SceCli 1202

[ed]

This has been an ongoing problem, that I can not seem to remedy. The
machine is a Windows 2000 with all service packs applied. The server is NOT
part of a domain.

Every two hours I receive an error "The error is:Security policies are
propagated with warning. 0x534 : No mapping between account names and
security IDs was done"

Additionally, the ISP's account (default account) is renamed to "Not
Defined". The Other Administrator account (mine) is not.

I have ran FIND /I "Cannot find" %SYSTEMROOT%\Security\Logs\winlogon.log
from the command prompt, which shows the "Administrators" being the culprit
(on the machine, Administrators is a group, not a user).

The next step (per Microsoft) is to run FIND /I "Administrators"
%SYSTEMROOT%\Security\templates\policies\gpt*.* from the command prompt,
which yields "file not found".

The Winlogon.log (partial) is as follows:

Configure DCTCONSULT\Administrators.
Error 1332: No mapping between account names and security IDs was done.
Cannot find DCTCONSULT\Administrators.

User Rights configuration completed with error.

----Configure Security Policy...
Configure password information.
Rename the Administrator account name to Not defined.


Any thoughts?

 

[Jerold Schulman]

See tip 2059 » Security Policies Are Propagated with Warning. 0x534?
in the 'Tips & Tricks' at http://www.jsifaq.com

This has been an ongoing problem, that I can not seem to remedy. The
machine is a Windows 2000 with all service packs applied. The server is NOT
part of a domain.

Every two hours I receive an error "The error is:Security policies are
propagated with warning. 0x534 : No mapping between account names and
security IDs was done"

Additionally, the ISP's account (default account) is renamed to "Not
Defined". The Other Administrator account (mine) is not.

I have ran FIND /I "Cannot find" %SYSTEMROOT%\Security\Logs\winlogon.log
from the command prompt, which shows the "Administrators" being the culprit
(on the machine, Administrators is a group, not a user).

The next step (per Microsoft) is to run FIND /I "Administrators"
%SYSTEMROOT%\Security\templates\policies\gpt*.* from the command prompt,
which yields "file not found".

The Winlogon.log (partial) is as follows:

Configure DCTCONSULT\Administrators.
Error 1332: No mapping between account names and security IDs was done.
Cannot find DCTCONSULT\Administrators.

User Rights configuration completed with error.

----Configure Security Policy...
Configure password information.
Rename the Administrator account name to Not defined.


Any thoughts?

Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
http://www.jsifaq.com

 

[ed]

OK,

I checked User rights Assignments, and the only place I can find the
"Account?" DCTCONSULT/Administrators is in "Logon As Service".

Other accounts or groups with this right are:

My account and the ASPNET account.

I should uncheck the DCTCONSULT/Administrators box in the assignment?

 

[Jeff]

We were observing the event on an XP workstation. In addition, the
workstation would not honor all group policies (application of policies
would fail at an unknown point). The sypmtom was logging this event and
the workstation would not honor Security Auditing of the Default Domain
Policy (amoung others).

We followed Microsoft's KB324383, 'Troubleshooting SCECLI 1202 Events'
(see http://support.microsoft.com/?id=324383). No Joy.

Opening the Local Security Policy snapin produced an error. We renamed
the local security database, and rebooted. All now appears fine. The
database in question is secedit.sdb located in
%WINNT%\Security\Database\

 

[ed]

I was able to open the local security - User rights Assignments - and as
mentioned in my last post found the account. I am at a loss as to why this
affects the default account (the ISP's account).

I will wait two hours and see if this helped.

I am a little concerned about renaming secedit.sdb, as the only access I
have is terminal services, and do not have console access, no domain group
policies that may be reapplied, etc., i.e., not sure what this would do
user rights, including my own.

Hope the deletion of the account in user rights works.

 

[ed]

Resolved . . .at least so far. Deleted the account in User rights
Assignments, no occurrence within the following two hours.