot%\Security\Res*.* into a
different directory

2. Replace secedit.sdb with one from a different server.

B. Import new database
1. Locate your system partition on which the Win2k is installed and find
the Winnt\Security folder. Create a folder in the Winnt folder called
OldSecurity.

2. Copy all contents in the Winnt\Security folder to the Winnt\OldSecurity
folder; delete all of the files ending in .log in the Winnt\Security folder.


3. Search your drive for the file secedit.sdb (it should be in the folder
Winnt\Security\Database). Rename this file to secedit.old.

4. Open a new MMC window by executing Start\Run\MMC and clicking OK.

5. Click Console\Add/Remove Snap-in and add the Security Configuration and
Analysis snap-in.

6. Right-click Security and Configuration and Analysis and choose Open
Database.

7. Browse to the Winnt\Security\Database folder and then type Secedit.sdb
in the File name field and click Open.

8. When prompted to import a template, choose "Setup security.inf" and
chooseOpen. (Don't worry if you get an Access Denied error.) Once this
process is
complete, test to see if you can open the local security policy under
Start\Programs\Administrative Tools.

Thank You.

Diana.

 

[Guest]

Hi Diana,

Thanks for the suggestions. I already tried the fix from
article 300267 to no avail.

Does the local security database hold information specific
to the programs installed on that server?

Thanks again

Mike

 

[Diana Smith [MSFT]]

Hi Mike,

It does not contain any information about programs installed on the server.

Have you tried step B, from other things to try?

Thanks.

Diana

 

[Guest]

Step B is my next item. I was concerned about the other
applications on the server like Exchange 2000.

I'll take a deep breath and give it a shot.

Thanks