General discussion

Locked

Error messages 1202 and 1000 on DC

By rainnie1 ·
I'm running W2K Service Pack 3.

I configured group policy with the secure domain controller template.

A recent change to group policy to decrease the amount of retries to save the registry , I got this error message in the system log:

Event Type: Error
Event I 1000
User: NT AUTHORITY\SYSTEM
Description:
Windows cannot access the registry information at \\cougarhelicopters.com\sysvol\cougarhelicopters.com\Policies\{\Machine\registry.pol with (1351).


Event Type: ErrorEvent Source: SceCli
Event Category: None
Event I 1001
User: N/A
Computer: COUGAR1
Description:
Security policy cannot be propagated. Cannot access the template. Error code = 3.
\\cougarhelicopters.com\sysvol\cougarhelicopters.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.


Event Type: Error
Event Source: Userenv
Event Category: None
Event I 1000
User: NT AUTHORITY\SYSTEM
Computer: COUGAR1
Description:
The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (3).


6 minutes later i got a message saying the the group policy had been applied successfully, but I still was running into problems with Access Denied problems.

After creating a script to set sysvol upon startup and refreshing the machine policy , I get the following warning and error every 5 minutes:

Event Type: Warning
Event Source: SceCli
Event Category: None
Event I 1202
User: N/A
Computer: COUGAR1
Security policies are propagated with warning. 0xd : The data is invalid.
Please look for more details in TroubleShooting section in Security Help.

Event Source: Userenv
Event Category: None
Event I 1000
User: NT AUTHORITY\SYSTEM
Computer: COUGAR1
The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (13).

This conversation is currently closed to new comments.

15 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Error messages 1202 and 1000 on DC

by maxwell edison In reply to Error messages 1202 and 1 ...

Microsoft Article 258296. Cannot Access Group Policy Objects Event ID 1000 and Event ID 1001.

If the primary network adapter in a multihomed domain controller does not have File and Printer Sharing bound to it, multiple problems are logged or displayed when you attempt to work with Group Policy objects on the domain controller.

The Application log contains the following error messages:

(See article)

Attempting to gain access to the Group Policy objects by using the Domain Security policy and the Default Domain Controller Security policy displays a "Group Policy Error" error message. The text of the message states: "Failed to Open Group Policy Object. You may not have appropriate rights. Details: The network path not found."Attempting to access the Group Policy objects by using the Active Directory Users and Computers snap-in or Group Policy Editor displays a "Domain Controller for Domain domain name not found" error message. There are several options, none of which work.

Attempting to open the Sysvol share by using \\domain name\sysvol causes a "Remote Computer not available" error message.

CAUSE:
Windows 2000 is attempting to access its Sysvol share through the primary network adapter to read the group policies. Because the share is unavailable through that adapter, the operation does not work.

RESOLUTION:
Change the binding order of the network adapters so that the adapter that is listed at the top of the Connections list has File and PrinterSharing bound to it:

Click Start, point to Settings, click Control Panel, and then double click Network and Dial-up Connections.

On the Advanced menu, click Advanced Settings.

In the Connections box, click the network adapter with File andPrinter Sharing bound to it.

Click the arrow buttons on the right side to move the adapter to the top of the list.

Click OK.

Collapse -

Error messages 1202 and 1000 on DC

by maxwell edison In reply to Error messages 1202 and 1 ...
Collapse -

Error messages 1202 and 1000 on DC

by rainnie1 In reply to Error messages 1202 and 1 ...

Not a mutlihomed computer and I can see group policy objects fine. I do get a Windows cannot open template when I click on the security settings option in the dfault domain controllers security settings and I only see Public Key Policies and IP Security Polcies.

Mike

Event Type: Warning
Event Source: MRxSmb
Event Category: None
Event I 3019
Date: 2/7/2003
Time: 10:20:33 AM
User: N/A
Computer: Description:
The redirector failed to determine the connection type.

Collapse -

Error messages 1202 and 1000 on DC

by maxwell edison In reply to Error messages 1202 and 1 ...

When you attempt to work with GPOs on your multihomed Windows 2000 domain controller, your application log contains:

UserEnv 1000 The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (3).

SceCli 1001 Security policy cannot be propagated. Cannot access the template. Error code = 3.
\\<domain name>\sysvol\<domain name>\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.

UserEnv 1000 Windows cannot access the registry information at
\\<domain name>\sysvol\<domain name>\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\registry.pol with (51).
When you try to use the Domain Security Policy or the Default Domain Controller Security Policy, you receive
Failed to Open Group Policy Object. You may not have appropriate rights.
Details: The network path not found.

When you use the Active Directory Users and Groups snap-in to access GPOs, or when you use the Group Policy Editor, your receive a Domain Controller for Domain <domain name> not found error.

When you try to access the sysvol share, \\<domain name>\sysvol, you receive a Remote Computer is not available error.

These problem will occur if File and Printer sharing have been unbound from the primary network adapter.

To fix the problem, move the adapter that has File and Printer Sharing bound to it to the top of the Connections list:

1. Start / Settings / Control Panel.

2. Double-click Network and Dial-up Connections.

3. Press Advanced Settings on the Advanced menu.

4. Select the Adapters and Bindings tab.

5. In the Connections area, select the network adapter with File and Printer Sharing bound to it.

6. Use the arrow buttons on the right hand side to move the adapter to the top of the list.

7. Press OK.

Source:

http://www.jsifaq.com/SUBF/TIP2900/rh2921.htm

or

http://tinyurl.com/5fp0

Collapse -

Error messages 1202 and 1000 on DC

by rainnie1 In reply to Error messages 1202 and 1 ...

Not a mutlihomed computer and I can see group policy objects fine. I do get a Windows cannot open template when I click on the security settings option in the dfault domain controllers security settings and I only see Public Key Policies and IP Security Polcies.

Mike

Event Type: Warning
Event Source: MRxSmb
Event Category: None
Event I 3019
Date: 2/7/2003
Time: 10:20:33 AM
User: N/A
Computer: Description:
The redirector failed to determine the connection type.

Collapse -

Error messages 1202 and 1000 on DC

by maxwell edison In reply to Error messages 1202 and 1 ...

Microsoft Knowledge Base Article - 267934.

"Error Message: The Redirector Failed to Determine the Connection Type"SYMPTOMSWhen you map a network drive to a local share, the following warning message may be reported in the system event log:

Event I 3019
Source: MRxSmb
Description: The redirector failed to determine the connection type.

CAUSEThis message can occur when NetBIOS over TCP/IP (NetBT) attempts to query the target device (in this case, the Loopback adapter) for network speed. The Loopback adapter, which does not handle speed negotiation, cannot negotiate the speed and the warning message is reported in the system event log.

This behavior only occurs with the TCP/IP protocol since TCP/IP is the only protocol that uses the Loopback adapter.

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

MORE INFORMATIONThis warning message is informational only and can be safely ignored.

This event is logged the first time you access a mapped drive and create a new session with the server. The message can also occur when you create a network connection to a share on your local computer. Therefore, the event can occur in any of the following situations:

The first time you access a mapped drive after you log on.

The first time you access the mapped drive after the computer resumes from hibernation mode.

The first time you access a local network share after the computer has been automatically disconnected from the mapped drive (by using the autodisconnect feature).

SOURCE:

http://support.microsoft.com/default.aspx?scid=kb;en-us;267934

Collapse -

Error messages 1202 and 1000 on DC

by rainnie1 In reply to Error messages 1202 and 1 ...

Poster rated this answer

Collapse -

Error messages 1202 and 1000 on DC

by Joseph Moore In reply to Error messages 1202 and 1 ...

Ok, I will take a stab at this one. First, my Technet article:

Event ID 1000 and 1202 After Configuring Policies
The information in this article applies to:
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server

This article was previously published under Q260715
SYMPTOMS
After you modify group policies on a Windows 2000-based server, the following error messages may be recorded in the Application event log every five minutes:

Event Type: Warning
Event Source: SceCli
Event Category: None
Event I 1202
Date: 21/09/1999
Time: 18:15:14
User: N/A
Computer: MachineName
Description:
Security policies are propagated with warning. 0x4b8 : An extended error occurred. Please look for more details in TroubleShooting section in Security Help.

Event Type: Error
Event Source: Userenv
Event Category: None
Event I 1000
Date: 21/09/1999
Time: 18:15:14
User: NT AUTHORITY\SYSTEM
Computer: SLDN220IN
Description:
The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (120.
CAUSE
A conflict in Group Policy can cause these events to occur. These error messages can occur if the "Rename Administrator Account" security policy is enabled and thenset to an account name that is already in use.
RESOLUTION
To resolve this issue, either disable the "Rename Administrator Account" policy or configure the policy to use an account name that does not exist. For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:
259576 Group Policy Application Rules for Domain Controllers

258595 Gpresult Does Not Enumerate Resultant Computer Security Policy

Collapse -

Error messages 1202 and 1000 on DC

by Joseph Moore In reply to Error messages 1202 and 1 ...

Ok, so you did say you implemented one of the secure policies (like the secure DC policy)?
I do believe that the secure policies do change the name of the Administrator (and probably Guest).
So, try what this article states to do in the Resolution section.

Collapse -

Error messages 1202 and 1000 on DC

by Joseph Moore In reply to Error messages 1202 and 1 ...

The only other thing that my gut tells me is that perhaps the NTFS security settings on the SYSVOL share were changed (they are in the secure server settings), and maybe they are to tight for Win2K to load and run the Group Policy.
So, check the Security permissions on the SYSVOL share and its subfolders on your Domain Controller.

hope this helps

Back to Windows Forum
15 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums