Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

win2k3 DC error 0x534 (continued)

Status
Not open for further replies.
itguyjc

itguyjc

Technical User
Nov 11, 2008
4
US
As with "therock112" ref: thread931-1463186 , I am getting the following error 3 times every 5 minutes, i have 1 DC, win2k3

Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.

Advanced help for this problem is available on Query for "troubleshooting 1202 events".
...
...
...



I ran the following on my primary and only DC (win2k3), but came up with the following:

---------- C:\WINDOWS\SECURITY\LOGS\WINLOGON.LOG
Cannot find domain user.
Cannot find domain user.
Cannot find domain user.
Cannot find domain user.
Cannot find domain user.
Cannot find domain user.

As with "therock112" ref: thread931-1463186 per Adgod's advice I ran the "MPSRPT_DirSvc.exe" I have posted the results below. I was hoping someone could point out to me the problem with my DC. Any help would be appreciated. Thanks in advance.

Please see the below report.


Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 11/11/2008 at 3:42:25 PM



RSOP data for SLMI\administrator on SL_MISERVER : Logging Mode
---------------------------------------------------------------

OS Type: Microsoft(R) Windows(R) Server 2003, Standard Edition
OS Configuration: Primary Domain Controller
OS Version: 5.2.3790
Terminal Server Mode: Remote Administration
Site Name: Default-First-Site-Name
Roaming Profile:
Local Profile: C:\Documents and Settings\Administrator
Connected over a slow link?: No


COMPUTER SETTINGS
------------------
CN=SL_MISERVER,OU=Domain Controllers,DC=SLMI
Last time Group Policy was applied: 11/11/2008 at 3:39:29 PM
Group Policy was applied from: SL_MISERVER.SLMI
Group Policy slow link threshold: 500 kbps
Domain Name: SLMI
Domain Type: Windows 2000

Applied Group Policy Objects
-----------------------------
Default Domain Controllers Policy
Default Domain Policy

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
echows_gpo
Filtering: Denied (Security)

Local Group Policy
Filtering: Not Applied (Empty)

The computer is a part of the following security groups
-------------------------------------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
BUILTIN\Pre-Windows 2000 Compatible Access
Windows Authorization Access Group
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
This Organization
SL_MISERVER$
Domain Controllers
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS

Resultant Set Of Policies for Computer
---------------------------------------

Software Installations
----------------------
N/A

Startup Scripts
---------------
N/A

Shutdown Scripts
----------------
N/A

Account Policies
----------------
GPO: Default Domain Policy
Policy: MaxServiceAge
Computer Setting: 600

GPO: Default Domain Policy
Policy: MaxTicketAge
Computer Setting: 10

GPO: Default Domain Policy
Policy: MinimumPasswordAge
Computer Setting: 1

GPO: Default Domain Policy
Policy: PasswordHistorySize
Computer Setting: 24

GPO: Default Domain Policy
Policy: MaxClockSkew
Computer Setting: 5

GPO: Default Domain Policy
Policy: MinimumPasswordLength
Computer Setting: 6

GPO: Default Domain Policy
Policy: LockoutBadCount
Computer Setting: N/A

GPO: Default Domain Policy
Policy: MaximumPasswordAge
Computer Setting: 42

GPO: Default Domain Policy
Policy: MaxRenewAge
Computer Setting: 7

Audit Policy
------------
GPO: Default Domain Controllers Policy
Policy: AuditPolicyChange
Computer Setting: Success

GPO: Default Domain Controllers Policy
Policy: AuditPrivilegeUse
Computer Setting: No Auditing

GPO: Default Domain Controllers Policy
Policy: AuditDSAccess
Computer Setting: Success

GPO: Default Domain Controllers Policy
Policy: AuditAccountLogon
Computer Setting: Success

GPO: Default Domain Controllers Policy
Policy: AuditObjectAccess
Computer Setting: No Auditing

GPO: Default Domain Controllers Policy
Policy: AuditAccountManage
Computer Setting: Success

GPO: Default Domain Controllers Policy
Policy: AuditLogonEvents
Computer Setting: Success

GPO: Default Domain Controllers Policy
Policy: AuditProcessTracking
Computer Setting: No Auditing

GPO: Default Domain Controllers Policy
Policy: AuditSystemEvents
Computer Setting: Success

User Rights
-----------
GPO: Default Domain Controllers Policy
Policy: MachineAccountPrivilege
Computer Setting: Authenticated Users

GPO: Default Domain Controllers Policy
Policy: DenyNetworkLogonRight
Computer Setting: N/A

GPO: Default Domain Controllers Policy
Policy: RestorePrivilege
Computer Setting: Server Operators
Backup Operators
Administrators

GPO: Default Domain Controllers Policy
Policy: TcbPrivilege
Computer Setting: N/A

GPO: Default Domain Controllers Policy
Policy: SystemProfilePrivilege
Computer Setting: Administrators

GPO: Default Domain Controllers Policy
Policy: DenyServiceLogonRight
Computer Setting: N/A

GPO: Default Domain Controllers Policy
Policy: ServiceLogonRight
Computer Setting: SLMI\SQLServer2005SQLBrowserUser$SL_MISERVER
SLMI\Administrator
SLMI\SQLServer2005MSSQLUser$SL_MISERVER$BKUPEXEC

GPO: Default Domain Controllers Policy
Policy: UndockPrivilege
Computer Setting: Administrators

GPO: Default Domain Controllers Policy
Policy: CreatePermanentPrivilege
Computer Setting: N/A

GPO: Default Domain Controllers Policy
Policy: AuditPrivilege
Computer Setting: N/A

GPO: Default Domain Controllers Policy
Policy: TakeOwnershipPrivilege
Computer Setting: Administrators

GPO: Default Domain Controllers Policy
Policy: CreatePagefilePrivilege
Computer Setting: Administrators

GPO: Default Domain Controllers Policy
Policy: EnableDelegationPrivilege
Computer Setting: Administrators

GPO: Default Domain Controllers Policy
Policy: DebugPrivilege
Computer Setting: Administrators

GPO: Default Domain Controllers Policy
Policy: SystemTimePrivilege
Computer Setting: Server Operators
Administrators
LOCAL SERVICE

GPO: Default Domain Controllers Policy
Policy: DenyBatchLogonRight
Computer Setting: N/A

GPO: Default Domain Controllers Policy
Policy: BackupPrivilege
Computer Setting: Server Operators
Backup Operators
Administrators

GPO: Default Domain Controllers Policy
Policy: CreateTokenPrivilege
Computer Setting: SLMI\Administrator

GPO: Default Domain Controllers Policy
Policy: ChangeNotifyPrivilege
Computer Setting: Everyone
Authenticated Users
Administrators
SLMI\SQLServer2005MSSQLUser$SL_MISERVER$BKUPEXEC

GPO: Default Domain Controllers Policy
Policy: SyncAgentPrivilege
Computer Setting: N/A

GPO: Default Domain Controllers Policy
Policy: ProfileSingleProcessPrivilege
Computer Setting: Administrators

GPO: Default Domain Controllers Policy
Policy: LoadDriverPrivilege
Computer Setting: Administrators

GPO: Default Domain Controllers Policy
Policy: InteractiveLogonRight
Computer Setting: SLMI\IUSR_SL_MISERVER
Print Operators
Server Operators
Account Operators
Backup Operators
Administrators

GPO: Default Domain Controllers Policy
Policy: RemoteShutdownPrivilege
Computer Setting: Server Operators
Administrators

GPO: Default Domain Controllers Policy
Policy: IncreaseBasePriorityPrivilege
Computer Setting: Administrators

GPO: Default Domain Controllers Policy
Policy: NetworkLogonRight
Computer Setting: SLMI\IWAM_SL_MISERVER
SLMI\IUSR_SL_MISERVER
Everyone
Authenticated Users
Administrators

GPO: Default Domain Controllers Policy
Policy: LockMemoryPrivilege
Computer Setting: N/A

GPO: Default Domain Controllers Policy
Policy: ShutdownPrivilege
Computer Setting: Server Operators
Print Operators
Backup Operators
Administrators
Account Operators
account

GPO: Default Domain Controllers Policy
Policy: SecurityPrivilege
Computer Setting: Administrators

GPO: Default Domain Controllers Policy
Policy: AssignPrimaryTokenPrivilege
Computer Setting: SLMI\IWAM_SL_MISERVER
SLMI\SQLServer2005MSSQLUser$SL_MISERVER$BKUPEXEC

GPO: Default Domain Controllers Policy
Policy: SystemEnvironmentPrivilege
Computer Setting: Administrators

GPO: Default Domain Controllers Policy
Policy: IncreaseQuotaPrivilege
Computer Setting: Administrators
NETWORK SERVICE
LOCAL SERVICE
SLMI\IWAM_SL_MISERVER
SLMI\SQLServer2005MSSQLUser$SL_MISERVER$BKUPEXEC

GPO: Default Domain Controllers Policy
Policy: BatchLogonRight
Computer Setting: SLMI\IIS_WPG
SLMI\IUSR_SL_MISERVER
SLMI\SUPPORT_388945a0
LOCAL SERVICE
SLMI\Administrator
SLMI\IWAM_SL_MISERVER
SLMI\SQLServer2005MSSQLUser$SL_MISERVER$BKUPEXEC

GPO: Default Domain Controllers Policy
Policy: DenyInteractiveLogonRight
Computer Setting: N/A

Security Options
----------------
GPO: Default Domain Policy
Policy: TicketValidateClient
Computer Setting: Enabled

GPO: Default Domain Policy
Policy: RequireLogonToChangePassword
Computer Setting: Not Enabled

GPO: Default Domain Policy
Policy: PasswordComplexity
Computer Setting: Not Enabled

GPO: Default Domain Policy
Policy: ForceLogoffWhenHourExpire
Computer Setting: Not Enabled

GPO: Default Domain Policy
Policy: ClearTextPassword
Computer Setting: Not Enabled

Event Log Settings
------------------
N/A

Restricted Groups
-----------------
N/A

System Services
---------------
N/A

Registry Settings
-----------------
N/A

File System Settings
--------------------
N/A

Public Key Policies
-------------------
N/A

Administrative Templates
------------------------
N/A


USER SETTINGS
--------------
CN=Administrator,CN=Users,DC=SLMI
Last time Group Policy was applied: 11/11/2008 at 3:06:28 PM
Group Policy was applied from: SL_MISERVER.SLMI
Group Policy slow link threshold: 500 kbps
Domain Name: SLMI
Domain Type: Windows 2000

Applied Group Policy Objects
-----------------------------
Default Domain Policy

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
echows_gpo
Filtering: Denied (Security)

Local Group Policy
Filtering: Not Applied (Empty)

The user is a part of the following security groups
---------------------------------------------------
Domain Users
Everyone
BUILTIN\Administrators
BUILTIN\Users
BUILTIN\Pre-Windows 2000 Compatible Access
REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
Domain Admins
Schema Admins
Enterprise Admins
Group Policy Creator Owners

The user has the following security privileges
----------------------------------------------

Bypass traverse checking
Manage auditing and security log
Back up files and directories
Restore files and directories
Change the system time
Shut down the system
Force shutdown from a remote system
Take ownership of files or other objects
Debug programs
Modify firmware environment values
Profile system performance
Profile single process
Increase scheduling priority
Load and unload device drivers
Create a pagefile
Adjust memory quotas for a process
Remove computer from docking station
Perform volume maintenance tasks
Impersonate a client after authentication
Create global objects
Enable computer and user accounts to be trusted for delegation
Add workstations to domain

Resultant Set Of Policies for User
-----------------------------------

Software Installations
----------------------
N/A

Logon Scripts
-------------
N/A

Logoff Scripts
--------------
N/A

Public Key Policies
-------------------
N/A

Administrative Templates
------------------------
N/A

Folder Redirection
------------------
N/A

Internet Explorer Browser User Interface
----------------------------------------
N/A

Internet Explorer Connection
----------------------------
N/A

Internet Explorer URLs
----------------------
N/A

Internet Explorer Security
--------------------------
N/A

Internet Explorer Programs
--------------------------
N/A
 
Sort by date Sort by votes
Never mind, I figured it out. Using rsopc.msc, I found there were some erroneous user rights assignments under the "Shut down the system" policy under the "default domain controllers policy" source GPO. I edited that policy in the GPO Editor and removed the extra user names. Don't know how they got there, but after removing the 0X53 warning has ceased. Hope I don't have a Virus. Thanks anyway.

Regards,

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DeepuM
  • Locked
  • Question
Web Response returned Web Exception : The underlying connection was closed error | Simphony & QS
Replies
0
Views
350
DeepuM
DeepuM
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
204
RRankin355
RRankin355
johan_1212
  • Locked
  • Question
AVG Antivirus Error
Replies
0
Views
107
johan_1212
johan_1212
KnowItAllmost
  • Locked
  • Question
IIS 8.5 Throws Server Error 500.19 and error code: 0x80070021 SOLVED
Replies
0
Views
222
KnowItAllmost
KnowItAllmost
brunei2730
  • Locked
  • Question
SMTP error on fax confirmation
Replies
3
Views
216
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top