Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Group policy error
- Thread starter XIanMacX
- Start date
The following Technet article addresses this problem.
Knowledge Base
Event ID 1000 and 1202 Messages May Occur Every Five Minutes on the Domain ControllerPSS ID Number: Q279432
Article Last Modified on 08-6-2002
--------------------------------------------------------------------------------
The information in this article applies to:
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
--------------------------------------------------------------------------------
Symptoms
After you modify Group Policy in a Windows 2000 domain, the following error messages may be logged in the Application event log of the domain controller every five minutes:
Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
User: N/A
Computer: ComputerName
Description:
Security policies are propagated with warning. 0x6fc : The trust relationship between the primary domain and the trusted domain failed. Please look for more details in TroubleShooting section in Security Help.
-and-
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
User: NT AUTHORITY\SYSTEM
Computer: SLDN220IN
Description:
The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (1788).
You may also receive the following error messages in the Application event log:
Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
User: N/A
Computer: ComputerName
Description:
Security policies are propagated with warning. 0x534 : No mapping between account names and security IDs was done. Please look for more details in TroubleShooting section in Security Help.
-and-
Event Type: Error
Event Source: Userenv
Event Category: None
Time: 17:31
User: NT AUTHORITY\SYSTEM
Computer: SLDN220IN
Description:
The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (1332).
Cause
This issue can occur if the link from the Default Domain Controllers policy to the Domain Controllers organizational unit has been broken.
Resolution
To resolve this issue, add a Group Policy object link for the Default Domain Controller policy to the Domain Controllers organizational unit:
Start the Active Directory Users and Computers snap-in.
Right-click the Domain Controllers organizational unit and click Properties.
Click the Group Policy tab, and then click Add.
Click the All tab, click Default Domain Controllers policy and then click OK.
Quit the Active Directory Users and Computers snap-in.
More Information
These error messages can also occur if you move the domain controller account from the Domain Controllers organizational unit to another organizational unit, and you do not link the Default Domain Controllers policy to the new organizational unit.
Knowledge Base
Event ID 1000 and 1202 Messages May Occur Every Five Minutes on the Domain ControllerPSS ID Number: Q279432
Article Last Modified on 08-6-2002
--------------------------------------------------------------------------------
The information in this article applies to:
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
--------------------------------------------------------------------------------
Symptoms
After you modify Group Policy in a Windows 2000 domain, the following error messages may be logged in the Application event log of the domain controller every five minutes:
Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
User: N/A
Computer: ComputerName
Description:
Security policies are propagated with warning. 0x6fc : The trust relationship between the primary domain and the trusted domain failed. Please look for more details in TroubleShooting section in Security Help.
-and-
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
User: NT AUTHORITY\SYSTEM
Computer: SLDN220IN
Description:
The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (1788).
You may also receive the following error messages in the Application event log:
Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
User: N/A
Computer: ComputerName
Description:
Security policies are propagated with warning. 0x534 : No mapping between account names and security IDs was done. Please look for more details in TroubleShooting section in Security Help.
-and-
Event Type: Error
Event Source: Userenv
Event Category: None
Time: 17:31
User: NT AUTHORITY\SYSTEM
Computer: SLDN220IN
Description:
The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (1332).
Cause
This issue can occur if the link from the Default Domain Controllers policy to the Domain Controllers organizational unit has been broken.
Resolution
To resolve this issue, add a Group Policy object link for the Default Domain Controller policy to the Domain Controllers organizational unit:
Start the Active Directory Users and Computers snap-in.
Right-click the Domain Controllers organizational unit and click Properties.
Click the Group Policy tab, and then click Add.
Click the All tab, click Default Domain Controllers policy and then click OK.
Quit the Active Directory Users and Computers snap-in.
More Information
These error messages can also occur if you move the domain controller account from the Domain Controllers organizational unit to another organizational unit, and you do not link the Default Domain Controllers policy to the new organizational unit.
- Thread starter
- #3
Thanks for the reply, I did per the article and now i get 2 events every five minutes, the first message is the same as before and here is the second one....
source scecli
event 1001
Security policy cannot be propagated. Cannot access the template. Error code = 3.
\\norwood.com\sysvol\norwood.com\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
thanks again
source scecli
event 1001
Security policy cannot be propagated. Cannot access the template. Error code = 3.
\\norwood.com\sysvol\norwood.com\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
thanks again
- Thread starter
- #4
I also found a follow up to my second question
I checked the binding order per this second article with no help....
How can I "reinstall" all the default policies
Im ok with loosing my current policies....
thanks again...
I checked the binding order per this second article with no help....
How can I "reinstall" all the default policies
Im ok with loosing my current policies....
thanks again...
To resolve the problem, and return the Local Security Policy to its' installation state:
01. Create an OldSecurity subfolder at %SystemRoot%\Security.
02. Move the log files and chk file from %SystemRoot%\Security\logs to %SystemRoot%\Security\OldSecurity.
03. Move the database from %SystemRoot%\Security\Database\Secedit.sdb to %SystemRoot%\Security\OldSecurity and change the file extension to .old.
04. Start / Run / MMC / OK.
05. Console / Add/Remove Snap-in.
06. Add the Security and Configuration Analysis snap-in. Press Close and OK.
07. Right-click Security and Configuration Analysis and press Open Database.
08. Navigate to the %SystemRoot%\Security\Database folder, type Secedit.sdb into File name, and press Open.
09. When prompted to import a template, select Setup security.inf.
10. Press Open. Ignore any Access Denied error.
11. Right-click Security and Configuration Analysis and press Configure Computer Now.
01. Create an OldSecurity subfolder at %SystemRoot%\Security.
02. Move the log files and chk file from %SystemRoot%\Security\logs to %SystemRoot%\Security\OldSecurity.
03. Move the database from %SystemRoot%\Security\Database\Secedit.sdb to %SystemRoot%\Security\OldSecurity and change the file extension to .old.
04. Start / Run / MMC / OK.
05. Console / Add/Remove Snap-in.
06. Add the Security and Configuration Analysis snap-in. Press Close and OK.
07. Right-click Security and Configuration Analysis and press Open Database.
08. Navigate to the %SystemRoot%\Security\Database folder, type Secedit.sdb into File name, and press Open.
09. When prompted to import a template, select Setup security.inf.
10. Press Open. Ignore any Access Denied error.
11. Right-click Security and Configuration Analysis and press Configure Computer Now.
- Status
Similar threads
- Locked
- Question
- Locked
- Question