General discussion

Locked

Event ID 1202 and 1000 in the App Log

By mattwilson247 ·
Every 5 minutes or so I keep getting a Warning and an Error in the Application Log in Windows 2000 Server. Here is the info:

Event Type: Warning
Event Source: SceCli
Event Category: None
Event I 1202
Date: 8/7/2001
Time: 9:23:41 AM
User: N/A
Computer: FAMILY
Description:
Security policies are propagated with warning. 0x534 : No mapping between account names and security IDs was done.
Please look for more details in TroubleShooting section in Security Help.

Event Type: Error
Event Source: Userenv
Event Category: None
Event I 1000
Date: 8/7/2001
Time: 9:23:41 AM
User: NT AUTHORITY\SYSTEM
Computer: FAMILY
Description:
The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (1332).

Any ideas on how to fix this?

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

MS Support

by BloomU In reply to Event ID 1202 and 1000 in ...

CAUSE
This issue can occur for any of the following reasons:

You installed a program, which creates user accounts and assigns rights to those user accounts. Later, you remove the program, which deletes the user accounts, but does not remove therights from policy before the accounts are deleted.
You add a user account and assign rights to the account. Later, you delete the account, but you do not remove the account from the user rights policy.


RESOLUTION
To resolve this issue, follow these steps:

Add the ExtensionDebugLevel DWORD value with the value data 2 to the following registry key:


HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\
GPExtension\{827...}
NOTE: In the registry key, any GUID starting with "{827".


Under the command window, type: secedit /refreshpolicy machine_policy /enforce to generate the Winlogon.log file in the windir\security\logs folder.


Search the Winlogon.log file for deleted user accounts.


Confirm that this user account is not located in any of the User Rights Assignments in the Default Domain Controllers policy as well as in the Local Security Policy, under the effective settings column.

For additional information about the User Rights Policy, click the article number below to view the article in the Microsoft Knowledge Base:
Q234237 Assign Log On locally Rights to Windows 2000 Domain Controller

NOTE: The article above describes how to add a user to the list. In this case you use the same procedure except you delete a user account from the list.

Collapse -

same error

by cwhite In reply to Event ID 1202 and 1000 in ...

I am getting the same error messages in the event log every 5 minutes or so. I have searched microsoft site and found resolutions. I have tried them ALL, and to no avail am still getting the errors. If you find a solution please post as will I. Good luck!!

Collapse -

event ID's 1202 and 1000

by dave517 In reply to Event ID 1202 and 1000 in ...

I just had this same problem. The fix involves editing the registry.
1. add the ExtensionDebugLevel DWORD value with the value data 2 to the following registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\GPExtension\{827...} Note: in the registry key, any GUID starting with "{827..."
2.In the command window, type secedit /refreshpolicy machine_policy /enforce to generate the Winlogon.log file.
3. Restart the Netlogon service.
4. Search the Winlogon.logfile for the account with the 1332 error code. (A deleted user account)
5. Confirm that this user account is not located in any of the User Rights Assignments in the Default Domain Controllers policy as well as in the Local Security Policy, under the effective settings column.

This took care of the problem for me. A more detailed explanation can be found in article Q247482 in the Microsoft Knowledge Base.

Back to IT Employment Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums