SceCli Error 1202 filling up the Event Log!

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

Since yesterday we are getting the following error on our main file server
every 5 minutes. There are no other errors and, up until now, the box
hasn't been touched for over a month and Group Policys haven't been touched.
Our other DC's are reporting that "Security policy has been applied
successfully".

Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Description:
Security policies are propagated with warning. 0x4b8 : An extended error has
occurred.

I've read through the JSI and Microsoft articles I can find on this, but all
seem to rely on associated error messages to find the fault. FWIW, the
Winlogon.log file shows:

Error 1208: An extended error has occurred.
Error deleting SCP.

Help! What is going on??

Thanks,
Cameron:-)
15 answers Last reply
More about scecli error 1202 filling event
  1. Archived from groups: microsoft.public.win2000.advanced_server (More info?)

    The folowing articels were returned from the KB with a boolean search (scecli and 1202 and (1208 or 0x4b8)):
    http://support.microsoft.com?kbid=260715 "Event ID 1000 and 1202 After Configuring Policies "
    http://support.microsoft.com?kbid=278316 "ESENT event IDs 1000 1202 412 and 454 are logged repeatedly in the Application log "
    http://support.microsoft.com?kbid=285903 "At Startup Error 1332 Occurs Message Reports Lack of Mapping Between Account Names and Security IDs Inability to Find Power Users "
    http://support.microsoft.com?kbid=296854 "Restricted Groups Are Limited to Local Domain Members Only "
    http://support.microsoft.com?kbid=324383 "Troubleshooting SCECLI 1202 Events "
    http://support.microsoft.com?kbid=827012 "#34Windows Cannot Read Template Information#34 Error Message When You Try to View a Windows XP-based Template in a Windows 2000 Domain "
    http://support.microsoft.com?kbid=835901 "A Restricted Groups policy setting may not remove security identifiers in Windows 2000 Server "


    On Tue, 22 Feb 2005 15:12:30 +1100, "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote:

    >Since yesterday we are getting the following error on our main file server
    >every 5 minutes. There are no other errors and, up until now, the box
    >hasn't been touched for over a month and Group Policys haven't been touched.
    >Our other DC's are reporting that "Security policy has been applied
    >successfully".
    >
    >Event Type: Warning
    >Event Source: SceCli
    >Event Category: None
    >Event ID: 1202
    >Description:
    >Security policies are propagated with warning. 0x4b8 : An extended error has
    >occurred.
    >
    >I've read through the JSI and Microsoft articles I can find on this, but all
    >seem to rely on associated error messages to find the fault. FWIW, the
    >Winlogon.log file shows:
    >
    >Error 1208: An extended error has occurred.
    > Error deleting SCP.
    >
    >Help! What is going on??
    >
    >Thanks,
    >Cameron:-)
    >
    >


    Jerold Schulman
    Windows Server MVP
    JSI, Inc.
    http://www.jsiinc.com
  2. Archived from groups: microsoft.public.win2000.advanced_server (More info?)

    Thanks Jerold, but perhaps you missed the following part of my post:

    >I've read through the JSI and Microsoft articles I can find on this,
    > but all seem to rely on ***associated error messages to find the fault***.
    (emphasis added)

    I've looked through most if not all of those articles but can find nothing
    that refers to the "0x4b8 error every five minutes" on it's own.

    Could you please point me in the right direction (ie. not around in
    circles)?? :-)

    Thanks,
    Cameron:-)

    "Jerold Schulman" <Jerry@jsiinc.com> wrote in message
    news:qadm115lb06ipqm8njknttbrtumo6pdspk@4ax.com...
    >
    > The folowing articels were returned from the KB with a boolean search
    (scecli and 1202 and (1208 or 0x4b8)):
    > http://support.microsoft.com?kbid=260715 "Event ID 1000 and 1202 After
    Configuring Policies "
    > http://support.microsoft.com?kbid=278316 "ESENT event IDs 1000 1202 412
    and 454 are logged repeatedly in the Application log "
    > http://support.microsoft.com?kbid=285903 "At Startup Error 1332 Occurs
    Message Reports Lack of Mapping Between Account Names and Security IDs
    Inability to Find Power Users "
    > http://support.microsoft.com?kbid=296854 "Restricted Groups Are Limited to
    Local Domain Members Only "
    > http://support.microsoft.com?kbid=324383 "Troubleshooting SCECLI 1202
    Events "
    > http://support.microsoft.com?kbid=827012 "#34Windows Cannot Read Template
    Information#34 Error Message When You Try to View a Windows XP-based
    Template in a Windows 2000 Domain "
    > http://support.microsoft.com?kbid=835901 "A Restricted Groups policy
    setting may not remove security identifiers in Windows 2000 Server "
    >
    >
    >
    > On Tue, 22 Feb 2005 15:12:30 +1100, "Cameron Dorrough"
    <cdorrough@nortonconsultants.com> wrote:
    >
    > >Since yesterday we are getting the following error on our main file
    server
    > >every 5 minutes. There are no other errors and, up until now, the box
    > >hasn't been touched for over a month and Group Policys haven't been
    touched.
    > >Our other DC's are reporting that "Security policy has been applied
    > >successfully".
    > >
    > >Event Type: Warning
    > >Event Source: SceCli
    > >Event Category: None
    > >Event ID: 1202
    > >Description:
    > >Security policies are propagated with warning. 0x4b8 : An extended error
    has
    > >occurred.
    > >
    > >I've read through the JSI and Microsoft articles I can find on this, but
    all
    > >seem to rely on associated error messages to find the fault. FWIW, the
    > >Winlogon.log file shows:
    > >
    > >Error 1208: An extended error has occurred.
    > > Error deleting SCP.
    > >
    > >Help! What is going on??
    > >
    > >Thanks,
    > >Cameron:-)
    > >
    > >
    >
    >
    > Jerold Schulman
    > Windows Server MVP
    > JSI, Inc.
    > http://www.jsiinc.com
  3. Archived from groups: microsoft.public.win2000.advanced_server (More info?)

    Okay, maybe I should have been a bit more specific..

    The bottom part of my Winlogon.log shows:

    Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
    Error 1208: An extended error has occurred.
    Error deleting SCP.
    ----Configuration engine is initialized with error.----

    Does anyone know how I can fix this?

    Thanks,
    Cameron:-)

    "Jerold Schulman" <Jerry@jsiinc.com> wrote in message
    news:qadm115lb06ipqm8njknttbrtumo6pdspk@4ax.com...
    >
    > The folowing articels were returned from the KB with a boolean search
    (scecli and 1202 and (1208 or 0x4b8)):
    > http://support.microsoft.com?kbid=260715 "Event ID 1000 and 1202 After
    Configuring Policies "
    > http://support.microsoft.com?kbid=278316 "ESENT event IDs 1000 1202 412
    and 454 are logged repeatedly in the Application log "
    > http://support.microsoft.com?kbid=285903 "At Startup Error 1332 Occurs
    Message Reports Lack of Mapping Between Account Names and Security IDs
    Inability to Find Power Users "
    > http://support.microsoft.com?kbid=296854 "Restricted Groups Are Limited to
    Local Domain Members Only "
    > http://support.microsoft.com?kbid=324383 "Troubleshooting SCECLI 1202
    Events "
    > http://support.microsoft.com?kbid=827012 "#34Windows Cannot Read Template
    Information#34 Error Message When You Try to View a Windows XP-based
    Template in a Windows 2000 Domain "
    > http://support.microsoft.com?kbid=835901 "A Restricted Groups policy
    setting may not remove security identifiers in Windows 2000 Server "
    >
    >
    >
    > On Tue, 22 Feb 2005 15:12:30 +1100, "Cameron Dorrough"
    <cdorrough@nortonconsultants.com> wrote:
    >
    > >Since yesterday we are getting the following error on our main file
    server
    > >every 5 minutes. There are no other errors and, up until now, the box
    > >hasn't been touched for over a month and Group Policys haven't been
    touched.
    > >Our other DC's are reporting that "Security policy has been applied
    > >successfully".
    > >
    > >Event Type: Warning
    > >Event Source: SceCli
    > >Event Category: None
    > >Event ID: 1202
    > >Description:
    > >Security policies are propagated with warning. 0x4b8 : An extended error
    has
    > >occurred.
    > >
    > >I've read through the JSI and Microsoft articles I can find on this, but
    all
    > >seem to rely on associated error messages to find the fault. FWIW, the
    > >Winlogon.log file shows:
    > >
    > >Error 1208: An extended error has occurred.
    > > Error deleting SCP.
    > >
    > >Help! What is going on??
    > >
    > >Thanks,
    > >Cameron:-)
    > >
    > >
    >
    >
    > Jerold Schulman
    > Windows Server MVP
    > JSI, Inc.
    > http://www.jsiinc.com
  4. Archived from groups: microsoft.public.win2000.advanced_server (More info?)

    I suggest you turn up winlogon logging to possibly get more detail on this.


    Registry Location -
    HKLM\Software\Microsoft\WindowsNT\CurrentVersion\WinLogon\GPExtensions\
    {827D319E-6EAC-11D2-A4EA-00C04F79F83A

    Registry Setting - Add the REG_DWORD value "ExtensionDebugLevel"
    and set it to 0x2

    Then execute a gpupdate /force
    verify you get the 1202 event

    Then review and post the winlogon.log to this thread.


    --
    Glenn L
    CCNA, MCSE 2000/2003 + Security

    "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in message
    news:cvgden$m3c$1@news-02.connect.com.au...
    > Okay, maybe I should have been a bit more specific..
    >
    > The bottom part of my Winlogon.log shows:
    >
    > Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
    > Error 1208: An extended error has occurred.
    > Error deleting SCP.
    > ----Configuration engine is initialized with error.----
    >
    > Does anyone know how I can fix this?
    >
    > Thanks,
    > Cameron:-)
    >
    > "Jerold Schulman" <Jerry@jsiinc.com> wrote in message
    > news:qadm115lb06ipqm8njknttbrtumo6pdspk@4ax.com...
    >>
    >> The folowing articels were returned from the KB with a boolean search
    > (scecli and 1202 and (1208 or 0x4b8)):
    >> http://support.microsoft.com?kbid=260715 "Event ID 1000 and 1202 After
    > Configuring Policies "
    >> http://support.microsoft.com?kbid=278316 "ESENT event IDs 1000 1202 412
    > and 454 are logged repeatedly in the Application log "
    >> http://support.microsoft.com?kbid=285903 "At Startup Error 1332 Occurs
    > Message Reports Lack of Mapping Between Account Names and Security IDs
    > Inability to Find Power Users "
    >> http://support.microsoft.com?kbid=296854 "Restricted Groups Are Limited
    >> to
    > Local Domain Members Only "
    >> http://support.microsoft.com?kbid=324383 "Troubleshooting SCECLI 1202
    > Events "
    >> http://support.microsoft.com?kbid=827012 "#34Windows Cannot Read Template
    > Information#34 Error Message When You Try to View a Windows XP-based
    > Template in a Windows 2000 Domain "
    >> http://support.microsoft.com?kbid=835901 "A Restricted Groups policy
    > setting may not remove security identifiers in Windows 2000 Server "
    >>
    >>
    >>
    >> On Tue, 22 Feb 2005 15:12:30 +1100, "Cameron Dorrough"
    > <cdorrough@nortonconsultants.com> wrote:
    >>
    >> >Since yesterday we are getting the following error on our main file
    > server
    >> >every 5 minutes. There are no other errors and, up until now, the box
    >> >hasn't been touched for over a month and Group Policys haven't been
    > touched.
    >> >Our other DC's are reporting that "Security policy has been applied
    >> >successfully".
    >> >
    >> >Event Type: Warning
    >> >Event Source: SceCli
    >> >Event Category: None
    >> >Event ID: 1202
    >> >Description:
    >> >Security policies are propagated with warning. 0x4b8 : An extended error
    > has
    >> >occurred.
    >> >
    >> >I've read through the JSI and Microsoft articles I can find on this, but
    > all
    >> >seem to rely on associated error messages to find the fault. FWIW, the
    >> >Winlogon.log file shows:
    >> >
    >> >Error 1208: An extended error has occurred.
    >> > Error deleting SCP.
    >> >
    >> >Help! What is going on??
    >> >
    >> >Thanks,
    >> >Cameron:-)
    >> >
    >> >
    >>
    >>
    >> Jerold Schulman
    >> Windows Server MVP
    >> JSI, Inc.
    >> http://www.jsiinc.com
    >
    >
  5. Archived from groups: microsoft.public.win2000.advanced_server (More info?)

    Thanks Glenn, I'd already set the ExtensionDebugLevel to 0x2.. is there
    anything else I can do?

    The App Log is filling up every couple of days with the SceCli error and
    nothing else! If there were any other errors, this might have been fixed by
    now. I'll include the entire Winlogon.log file below. None of it means
    anything to me (or to Microsoft apparently):

    *************************
    Error 0 to send control flag 1 over to server.
    GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
    GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )

    [Mapping] gpt00000.dom = Default Domain Policy
    -------------------------------------------
    03/01/2005 13:09:58
    Administrative privileged user logged on.
    Invoke Registry Value Delay Filter.
    Analyze machine\software\microsoft\windows
    nt\currentversion\setup\recoveryconsole\securitylevel.
    Analyze machine\software\microsoft\windows
    nt\currentversion\setup\recoveryconsole\setcommand.
    Analyze machine\software\microsoft\windows
    nt\currentversion\winlogon\allocatecdroms.
    Analyze machine\software\microsoft\windows
    nt\currentversion\winlogon\allocatedasd.
    Analyze machine\software\microsoft\windows
    nt\currentversion\winlogon\allocatefloppies.
    Analyze machine\software\microsoft\windows
    nt\currentversion\winlogon\cachedlogonscount.
    Analyze machine\software\microsoft\windows
    nt\currentversion\winlogon\passwordexpirywarning.
    Analyze machine\software\microsoft\windows
    nt\currentversion\winlogon\scremoveoption.
    Analyze
    machine\software\microsoft\windows\currentversion\policies\system\disablecad
    ..
    Analyze
    machine\software\microsoft\windows\currentversion\policies\system\dontdispla
    ylastusername.
    Analyze
    machine\software\microsoft\windows\currentversion\policies\system\legalnotic
    ecaption.
    Analyze
    machine\software\microsoft\windows\currentversion\policies\system\legalnotic
    etext.
    Analyze
    machine\software\microsoft\windows\currentversion\policies\system\shutdownwi
    thoutlogon.
    Analyze machine\system\currentcontrolset\control\lsa\auditbaseobjects.
    Analyze machine\system\currentcontrolset\control\lsa\crashonauditfail.
    Analyze machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
    Analyze machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
    Analyze machine\system\currentcontrolset\control\lsa\restrictanonymous.
    Analyze machine\system\currentcontrolset\control\print\providers\lanman
    print services\servers\addprinterdrivers.
    Analyze machine\system\currentcontrolset\control\session manager\memory
    management\clearpagefileatshutdown.
    Analyze machine\system\currentcontrolset\control\session
    manager\protectionmode.
    Analyze
    machine\system\currentcontrolset\services\lanmanserver\parameters\autodiscon
    nect.
    Analyze
    machine\system\currentcontrolset\services\lanmanserver\parameters\enableforc
    edlogoff.
    Analyze
    machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecu
    ritysignature.
    Analyze
    machine\system\currentcontrolset\services\lanmanserver\parameters\requiresec
    uritysignature.
    Analyze
    machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
    eplaintextpassword.
    Analyze
    machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
    esecuritysignature.
    Analyze
    machine\system\currentcontrolset\services\lanmanworkstation\parameters\requi
    resecuritysignature.
    Analyze
    machine\system\currentcontrolset\services\netlogon\parameters\disablepasswor
    dchange.
    Analyze
    machine\system\currentcontrolset\services\netlogon\parameters\requiresignors
    eal.
    Analyze
    machine\system\currentcontrolset\services\netlogon\parameters\requirestrongk
    ey.
    Analyze
    machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechan
    nel.
    Analyze
    machine\system\currentcontrolset\services\netlogon\parameters\signsecurechan
    nel.
    Analyze MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl.
    Analyze MACHINE\Software\Microsoft\Non-Driver Signing\Policy.
    Analyze MACHINE\Software\Microsoft\Driver Signing\Policy.
    Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
    Error 1208: An extended error has occurred.
    Error deleting SCP.
    ----Configuration engine is initialized with error.----

    ----Un-initialize configuration engine...

    I am rather frustrated but I do appreciate your help.

    BTW, 'gpupdate' doesn't seem to work, but 'secedit' does and that's how I
    generated the above..

    Thanks again,
    Cameron:-)

    "Glenn L" <the.only(delete)@gmail dot com> wrote in message
    news:edpIuIfHFHA.2924@TK2MSFTNGP15.phx.gbl...
    > I suggest you turn up winlogon logging to possibly get more detail on
    this.
    >
    >
    > Registry Location -
    > HKLM\Software\Microsoft\WindowsNT\CurrentVersion\WinLogon\GPExtensions\
    > {827D319E-6EAC-11D2-A4EA-00C04F79F83A
    >
    > Registry Setting - Add the REG_DWORD value "ExtensionDebugLevel"
    > and set it to 0x2
    >
    > Then execute a gpupdate /force
    > verify you get the 1202 event
    >
    > Then review and post the winlogon.log to this thread.
    >
    >
    > --
    > Glenn L
    > CCNA, MCSE 2000/2003 + Security
    >
    > "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in message
    > news:cvgden$m3c$1@news-02.connect.com.au...
    > > Okay, maybe I should have been a bit more specific..
    > >
    > > The bottom part of my Winlogon.log shows:
    > >
    > > Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
    > > Error 1208: An extended error has occurred.
    > > Error deleting SCP.
    > > ----Configuration engine is initialized with error.----
    > >
    > > Does anyone know how I can fix this?
    > >
    > > Thanks,
    > > Cameron:-)
    > >
    > > "Jerold Schulman" <Jerry@jsiinc.com> wrote in message
    > > news:qadm115lb06ipqm8njknttbrtumo6pdspk@4ax.com...
    > >>
    > >> The folowing articels were returned from the KB with a boolean search
    > > (scecli and 1202 and (1208 or 0x4b8)):
    > >> http://support.microsoft.com?kbid=260715 "Event ID 1000 and 1202 After
    > > Configuring Policies "
    > >> http://support.microsoft.com?kbid=278316 "ESENT event IDs 1000 1202 412
    > > and 454 are logged repeatedly in the Application log "
    > >> http://support.microsoft.com?kbid=285903 "At Startup Error 1332 Occurs
    > > Message Reports Lack of Mapping Between Account Names and Security IDs
    > > Inability to Find Power Users "
    > >> http://support.microsoft.com?kbid=296854 "Restricted Groups Are Limited
    > >> to
    > > Local Domain Members Only "
    > >> http://support.microsoft.com?kbid=324383 "Troubleshooting SCECLI 1202
    > > Events "
    > >> http://support.microsoft.com?kbid=827012 "#34Windows Cannot Read
    Template
    > > Information#34 Error Message When You Try to View a Windows XP-based
    > > Template in a Windows 2000 Domain "
    > >> http://support.microsoft.com?kbid=835901 "A Restricted Groups policy
    > > setting may not remove security identifiers in Windows 2000 Server "
    > >>
    > >>
    > >>
    > >> On Tue, 22 Feb 2005 15:12:30 +1100, "Cameron Dorrough"
    > > <cdorrough@nortonconsultants.com> wrote:
    > >>
    > >> >Since yesterday we are getting the following error on our main file
    > > server
    > >> >every 5 minutes. There are no other errors and, up until now, the box
    > >> >hasn't been touched for over a month and Group Policys haven't been
    > > touched.
    > >> >Our other DC's are reporting that "Security policy has been applied
    > >> >successfully".
    > >> >
    > >> >Event Type: Warning
    > >> >Event Source: SceCli
    > >> >Event Category: None
    > >> >Event ID: 1202
    > >> >Description:
    > >> >Security policies are propagated with warning. 0x4b8 : An extended
    error
    > > has
    > >> >occurred.
    > >> >
    > >> >I've read through the JSI and Microsoft articles I can find on this,
    but
    > > all
    > >> >seem to rely on associated error messages to find the fault. FWIW,
    the
    > >> >Winlogon.log file shows:
    > >> >
    > >> >Error 1208: An extended error has occurred.
    > >> > Error deleting SCP.
    > >> >
    > >> >Help! What is going on??
    > >> >
    > >> >Thanks,
    > >> >Cameron:-)
    > >> >
    > >> >
    > >>
    > >>
    > >> Jerold Schulman
    > >> Windows Server MVP
    > >> JSI, Inc.
    > >> http://www.jsiinc.com
    > >
    > >
    >
    >
  6. Archived from groups: microsoft.public.win2000.advanced_server (More info?)

    I have never seen "Error deleting SCP" and don't really know specifically
    what SCP stands for.
    I don't know of any increased logging short of attaching a debugger to
    winlogon.exe to find out what scecli.dll is doing when it applies.
    However, I suspect this can be fixed by simply blowing away the local
    security database and have it recreated.

    The procedure is straight forward, however you need to prepare for it and
    plan for a short outage in service.
    This is just a member server right?
    the database (local group policy) contains out of the box security settings.
    If you have made any modifications to the local group policy under "computer
    configuration\windows settings\security settings, you should inventory those
    settings.
    Once the settings are inventoried, do the following:

    browse to c:\windows\security\database & rename secedit.sdb
    browse to c:\windows\security & rename edb.chk, edb.log, res1.log, &
    res2.log
    reboot the server. A new blank database, chkpoint, and logs will be
    created.
    All default out of the box security and local group policy settings are gone
    at this point.
    You need to reapply them to the server.
    follow the procedure in http://support.microsoft.com/?kbid=313222
    This works on W2K and W2K3 server as well.
    Then reapply local security settings you inventoried previously.
    At this point you should be able to execute a gpupdate /force and get a
    *happy* scecli 1704 event.

    Cheers!

    --
    Glenn L
    CCNA, MCSE 2000/2003 + Security

    "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in message
    news:d00jf6$3f1$1@news-02.connect.com.au...
    > Thanks Glenn, I'd already set the ExtensionDebugLevel to 0x2.. is there
    > anything else I can do?
    >
    > The App Log is filling up every couple of days with the SceCli error and
    > nothing else! If there were any other errors, this might have been fixed
    > by
    > now. I'll include the entire Winlogon.log file below. None of it means
    > anything to me (or to Microsoft apparently):
    >
    > *************************
    > Error 0 to send control flag 1 over to server.
    > GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
    > GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
    >
    > [Mapping] gpt00000.dom = Default Domain Policy
    > -------------------------------------------
    > 03/01/2005 13:09:58
    > Administrative privileged user logged on.
    > Invoke Registry Value Delay Filter.
    > Analyze machine\software\microsoft\windows
    > nt\currentversion\setup\recoveryconsole\securitylevel.
    > Analyze machine\software\microsoft\windows
    > nt\currentversion\setup\recoveryconsole\setcommand.
    > Analyze machine\software\microsoft\windows
    > nt\currentversion\winlogon\allocatecdroms.
    > Analyze machine\software\microsoft\windows
    > nt\currentversion\winlogon\allocatedasd.
    > Analyze machine\software\microsoft\windows
    > nt\currentversion\winlogon\allocatefloppies.
    > Analyze machine\software\microsoft\windows
    > nt\currentversion\winlogon\cachedlogonscount.
    > Analyze machine\software\microsoft\windows
    > nt\currentversion\winlogon\passwordexpirywarning.
    > Analyze machine\software\microsoft\windows
    > nt\currentversion\winlogon\scremoveoption.
    > Analyze
    > machine\software\microsoft\windows\currentversion\policies\system\disablecad
    > .
    > Analyze
    > machine\software\microsoft\windows\currentversion\policies\system\dontdispla
    > ylastusername.
    > Analyze
    > machine\software\microsoft\windows\currentversion\policies\system\legalnotic
    > ecaption.
    > Analyze
    > machine\software\microsoft\windows\currentversion\policies\system\legalnotic
    > etext.
    > Analyze
    > machine\software\microsoft\windows\currentversion\policies\system\shutdownwi
    > thoutlogon.
    > Analyze machine\system\currentcontrolset\control\lsa\auditbaseobjects.
    > Analyze machine\system\currentcontrolset\control\lsa\crashonauditfail.
    > Analyze
    > machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
    > Analyze machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
    > Analyze machine\system\currentcontrolset\control\lsa\restrictanonymous.
    > Analyze machine\system\currentcontrolset\control\print\providers\lanman
    > print services\servers\addprinterdrivers.
    > Analyze machine\system\currentcontrolset\control\session manager\memory
    > management\clearpagefileatshutdown.
    > Analyze machine\system\currentcontrolset\control\session
    > manager\protectionmode.
    > Analyze
    > machine\system\currentcontrolset\services\lanmanserver\parameters\autodiscon
    > nect.
    > Analyze
    > machine\system\currentcontrolset\services\lanmanserver\parameters\enableforc
    > edlogoff.
    > Analyze
    > machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecu
    > ritysignature.
    > Analyze
    > machine\system\currentcontrolset\services\lanmanserver\parameters\requiresec
    > uritysignature.
    > Analyze
    > machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
    > eplaintextpassword.
    > Analyze
    > machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
    > esecuritysignature.
    > Analyze
    > machine\system\currentcontrolset\services\lanmanworkstation\parameters\requi
    > resecuritysignature.
    > Analyze
    > machine\system\currentcontrolset\services\netlogon\parameters\disablepasswor
    > dchange.
    > Analyze
    > machine\system\currentcontrolset\services\netlogon\parameters\requiresignors
    > eal.
    > Analyze
    > machine\system\currentcontrolset\services\netlogon\parameters\requirestrongk
    > ey.
    > Analyze
    > machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechan
    > nel.
    > Analyze
    > machine\system\currentcontrolset\services\netlogon\parameters\signsecurechan
    > nel.
    > Analyze MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl.
    > Analyze MACHINE\Software\Microsoft\Non-Driver Signing\Policy.
    > Analyze MACHINE\Software\Microsoft\Driver Signing\Policy.
    > Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
    > Error 1208: An extended error has occurred.
    > Error deleting SCP.
    > ----Configuration engine is initialized with error.----
    >
    > ----Un-initialize configuration engine...
    >
    > I am rather frustrated but I do appreciate your help.
    >
    > BTW, 'gpupdate' doesn't seem to work, but 'secedit' does and that's how I
    > generated the above..
    >
    > Thanks again,
    > Cameron:-)
    >
    > "Glenn L" <the.only(delete)@gmail dot com> wrote in message
    > news:edpIuIfHFHA.2924@TK2MSFTNGP15.phx.gbl...
    >> I suggest you turn up winlogon logging to possibly get more detail on
    > this.
    >>
    >>
    >> Registry Location -
    >> HKLM\Software\Microsoft\WindowsNT\CurrentVersion\WinLogon\GPExtensions\
    >> {827D319E-6EAC-11D2-A4EA-00C04F79F83A
    >>
    >> Registry Setting - Add the REG_DWORD value "ExtensionDebugLevel"
    >> and set it to 0x2
    >>
    >> Then execute a gpupdate /force
    >> verify you get the 1202 event
    >>
    >> Then review and post the winlogon.log to this thread.
    >>
    >>
    >> --
    >> Glenn L
    >> CCNA, MCSE 2000/2003 + Security
    >>
    >> "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in message
    >> news:cvgden$m3c$1@news-02.connect.com.au...
    >> > Okay, maybe I should have been a bit more specific..
    >> >
    >> > The bottom part of my Winlogon.log shows:
    >> >
    >> > Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
    >> > Error 1208: An extended error has occurred.
    >> > Error deleting SCP.
    >> > ----Configuration engine is initialized with error.----
    >> >
    >> > Does anyone know how I can fix this?
    >> >
    >> > Thanks,
    >> > Cameron:-)
    >> >
    >> > "Jerold Schulman" <Jerry@jsiinc.com> wrote in message
    >> > news:qadm115lb06ipqm8njknttbrtumo6pdspk@4ax.com...
    >> >>
    >> >> The folowing articels were returned from the KB with a boolean search
    >> > (scecli and 1202 and (1208 or 0x4b8)):
    >> >> http://support.microsoft.com?kbid=260715 "Event ID 1000 and 1202 After
    >> > Configuring Policies "
    >> >> http://support.microsoft.com?kbid=278316 "ESENT event IDs 1000 1202
    >> >> 412
    >> > and 454 are logged repeatedly in the Application log "
    >> >> http://support.microsoft.com?kbid=285903 "At Startup Error 1332 Occurs
    >> > Message Reports Lack of Mapping Between Account Names and Security IDs
    >> > Inability to Find Power Users "
    >> >> http://support.microsoft.com?kbid=296854 "Restricted Groups Are
    >> >> Limited
    >> >> to
    >> > Local Domain Members Only "
    >> >> http://support.microsoft.com?kbid=324383 "Troubleshooting SCECLI 1202
    >> > Events "
    >> >> http://support.microsoft.com?kbid=827012 "#34Windows Cannot Read
    > Template
    >> > Information#34 Error Message When You Try to View a Windows XP-based
    >> > Template in a Windows 2000 Domain "
    >> >> http://support.microsoft.com?kbid=835901 "A Restricted Groups policy
    >> > setting may not remove security identifiers in Windows 2000 Server "
    >> >>
    >> >>
    >> >>
    >> >> On Tue, 22 Feb 2005 15:12:30 +1100, "Cameron Dorrough"
    >> > <cdorrough@nortonconsultants.com> wrote:
    >> >>
    >> >> >Since yesterday we are getting the following error on our main file
    >> > server
    >> >> >every 5 minutes. There are no other errors and, up until now, the
    >> >> >box
    >> >> >hasn't been touched for over a month and Group Policys haven't been
    >> > touched.
    >> >> >Our other DC's are reporting that "Security policy has been applied
    >> >> >successfully".
    >> >> >
    >> >> >Event Type: Warning
    >> >> >Event Source: SceCli
    >> >> >Event Category: None
    >> >> >Event ID: 1202
    >> >> >Description:
    >> >> >Security policies are propagated with warning. 0x4b8 : An extended
    > error
    >> > has
    >> >> >occurred.
    >> >> >
    >> >> >I've read through the JSI and Microsoft articles I can find on this,
    > but
    >> > all
    >> >> >seem to rely on associated error messages to find the fault. FWIW,
    > the
    >> >> >Winlogon.log file shows:
    >> >> >
    >> >> >Error 1208: An extended error has occurred.
    >> >> > Error deleting SCP.
    >> >> >
    >> >> >Help! What is going on??
    >> >> >
    >> >> >Thanks,
    >> >> >Cameron:-)
    >> >> >
    >> >> >
    >> >>
    >> >>
    >> >> Jerold Schulman
    >> >> Windows Server MVP
    >> >> JSI, Inc.
    >> >> http://www.jsiinc.com
    >> >
    >> >
    >>
    >>
    >
    >
  7. Archived from groups: microsoft.public.win2000.advanced_server (More info?)

    "Glenn L" <the.only(delete)@gmail dot com> wrote in message
    news:OQ1JGmhHFHA.3612@TK2MSFTNGP09.phx.gbl...
    > I have never seen "Error deleting SCP" and don't really know specifically
    > what SCP stands for.
    > I don't know of any increased logging short of attaching a debugger to
    > winlogon.exe to find out what scecli.dll is doing when it applies.
    > However, I suspect this can be fixed by simply blowing away the local
    > security database and have it recreated.

    Thanks heaps, Glenn - that is exactly the sort of info I need! :-)

    I will try that and let you know how I get on.

    Cameron:-)
  8. Archived from groups: microsoft.public.win2000.advanced_server (More info?)

    Glenn, it works!! :-)

    I followed your procedure late last night and checked the event log this
    morning and it is now full of nice blue information messages. Thanks
    heaps - now I can get back to some real work! :-)

    Stuff knows what went wrong - AFAIK nobody had touched the machine or
    changed policy settings in ages..

    I've left your instructions below in case anyone else ever has a similar
    issue (one change - I had to boot into Safe mode to change the file names..
    ;-)

    Have a great day.

    Cameron:-)

    "Glenn L" <the.only(delete)@gmail dot com> wrote in message
    news:OQ1JGmhHFHA.3612@TK2MSFTNGP09.phx.gbl...
    > I have never seen "Error deleting SCP" and don't really know specifically
    > what SCP stands for.
    > I don't know of any increased logging short of attaching a debugger to
    > winlogon.exe to find out what scecli.dll is doing when it applies.
    > However, I suspect this can be fixed by simply blowing away the local
    > security database and have it recreated.
    >
    > The procedure is straight forward, however you need to prepare for it and
    > plan for a short outage in service.
    > This is just a member server right?
    > the database (local group policy) contains out of the box security
    settings.
    > If you have made any modifications to the local group policy under
    "computer
    > configuration\windows settings\security settings, you should inventory
    those
    > settings.
    > Once the settings are inventoried, do the following:
    >
    > browse to c:\windows\security\database & rename secedit.sdb
    > browse to c:\windows\security & rename edb.chk, edb.log, res1.log, &
    > res2.log
    > reboot the server. A new blank database, chkpoint, and logs will be
    > created.
    > All default out of the box security and local group policy settings are
    gone
    > at this point.
    > You need to reapply them to the server.
    > follow the procedure in http://support.microsoft.com/?kbid=313222
    > This works on W2K and W2K3 server as well.
    > Then reapply local security settings you inventoried previously.
    > At this point you should be able to execute a gpupdate /force and get a
    > *happy* scecli 1704 event.
    >
    > Cheers!
    >
    > --
    > Glenn L
    > CCNA, MCSE 2000/2003 + Security
    >
  9. Archived from groups: microsoft.public.win2000.advanced_server (More info?)

    Glenn,

    I have the same exact problem that Cameron Dorrough had reported. I am
    attempting to bring a new Win2003 DC online which will eventually replace my
    Win2000 DC (2 separate machines). I receive the same error on my Win2003
    box. My Win2000 DC applies GP fine. I have attempted your solution, but
    after restarting the Win2003 server, the secedit.sdb database does not get
    rebuilt, thought the log and chk files do. I know receive different events
    the in Applicaiton log, due the non existence of the secedit.sdb. I have
    found KB article 278316 which describes how to recreate it, but when I
    attempt to import any .inf template. I receive messages under two scenarios:



    I have been unsuccessful in recreating the secedit.sdb. I found KB
    articleCan you provide any insight?

    "Glenn L" wrote:

    > I have never seen "Error deleting SCP" and don't really know specifically
    > what SCP stands for.
    > I don't know of any increased logging short of attaching a debugger to
    > winlogon.exe to find out what scecli.dll is doing when it applies.
    > However, I suspect this can be fixed by simply blowing away the local
    > security database and have it recreated.
    >
    > The procedure is straight forward, however you need to prepare for it and
    > plan for a short outage in service.
    > This is just a member server right?
    > the database (local group policy) contains out of the box security settings.
    > If you have made any modifications to the local group policy under "computer
    > configuration\windows settings\security settings, you should inventory those
    > settings.
    > Once the settings are inventoried, do the following:
    >
    > browse to c:\windows\security\database & rename secedit.sdb
    > browse to c:\windows\security & rename edb.chk, edb.log, res1.log, &
    > res2.log
    > reboot the server. A new blank database, chkpoint, and logs will be
    > created.
    > All default out of the box security and local group policy settings are gone
    > at this point.
    > You need to reapply them to the server.
    > follow the procedure in http://support.microsoft.com/?kbid=313222
    > This works on W2K and W2K3 server as well.
    > Then reapply local security settings you inventoried previously.
    > At this point you should be able to execute a gpupdate /force and get a
    > *happy* scecli 1704 event.
    >
    > Cheers!
    >
    > --
    > Glenn L
    > CCNA, MCSE 2000/2003 + Security
    >
    > "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in message
    > news:d00jf6$3f1$1@news-02.connect.com.au...
    > > Thanks Glenn, I'd already set the ExtensionDebugLevel to 0x2.. is there
    > > anything else I can do?
    > >
    > > The App Log is filling up every couple of days with the SceCli error and
    > > nothing else! If there were any other errors, this might have been fixed
    > > by
    > > now. I'll include the entire Winlogon.log file below. None of it means
    > > anything to me (or to Microsoft apparently):
    > >
    > > *************************
    > > Error 0 to send control flag 1 over to server.
    > > GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
    > > GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
    > >
    > > [Mapping] gpt00000.dom = Default Domain Policy
    > > -------------------------------------------
    > > 03/01/2005 13:09:58
    > > Administrative privileged user logged on.
    > > Invoke Registry Value Delay Filter.
    > > Analyze machine\software\microsoft\windows
    > > nt\currentversion\setup\recoveryconsole\securitylevel.
    > > Analyze machine\software\microsoft\windows
    > > nt\currentversion\setup\recoveryconsole\setcommand.
    > > Analyze machine\software\microsoft\windows
    > > nt\currentversion\winlogon\allocatecdroms.
    > > Analyze machine\software\microsoft\windows
    > > nt\currentversion\winlogon\allocatedasd.
    > > Analyze machine\software\microsoft\windows
    > > nt\currentversion\winlogon\allocatefloppies.
    > > Analyze machine\software\microsoft\windows
    > > nt\currentversion\winlogon\cachedlogonscount.
    > > Analyze machine\software\microsoft\windows
    > > nt\currentversion\winlogon\passwordexpirywarning.
    > > Analyze machine\software\microsoft\windows
    > > nt\currentversion\winlogon\scremoveoption.
    > > Analyze
    > > machine\software\microsoft\windows\currentversion\policies\system\disablecad
    > > .
    > > Analyze
    > > machine\software\microsoft\windows\currentversion\policies\system\dontdispla
    > > ylastusername.
    > > Analyze
    > > machine\software\microsoft\windows\currentversion\policies\system\legalnotic
    > > ecaption.
    > > Analyze
    > > machine\software\microsoft\windows\currentversion\policies\system\legalnotic
    > > etext.
    > > Analyze
    > > machine\software\microsoft\windows\currentversion\policies\system\shutdownwi
    > > thoutlogon.
    > > Analyze machine\system\currentcontrolset\control\lsa\auditbaseobjects.
    > > Analyze machine\system\currentcontrolset\control\lsa\crashonauditfail.
    > > Analyze
    > > machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
    > > Analyze machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
    > > Analyze machine\system\currentcontrolset\control\lsa\restrictanonymous.
    > > Analyze machine\system\currentcontrolset\control\print\providers\lanman
    > > print services\servers\addprinterdrivers.
    > > Analyze machine\system\currentcontrolset\control\session manager\memory
    > > management\clearpagefileatshutdown.
    > > Analyze machine\system\currentcontrolset\control\session
    > > manager\protectionmode.
    > > Analyze
    > > machine\system\currentcontrolset\services\lanmanserver\parameters\autodiscon
    > > nect.
    > > Analyze
    > > machine\system\currentcontrolset\services\lanmanserver\parameters\enableforc
    > > edlogoff.
    > > Analyze
    > > machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecu
    > > ritysignature.
    > > Analyze
    > > machine\system\currentcontrolset\services\lanmanserver\parameters\requiresec
    > > uritysignature.
    > > Analyze
    > > machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
    > > eplaintextpassword.
    > > Analyze
    > > machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
    > > esecuritysignature.
    > > Analyze
    > > machine\system\currentcontrolset\services\lanmanworkstation\parameters\requi
    > > resecuritysignature.
    > > Analyze
    > > machine\system\currentcontrolset\services\netlogon\parameters\disablepasswor
    > > dchange.
    > > Analyze
    > > machine\system\currentcontrolset\services\netlogon\parameters\requiresignors
    > > eal.
    > > Analyze
    > > machine\system\currentcontrolset\services\netlogon\parameters\requirestrongk
    > > ey.
    > > Analyze
    > > machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechan
    > > nel.
    > > Analyze
    > > machine\system\currentcontrolset\services\netlogon\parameters\signsecurechan
    > > nel.
    > > Analyze MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl.
    > > Analyze MACHINE\Software\Microsoft\Non-Driver Signing\Policy.
    > > Analyze MACHINE\Software\Microsoft\Driver Signing\Policy.
    > > Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
    > > Error 1208: An extended error has occurred.
    > > Error deleting SCP.
    > > ----Configuration engine is initialized with error.----
    > >
    > > ----Un-initialize configuration engine...
    > >
    > > I am rather frustrated but I do appreciate your help.
    > >
    > > BTW, 'gpupdate' doesn't seem to work, but 'secedit' does and that's how I
    > > generated the above..
    > >
    > > Thanks again,
    > > Cameron:-)
    > >
    > > "Glenn L" <the.only(delete)@gmail dot com> wrote in message
    > > news:edpIuIfHFHA.2924@TK2MSFTNGP15.phx.gbl...
    > >> I suggest you turn up winlogon logging to possibly get more detail on
    > > this.
    > >>
    > >>
    > >> Registry Location -
    > >> HKLM\Software\Microsoft\WindowsNT\CurrentVersion\WinLogon\GPExtensions\
    > >> {827D319E-6EAC-11D2-A4EA-00C04F79F83A
    > >>
    > >> Registry Setting - Add the REG_DWORD value "ExtensionDebugLevel"
    > >> and set it to 0x2
    > >>
    > >> Then execute a gpupdate /force
    > >> verify you get the 1202 event
    > >>
    > >> Then review and post the winlogon.log to this thread.
    > >>
    > >>
    > >> --
    > >> Glenn L
    > >> CCNA, MCSE 2000/2003 + Security
    > >>
    > >> "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in message
    > >> news:cvgden$m3c$1@news-02.connect.com.au...
    > >> > Okay, maybe I should have been a bit more specific..
    > >> >
    > >> > The bottom part of my Winlogon.log shows:
    > >> >
    > >> > Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
    > >> > Error 1208: An extended error has occurred.
    > >> > Error deleting SCP.
    > >> > ----Configuration engine is initialized with error.----
    > >> >
    > >> > Does anyone know how I can fix this?
    > >> >
    > >> > Thanks,
    > >> > Cameron:-)
    > >> >
    > >> > "Jerold Schulman" <Jerry@jsiinc.com> wrote in message
    > >> > news:qadm115lb06ipqm8njknttbrtumo6pdspk@4ax.com...
    > >> >>
    > >> >> The folowing articels were returned from the KB with a boolean search
    > >> > (scecli and 1202 and (1208 or 0x4b8)):
    > >> >> http://support.microsoft.com?kbid=260715 "Event ID 1000 and 1202 After
    > >> > Configuring Policies "
    > >> >> http://support.microsoft.com?kbid=278316 "ESENT event IDs 1000 1202
    > >> >> 412
    > >> > and 454 are logged repeatedly in the Application log "
    > >> >> http://support.microsoft.com?kbid=285903 "At Startup Error 1332 Occurs
    > >> > Message Reports Lack of Mapping Between Account Names and Security IDs
    > >> > Inability to Find Power Users "
    > >> >> http://support.microsoft.com?kbid=296854 "Restricted Groups Are
    > >> >> Limited
    > >> >> to
    > >> > Local Domain Members Only "
    > >> >> http://support.microsoft.com?kbid=324383 "Troubleshooting SCECLI 1202
    > >> > Events "
    > >> >> http://support.microsoft.com?kbid=827012 "#34Windows Cannot Read
    > > Template
    > >> > Information#34 Error Message When You Try to View a Windows XP-based
    > >> > Template in a Windows 2000 Domain "
    > >> >> http://support.microsoft.com?kbid=835901 "A Restricted Groups policy
    > >> > setting may not remove security identifiers in Windows 2000 Server "
    > >> >>
    > >> >>
    > >> >>
    > >> >> On Tue, 22 Feb 2005 15:12:30 +1100, "Cameron Dorrough"
    > >> > <cdorrough@nortonconsultants.com> wrote:
    > >> >>
    > >> >> >Since yesterday we are getting the following error on our main file
    > >> > server
    > >> >> >every 5 minutes. There are no other errors and, up until now, the
    > >> >> >box
    > >> >> >hasn't been touched for over a month and Group Policys haven't been
    > >> > touched.
    > >> >> >Our other DC's are reporting that "Security policy has been applied
    > >> >> >successfully".
    > >> >> >
    > >> >> >Event Type: Warning
    > >> >> >Event Source: SceCli
    > >> >> >Event Category: None
    > >> >> >Event ID: 1202
    > >> >> >Description:
    > >> >> >Security policies are propagated with warning. 0x4b8 : An extended
    > > error
    > >> > has
    > >> >> >occurred.
    > >> >> >
    > >> >> >I've read through the JSI and Microsoft articles I can find on this,
    > > but
    > >> > all
    > >> >> >seem to rely on associated error messages to find the fault. FWIW,
    > > the
    > >> >> >Winlogon.log file shows:
    > >> >> >
    > >> >> >Error 1208: An extended error has occurred.
    > >> >> > Error deleting SCP.
    > >> >> >
    > >> >> >Help! What is going on??
    > >> >> >
    > >> >> >Thanks,
    > >> >> >Cameron:-)
    > >> >> >
    > >> >> >
    > >> >>
    > >> >>
    > >> >> Jerold Schulman
    > >> >> Windows Server MVP
    > >> >> JSI, Inc.
    > >> >> http://www.jsiinc.com
    > >> >
    > >> >
    > >>
    > >>
    > >
    > >
    >
    >
    >
  10. Archived from groups: microsoft.public.win2000.advanced_server (More info?)

    Please excuse my first post. My first message was inadvertantly posted
    before it was complete.

    Glenn,

    I have the same exact problem that Cameron Dorrough had reported. I am
    attempting to bring a new Win2003 DC online which will eventually replace my
    Win2000 DC (2 separate machines). I receive the same error on my Win2003
    box. My Win2000 DC applies GP fine. I have attempted your solution, but
    after restarting the Win2003 server, the secedit.sdb database does not get
    rebuilt, thought the log and chk files do.

    I now receive different events the in Applicaiton log, due the non existence
    of the secedit.sdb. I have found KB article 278316 which describes how to
    recreate it, but when I attempt to import any .inf template. I receive
    messages under two scenarios:
    Using secedit.sdb as the database name to create, I receive 'Access is
    denied.
    Import Failed. Make sure that you have rith right permissions to this
    object'.

    Using some other db name, such as test.sdb, I receive 'An extended error
    has
    occured. Import Failed'

    I receive the messages above regardless of the .inf I choose. I am logged
    in as Admistrator.
    Can you provide any insight?


    "LThibx" wrote:

    > Glenn,
    >
    > I have the same exact problem that Cameron Dorrough had reported. I am
    > attempting to bring a new Win2003 DC online which will eventually replace my
    > Win2000 DC (2 separate machines). I receive the same error on my Win2003
    > box. My Win2000 DC applies GP fine. I have attempted your solution, but
    > after restarting the Win2003 server, the secedit.sdb database does not get
    > rebuilt, thought the log and chk files do. I know receive different events
    > the in Applicaiton log, due the non existence of the secedit.sdb. I have
    > found KB article 278316 which describes how to recreate it, but when I
    > attempt to import any .inf template. I receive messages under two scenarios:
    >
    >
    >
    > I have been unsuccessful in recreating the secedit.sdb. I found KB
    > articleCan you provide any insight?
    >
    > "Glenn L" wrote:
    >
    > > I have never seen "Error deleting SCP" and don't really know specifically
    > > what SCP stands for.
    > > I don't know of any increased logging short of attaching a debugger to
    > > winlogon.exe to find out what scecli.dll is doing when it applies.
    > > However, I suspect this can be fixed by simply blowing away the local
    > > security database and have it recreated.
    > >
    > > The procedure is straight forward, however you need to prepare for it and
    > > plan for a short outage in service.
    > > This is just a member server right?
    > > the database (local group policy) contains out of the box security settings.
    > > If you have made any modifications to the local group policy under "computer
    > > configuration\windows settings\security settings, you should inventory those
    > > settings.
    > > Once the settings are inventoried, do the following:
    > >
    > > browse to c:\windows\security\database & rename secedit.sdb
    > > browse to c:\windows\security & rename edb.chk, edb.log, res1.log, &
    > > res2.log
    > > reboot the server. A new blank database, chkpoint, and logs will be
    > > created.
    > > All default out of the box security and local group policy settings are gone
    > > at this point.
    > > You need to reapply them to the server.
    > > follow the procedure in http://support.microsoft.com/?kbid=313222
    > > This works on W2K and W2K3 server as well.
    > > Then reapply local security settings you inventoried previously.
    > > At this point you should be able to execute a gpupdate /force and get a
    > > *happy* scecli 1704 event.
    > >
    > > Cheers!
    > >
    > > --
    > > Glenn L
    > > CCNA, MCSE 2000/2003 + Security
    > >
    > > "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in message
    > > news:d00jf6$3f1$1@news-02.connect.com.au...
    > > > Thanks Glenn, I'd already set the ExtensionDebugLevel to 0x2.. is there
    > > > anything else I can do?
    > > >
    > > > The App Log is filling up every couple of days with the SceCli error and
    > > > nothing else! If there were any other errors, this might have been fixed
    > > > by
    > > > now. I'll include the entire Winlogon.log file below. None of it means
    > > > anything to me (or to Microsoft apparently):
    > > >
    > > > *************************
    > > > Error 0 to send control flag 1 over to server.
    > > > GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
    > > > GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
    > > >
    > > > [Mapping] gpt00000.dom = Default Domain Policy
    > > > -------------------------------------------
    > > > 03/01/2005 13:09:58
    > > > Administrative privileged user logged on.
    > > > Invoke Registry Value Delay Filter.
    > > > Analyze machine\software\microsoft\windows
    > > > nt\currentversion\setup\recoveryconsole\securitylevel.
    > > > Analyze machine\software\microsoft\windows
    > > > nt\currentversion\setup\recoveryconsole\setcommand.
    > > > Analyze machine\software\microsoft\windows
    > > > nt\currentversion\winlogon\allocatecdroms.
    > > > Analyze machine\software\microsoft\windows
    > > > nt\currentversion\winlogon\allocatedasd.
    > > > Analyze machine\software\microsoft\windows
    > > > nt\currentversion\winlogon\allocatefloppies.
    > > > Analyze machine\software\microsoft\windows
    > > > nt\currentversion\winlogon\cachedlogonscount.
    > > > Analyze machine\software\microsoft\windows
    > > > nt\currentversion\winlogon\passwordexpirywarning.
    > > > Analyze machine\software\microsoft\windows
    > > > nt\currentversion\winlogon\scremoveoption.
    > > > Analyze
    > > > machine\software\microsoft\windows\currentversion\policies\system\disablecad
    > > > .
    > > > Analyze
    > > > machine\software\microsoft\windows\currentversion\policies\system\dontdispla
    > > > ylastusername.
    > > > Analyze
    > > > machine\software\microsoft\windows\currentversion\policies\system\legalnotic
    > > > ecaption.
    > > > Analyze
    > > > machine\software\microsoft\windows\currentversion\policies\system\legalnotic
    > > > etext.
    > > > Analyze
    > > > machine\software\microsoft\windows\currentversion\policies\system\shutdownwi
    > > > thoutlogon.
    > > > Analyze machine\system\currentcontrolset\control\lsa\auditbaseobjects.
    > > > Analyze machine\system\currentcontrolset\control\lsa\crashonauditfail.
    > > > Analyze
    > > > machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
    > > > Analyze machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
    > > > Analyze machine\system\currentcontrolset\control\lsa\restrictanonymous.
    > > > Analyze machine\system\currentcontrolset\control\print\providers\lanman
    > > > print services\servers\addprinterdrivers.
    > > > Analyze machine\system\currentcontrolset\control\session manager\memory
    > > > management\clearpagefileatshutdown.
    > > > Analyze machine\system\currentcontrolset\control\session
    > > > manager\protectionmode.
    > > > Analyze
    > > > machine\system\currentcontrolset\services\lanmanserver\parameters\autodiscon
    > > > nect.
    > > > Analyze
    > > > machine\system\currentcontrolset\services\lanmanserver\parameters\enableforc
    > > > edlogoff.
    > > > Analyze
    > > > machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecu
    > > > ritysignature.
    > > > Analyze
    > > > machine\system\currentcontrolset\services\lanmanserver\parameters\requiresec
    > > > uritysignature.
    > > > Analyze
    > > > machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
    > > > eplaintextpassword.
    > > > Analyze
    > > > machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
    > > > esecuritysignature.
    > > > Analyze
    > > > machine\system\currentcontrolset\services\lanmanworkstation\parameters\requi
    > > > resecuritysignature.
    > > > Analyze
    > > > machine\system\currentcontrolset\services\netlogon\parameters\disablepasswor
    > > > dchange.
    > > > Analyze
    > > > machine\system\currentcontrolset\services\netlogon\parameters\requiresignors
    > > > eal.
    > > > Analyze
    > > > machine\system\currentcontrolset\services\netlogon\parameters\requirestrongk
    > > > ey.
    > > > Analyze
    > > > machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechan
    > > > nel.
    > > > Analyze
    > > > machine\system\currentcontrolset\services\netlogon\parameters\signsecurechan
    > > > nel.
    > > > Analyze MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl.
    > > > Analyze MACHINE\Software\Microsoft\Non-Driver Signing\Policy.
    > > > Analyze MACHINE\Software\Microsoft\Driver Signing\Policy.
    > > > Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
    > > > Error 1208: An extended error has occurred.
    > > > Error deleting SCP.
    > > > ----Configuration engine is initialized with error.----
    > > >
    > > > ----Un-initialize configuration engine...
    > > >
    > > > I am rather frustrated but I do appreciate your help.
    > > >
    > > > BTW, 'gpupdate' doesn't seem to work, but 'secedit' does and that's how I
    > > > generated the above..
    > > >
    > > > Thanks again,
    > > > Cameron:-)
    > > >
    > > > "Glenn L" <the.only(delete)@gmail dot com> wrote in message
    > > > news:edpIuIfHFHA.2924@TK2MSFTNGP15.phx.gbl...
    > > >> I suggest you turn up winlogon logging to possibly get more detail on
    > > > this.
    > > >>
    > > >>
    > > >> Registry Location -
    > > >> HKLM\Software\Microsoft\WindowsNT\CurrentVersion\WinLogon\GPExtensions\
    > > >> {827D319E-6EAC-11D2-A4EA-00C04F79F83A
    > > >>
    > > >> Registry Setting - Add the REG_DWORD value "ExtensionDebugLevel"
    > > >> and set it to 0x2
    > > >>
    > > >> Then execute a gpupdate /force
    > > >> verify you get the 1202 event
    > > >>
    > > >> Then review and post the winlogon.log to this thread.
    > > >>
    > > >>
    > > >> --
    > > >> Glenn L
    > > >> CCNA, MCSE 2000/2003 + Security
    > > >>
    > > >> "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in message
    > > >> news:cvgden$m3c$1@news-02.connect.com.au...
    > > >> > Okay, maybe I should have been a bit more specific..
    > > >> >
    > > >> > The bottom part of my Winlogon.log shows:
    > > >> >
    > > >> > Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
    > > >> > Error 1208: An extended error has occurred.
    > > >> > Error deleting SCP.
    > > >> > ----Configuration engine is initialized with error.----
    > > >> >
    > > >> > Does anyone know how I can fix this?
    > > >> >
    > > >> > Thanks,
    > > >> > Cameron:-)
    > > >> >
    > > >> > "Jerold Schulman" <Jerry@jsiinc.com> wrote in message
    > > >> > news:qadm115lb06ipqm8njknttbrtumo6pdspk@4ax.com...
    > > >> >>
    > > >> >> The folowing articels were returned from the KB with a boolean search
    > > >> > (scecli and 1202 and (1208 or 0x4b8)):
    > > >> >> http://support.microsoft.com?kbid=260715 "Event ID 1000 and 1202 After
    > > >> > Configuring Policies "
    > > >> >> http://support.microsoft.com?kbid=278316 "ESENT event IDs 1000 1202
    > > >> >> 412
    > > >> > and 454 are logged repeatedly in the Application log "
    > > >> >> http://support.microsoft.com?kbid=285903 "At Startup Error 1332 Occurs
    > > >> > Message Reports Lack of Mapping Between Account Names and Security IDs
    > > >> > Inability to Find Power Users "
    > > >> >> http://support.microsoft.com?kbid=296854 "Restricted Groups Are
    > > >> >> Limited
    > > >> >> to
    > > >> > Local Domain Members Only "
    > > >> >> http://support.microsoft.com?kbid=324383 "Troubleshooting SCECLI 1202
    > > >> > Events "
    > > >> >> http://support.microsoft.com?kbid=827012 "#34Windows Cannot Read
    > > > Template
    > > >> > Information#34 Error Message When You Try to View a Windows XP-based
    > > >> > Template in a Windows 2000 Domain "
    > > >> >> http://support.microsoft.com?kbid=835901 "A Restricted Groups policy
    > > >> > setting may not remove security identifiers in Windows 2000 Server "
    > > >> >>
    > > >> >>
    > > >> >>
    > > >> >> On Tue, 22 Feb 2005 15:12:30 +1100, "Cameron Dorrough"
    > > >> > <cdorrough@nortonconsultants.com> wrote:
    > > >> >>
    > > >> >> >Since yesterday we are getting the following error on our main file
    > > >> > server
    > > >> >> >every 5 minutes. There are no other errors and, up until now, the
    > > >> >> >box
    > > >> >> >hasn't been touched for over a month and Group Policys haven't been
    > > >> > touched.
    > > >> >> >Our other DC's are reporting that "Security policy has been applied
    > > >> >> >successfully".
    > > >> >> >
    > > >> >> >Event Type: Warning
    > > >> >> >Event Source: SceCli
    > > >> >> >Event Category: None
    > > >> >> >Event ID: 1202
    > > >> >> >Description:
    > > >> >> >Security policies are propagated with warning. 0x4b8 : An extended
    > > > error
    > > >> > has
    > > >> >> >occurred.
    > > >> >> >
    > > >> >> >I've read through the JSI and Microsoft articles I can find on this,
    > > > but
    > > >> > all
    > > >> >> >seem to rely on associated error messages to find the fault. FWIW,
    > > > the
    > > >> >> >Winlogon.log file shows:
    > > >> >> >
    > > >> >> >Error 1208: An extended error has occurred.
    > > >> >> > Error deleting SCP.
    > > >> >> >
    > > >> >> >Help! What is going on??
    > > >> >> >
    > > >> >> >Thanks,
    > > >> >> >Cameron:-)
    > > >> >> >
    > > >> >> >
    > > >> >>
    > > >> >>
    > > >> >> Jerold Schulman
    > > >> >> Windows Server MVP
    > > >> >> JSI, Inc.
    > > >> >> http://www.jsiinc.com
    > > >> >
    > > >> >
    > > >>
    > > >>
    > > >
    > > >
    > >
    > >
    > >
  11. Archived from groups: microsoft.public.win2000.advanced_server (More info?)

    Hi. A quick question: Are you doing this in Safe Mode??

    My system has been fine ever since. Good luck :-)

    Cameron:-)

    "LThibx" <lthibx@discussions.microsoft.com> wrote in message
    news:FE3AF5D9-50BC-41EF-BEC1-7874AADD91A3@microsoft.com...
    > Please excuse my first post. My first message was inadvertantly posted
    > before it was complete.
    >
    > Glenn,
    >
    > I have the same exact problem that Cameron Dorrough had reported. I am
    > attempting to bring a new Win2003 DC online which will eventually replace
    my
    > Win2000 DC (2 separate machines). I receive the same error on my Win2003
    > box. My Win2000 DC applies GP fine. I have attempted your solution, but
    > after restarting the Win2003 server, the secedit.sdb database does not get
    > rebuilt, thought the log and chk files do.
    >
    > I now receive different events the in Applicaiton log, due the non
    existence
    > of the secedit.sdb. I have found KB article 278316 which describes how to
    > recreate it, but when I attempt to import any .inf template. I receive
    > messages under two scenarios:
    > Using secedit.sdb as the database name to create, I receive 'Access is
    > denied.
    > Import Failed. Make sure that you have rith right permissions to this
    > object'.
    >
    > Using some other db name, such as test.sdb, I receive 'An extended
    error
    > has
    > occured. Import Failed'
    >
    > I receive the messages above regardless of the .inf I choose. I am logged
    > in as Admistrator.
    > Can you provide any insight?
    >
    >
    >
    > "LThibx" wrote:
    >
    > > Glenn,
    > >
    > > I have the same exact problem that Cameron Dorrough had reported. I am
    > > attempting to bring a new Win2003 DC online which will eventually
    replace my
    > > Win2000 DC (2 separate machines). I receive the same error on my
    Win2003
    > > box. My Win2000 DC applies GP fine. I have attempted your solution,
    but
    > > after restarting the Win2003 server, the secedit.sdb database does not
    get
    > > rebuilt, thought the log and chk files do. I know receive different
    events
    > > the in Applicaiton log, due the non existence of the secedit.sdb. I have
    > > found KB article 278316 which describes how to recreate it, but when I
    > > attempt to import any .inf template. I receive messages under two
    scenarios:
    > >
    > >
    > >
    > > I have been unsuccessful in recreating the secedit.sdb. I found KB
    > > articleCan you provide any insight?
    > >
    > > "Glenn L" wrote:
    > >
    > > > I have never seen "Error deleting SCP" and don't really know
    specifically
    > > > what SCP stands for.
    > > > I don't know of any increased logging short of attaching a debugger to
    > > > winlogon.exe to find out what scecli.dll is doing when it applies.
    > > > However, I suspect this can be fixed by simply blowing away the local
    > > > security database and have it recreated.
    > > >
    > > > The procedure is straight forward, however you need to prepare for it
    and
    > > > plan for a short outage in service.
    > > > This is just a member server right?
    > > > the database (local group policy) contains out of the box security
    settings.
    > > > If you have made any modifications to the local group policy under
    "computer
    > > > configuration\windows settings\security settings, you should inventory
    those
    > > > settings.
    > > > Once the settings are inventoried, do the following:
    > > >
    > > > browse to c:\windows\security\database & rename secedit.sdb
    > > > browse to c:\windows\security & rename edb.chk, edb.log, res1.log, &
    > > > res2.log
    > > > reboot the server. A new blank database, chkpoint, and logs will be
    > > > created.
    > > > All default out of the box security and local group policy settings
    are gone
    > > > at this point.
    > > > You need to reapply them to the server.
    > > > follow the procedure in http://support.microsoft.com/?kbid=313222
    > > > This works on W2K and W2K3 server as well.
    > > > Then reapply local security settings you inventoried previously.
    > > > At this point you should be able to execute a gpupdate /force and get
    a
    > > > *happy* scecli 1704 event.
    > > >
    > > > Cheers!
    > > >
    > > > --
    > > > Glenn L
    > > > CCNA, MCSE 2000/2003 + Security
    > > >
    > > > "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in message
    > > > news:d00jf6$3f1$1@news-02.connect.com.au...
    > > > > Thanks Glenn, I'd already set the ExtensionDebugLevel to 0x2.. is
    there
    > > > > anything else I can do?
    > > > >
    > > > > The App Log is filling up every couple of days with the SceCli error
    and
    > > > > nothing else! If there were any other errors, this might have been
    fixed
    > > > > by
    > > > > now. I'll include the entire Winlogon.log file below. None of it
    means
    > > > > anything to me (or to Microsoft apparently):
    > > > >
    > > > > *************************
    > > > > Error 0 to send control flag 1 over to server.
    > > > > GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
    > > > > GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
    > > > >
    > > > > [Mapping] gpt00000.dom = Default Domain Policy
    > > > > -------------------------------------------
    > > > > 03/01/2005 13:09:58
    > > > > Administrative privileged user logged on.
    > > > > Invoke Registry Value Delay Filter.
    > > > > Analyze machine\software\microsoft\windows
    > > > > nt\currentversion\setup\recoveryconsole\securitylevel.
    > > > > Analyze machine\software\microsoft\windows
    > > > > nt\currentversion\setup\recoveryconsole\setcommand.
    > > > > Analyze machine\software\microsoft\windows
    > > > > nt\currentversion\winlogon\allocatecdroms.
    > > > > Analyze machine\software\microsoft\windows
    > > > > nt\currentversion\winlogon\allocatedasd.
    > > > > Analyze machine\software\microsoft\windows
    > > > > nt\currentversion\winlogon\allocatefloppies.
    > > > > Analyze machine\software\microsoft\windows
    > > > > nt\currentversion\winlogon\cachedlogonscount.
    > > > > Analyze machine\software\microsoft\windows
    > > > > nt\currentversion\winlogon\passwordexpirywarning.
    > > > > Analyze machine\software\microsoft\windows
    > > > > nt\currentversion\winlogon\scremoveoption.
    > > > > Analyze
    > > > >
    machine\software\microsoft\windows\currentversion\policies\system\disablecad
    > > > > .
    > > > > Analyze
    > > > >
    machine\software\microsoft\windows\currentversion\policies\system\dontdispla
    > > > > ylastusername.
    > > > > Analyze
    > > > >
    machine\software\microsoft\windows\currentversion\policies\system\legalnotic
    > > > > ecaption.
    > > > > Analyze
    > > > >
    machine\software\microsoft\windows\currentversion\policies\system\legalnotic
    > > > > etext.
    > > > > Analyze
    > > > >
    machine\software\microsoft\windows\currentversion\policies\system\shutdownwi
    > > > > thoutlogon.
    > > > > Analyze
    machine\system\currentcontrolset\control\lsa\auditbaseobjects.
    > > > > Analyze
    machine\system\currentcontrolset\control\lsa\crashonauditfail.
    > > > > Analyze
    > > > > machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
    > > > > Analyze
    machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
    > > > > Analyze
    machine\system\currentcontrolset\control\lsa\restrictanonymous.
    > > > > Analyze
    machine\system\currentcontrolset\control\print\providers\lanman
    > > > > print services\servers\addprinterdrivers.
    > > > > Analyze machine\system\currentcontrolset\control\session
    manager\memory
    > > > > management\clearpagefileatshutdown.
    > > > > Analyze machine\system\currentcontrolset\control\session
    > > > > manager\protectionmode.
    > > > > Analyze
    > > > >
    machine\system\currentcontrolset\services\lanmanserver\parameters\autodiscon
    > > > > nect.
    > > > > Analyze
    > > > >
    machine\system\currentcontrolset\services\lanmanserver\parameters\enableforc
    > > > > edlogoff.
    > > > > Analyze
    > > > >
    machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecu
    > > > > ritysignature.
    > > > > Analyze
    > > > >
    machine\system\currentcontrolset\services\lanmanserver\parameters\requiresec
    > > > > uritysignature.
    > > > > Analyze
    > > > >
    machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
    > > > > eplaintextpassword.
    > > > > Analyze
    > > > >
    machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
    > > > > esecuritysignature.
    > > > > Analyze
    > > > >
    machine\system\currentcontrolset\services\lanmanworkstation\parameters\requi
    > > > > resecuritysignature.
    > > > > Analyze
    > > > >
    machine\system\currentcontrolset\services\netlogon\parameters\disablepasswor
    > > > > dchange.
    > > > > Analyze
    > > > >
    machine\system\currentcontrolset\services\netlogon\parameters\requiresignors
    > > > > eal.
    > > > > Analyze
    > > > >
    machine\system\currentcontrolset\services\netlogon\parameters\requirestrongk
    > > > > ey.
    > > > > Analyze
    > > > >
    machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechan
    > > > > nel.
    > > > > Analyze
    > > > >
    machine\system\currentcontrolset\services\netlogon\parameters\signsecurechan
    > > > > nel.
    > > > > Analyze MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl.
    > > > > Analyze MACHINE\Software\Microsoft\Non-Driver Signing\Policy.
    > > > > Analyze MACHINE\Software\Microsoft\Driver Signing\Policy.
    > > > > Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
    > > > > Error 1208: An extended error has occurred.
    > > > > Error deleting SCP.
    > > > > ----Configuration engine is initialized with error.----
    > > > >
    > > > > ----Un-initialize configuration engine...
    > > > >
    > > > > I am rather frustrated but I do appreciate your help.
    > > > >
    > > > > BTW, 'gpupdate' doesn't seem to work, but 'secedit' does and that's
    how I
    > > > > generated the above..
    > > > >
    > > > > Thanks again,
    > > > > Cameron:-)
    > > > >
    > > > > "Glenn L" <the.only(delete)@gmail dot com> wrote in message
    > > > > news:edpIuIfHFHA.2924@TK2MSFTNGP15.phx.gbl...
    > > > >> I suggest you turn up winlogon logging to possibly get more detail
    on
    > > > > this.
    > > > >>
    > > > >>
    > > > >> Registry Location -
    > > > >>
    HKLM\Software\Microsoft\WindowsNT\CurrentVersion\WinLogon\GPExtensions\
    > > > >> {827D319E-6EAC-11D2-A4EA-00C04F79F83A
    > > > >>
    > > > >> Registry Setting - Add the REG_DWORD value
    "ExtensionDebugLevel"
    > > > >> and set it to 0x2
    > > > >>
    > > > >> Then execute a gpupdate /force
    > > > >> verify you get the 1202 event
    > > > >>
    > > > >> Then review and post the winlogon.log to this thread.
    > > > >>
    > > > >>
    > > > >> --
    > > > >> Glenn L
    > > > >> CCNA, MCSE 2000/2003 + Security
    > > > >>
    > > > >> "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in
    message
    > > > >> news:cvgden$m3c$1@news-02.connect.com.au...
    > > > >> > Okay, maybe I should have been a bit more specific..
    > > > >> >
    > > > >> > The bottom part of my Winlogon.log shows:
    > > > >> >
    > > > >> > Parsing template
    C:\WINNT\security\templates\policies\gpt00000.dom.
    > > > >> > Error 1208: An extended error has occurred.
    > > > >> > Error deleting SCP.
    > > > >> > ----Configuration engine is initialized with error.----
    > > > >> >
    > > > >> > Does anyone know how I can fix this?
    > > > >> >
    > > > >> > Thanks,
    > > > >> > Cameron:-)
    > > > >> >
    > > > >> > "Jerold Schulman" <Jerry@jsiinc.com> wrote in message
    > > > >> > news:qadm115lb06ipqm8njknttbrtumo6pdspk@4ax.com...
    > > > >> >>
    > > > >> >> The folowing articels were returned from the KB with a boolean
    search
    > > > >> > (scecli and 1202 and (1208 or 0x4b8)):
    > > > >> >> http://support.microsoft.com?kbid=260715 "Event ID 1000 and 1202
    After
    > > > >> > Configuring Policies "
    > > > >> >> http://support.microsoft.com?kbid=278316 "ESENT event IDs 1000
    1202
    > > > >> >> 412
    > > > >> > and 454 are logged repeatedly in the Application log "
    > > > >> >> http://support.microsoft.com?kbid=285903 "At Startup Error 1332
    Occurs
    > > > >> > Message Reports Lack of Mapping Between Account Names and
    Security IDs
    > > > >> > Inability to Find Power Users "
    > > > >> >> http://support.microsoft.com?kbid=296854 "Restricted Groups Are
    > > > >> >> Limited
    > > > >> >> to
    > > > >> > Local Domain Members Only "
    > > > >> >> http://support.microsoft.com?kbid=324383 "Troubleshooting SCECLI
    1202
    > > > >> > Events "
    > > > >> >> http://support.microsoft.com?kbid=827012 "#34Windows Cannot Read
    > > > > Template
    > > > >> > Information#34 Error Message When You Try to View a Windows
    XP-based
    > > > >> > Template in a Windows 2000 Domain "
    > > > >> >> http://support.microsoft.com?kbid=835901 "A Restricted Groups
    policy
    > > > >> > setting may not remove security identifiers in Windows 2000
    Server "
    > > > >> >>
    > > > >> >>
    > > > >> >>
    > > > >> >> On Tue, 22 Feb 2005 15:12:30 +1100, "Cameron Dorrough"
    > > > >> > <cdorrough@nortonconsultants.com> wrote:
    > > > >> >>
    > > > >> >> >Since yesterday we are getting the following error on our main
    file
    > > > >> > server
    > > > >> >> >every 5 minutes. There are no other errors and, up until now,
    the
    > > > >> >> >box
    > > > >> >> >hasn't been touched for over a month and Group Policys haven't
    been
    > > > >> > touched.
    > > > >> >> >Our other DC's are reporting that "Security policy has been
    applied
    > > > >> >> >successfully".
    > > > >> >> >
    > > > >> >> >Event Type: Warning
    > > > >> >> >Event Source: SceCli
    > > > >> >> >Event Category: None
    > > > >> >> >Event ID: 1202
    > > > >> >> >Description:
    > > > >> >> >Security policies are propagated with warning. 0x4b8 : An
    extended
    > > > > error
    > > > >> > has
    > > > >> >> >occurred.
    > > > >> >> >
    > > > >> >> >I've read through the JSI and Microsoft articles I can find on
    this,
    > > > > but
    > > > >> > all
    > > > >> >> >seem to rely on associated error messages to find the fault.
    FWIW,
    > > > > the
    > > > >> >> >Winlogon.log file shows:
    > > > >> >> >
    > > > >> >> >Error 1208: An extended error has occurred.
    > > > >> >> > Error deleting SCP.
    > > > >> >> >
    > > > >> >> >Help! What is going on??
    > > > >> >> >
    > > > >> >> >Thanks,
    > > > >> >> >Cameron:-)
    > > > >> >> >
    > > > >> >> >
    > > > >> >>
    > > > >> >>
    > > > >> >> Jerold Schulman
    > > > >> >> Windows Server MVP
    > > > >> >> JSI, Inc.
    > > > >> >> http://www.jsiinc.com
    > > > >> >
    > > > >> >
    > > > >>
    > > > >>
    > > > >
    > > > >
    > > >
    > > >
    > > >
  12. Archived from groups: microsoft.public.win2000.advanced_server (More info?)

    Cameron,

    Thanks for responding.

    Yes, my process was:
    Boot to safe mode.
    Rename the files as Glenn stated, including secedit.sdb, then reboot to
    normal
    mode.
    In my case the secedit.sdb file does not get recreated. I even attempted to
    recreate it manually using either the Security Configuration and Analysis
    console (which I described in my previous message), or the command: "Secedit
    /configure /db secedit.sdb /cfg 'DC Security.inf' /overwrite /log dcsec.log"

    I even tried copying my secedit.sdb from my Win2000 machine. I get the same
    1202 event and either 0x428 or 0x4b8.

    BTW. I put my Win2003 original back in place. Until 3:35 this morning, I
    receive the 1202 error with a code of 0x428. After 3:35 AM it changes to
    0x4b8 (at this time I start receiving the 'error deleting scp' in
    Winlogon.log. I have pasted the log at this time period:
    ----------------------------------------------------------------------------------------------
    *** This generates a 0x428 - An exception error occurred in the service when
    handling the control request ***
    -------------------------------------------
    Friday, April 01, 2005 3:30:43 AM
    Administrative privileged user logged on.
    ----Configuration engine was initialized successfully.----

    ----Reading Configuration Template info...
    **************************

    Error 0 to send control flag 1 over to server.

    Make a local copy of
    \\tclafayette1.local\sysvol\tclafayette1.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
    GPLinkDomain GPO_INFO_FLAG_BACKGROUND )

    Make a local copy of
    \\tclafayette1.local\sysvol\tclafayette1.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
    GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )

    Process GP template gpt00000.dom.

    This is not the last GPO.
    -------------------------------------------
    Friday, April 01, 2005 3:35:52 AM
    Administrative privileged user logged on.
    Parsing template C:\WINDOWS\security\templates\policies\gpt00000.dom.
    Copy undo values to the merged policy.


    ----Un-initialize configuration engine...

    Process GP template gpt00001.inf.

    This is the last GPO : domain policy is ignored on DC.
    -------------------------------------------
    Friday, April 01, 2005 3:35:53 AM
    Administrative privileged user logged on.
    Parsing template C:\WINDOWS\security\templates\policies\gpt00001.inf.


    ----Un-initialize configuration engine...
    -------------------------------------------
    Friday, April 01, 2005 3:35:53 AM
    Administrative privileged user logged on.
    ----Configuration engine was initialized successfully.----

    ----Reading Configuration Template info...
    **************************
    *** At this point the error code changes to 0x4b8 - An extended error has
    occurred ***


    Error 0 to send control flag 1 over to server.

    Make a local copy of
    \\tclafayette1.local\sysvol\tclafayette1.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
    GPLinkDomain GPO_INFO_FLAG_BACKGROUND )

    Make a local copy of
    \\tclafayette1.local\sysvol\tclafayette1.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
    GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )

    Process GP template gpt00000.dom.

    This is not the last GPO.
    -------------------------------------------
    Friday, April 01, 2005 3:41:02 AM
    Administrative privileged user logged on.
    Parsing template C:\WINDOWS\security\templates\policies\gpt00000.dom.
    Error 1208: An extended error has occurred.
    Error deleting SCP.
    ----Configuration engine was initialized with one or more errors.----


    ----Un-initialize configuration engine...
    ----------------------------------------------------------------------------------------------
    If I try to view / edit my local security policy (secpol), I can access
    certain parts with no error. When I attempt to access \Computer
    Configuration\Windows Settings\Local Policies\User Rights Assignment or
    ...\Security Options, I recieve an error on secedit.sdb: An extended error has
    occurred.

    I believe its time to call MS, I can find no other info. There is a hotfix
    for this error - KB 320099. Cameron, I wonder, do you already have the
    patch, and maybe this is why you were able to resolve your issue?
    My scesrv.dll version is: 5.2.3790.0, the hotfix version is: 5.2.3790.132

    Thanks for listening :-)
    LThibx


    "Cameron Dorrough" wrote:

    > Hi. A quick question: Are you doing this in Safe Mode??
    >
    > My system has been fine ever since. Good luck :-)
    >
    > Cameron:-)
    >
    > "LThibx" <lthibx@discussions.microsoft.com> wrote in message
    > news:FE3AF5D9-50BC-41EF-BEC1-7874AADD91A3@microsoft.com...
    > > Please excuse my first post. My first message was inadvertantly posted
    > > before it was complete.
    > >
    > > Glenn,
    > >
    > > I have the same exact problem that Cameron Dorrough had reported. I am
    > > attempting to bring a new Win2003 DC online which will eventually replace
    > my
    > > Win2000 DC (2 separate machines). I receive the same error on my Win2003
    > > box. My Win2000 DC applies GP fine. I have attempted your solution, but
    > > after restarting the Win2003 server, the secedit.sdb database does not get
    > > rebuilt, thought the log and chk files do.
    > >
    > > I now receive different events the in Applicaiton log, due the non
    > existence
    > > of the secedit.sdb. I have found KB article 278316 which describes how to
    > > recreate it, but when I attempt to import any .inf template. I receive
    > > messages under two scenarios:
    > > Using secedit.sdb as the database name to create, I receive 'Access is
    > > denied.
    > > Import Failed. Make sure that you have rith right permissions to this
    > > object'.
    > >
    > > Using some other db name, such as test.sdb, I receive 'An extended
    > error
    > > has
    > > occured. Import Failed'
    > >
    > > I receive the messages above regardless of the .inf I choose. I am logged
    > > in as Admistrator.
    > > Can you provide any insight?
    > >
    > >
    > >
    > > "LThibx" wrote:
    > >
    > > > Glenn,
    > > >
    > > > I have the same exact problem that Cameron Dorrough had reported. I am
    > > > attempting to bring a new Win2003 DC online which will eventually
    > replace my
    > > > Win2000 DC (2 separate machines). I receive the same error on my
    > Win2003
    > > > box. My Win2000 DC applies GP fine. I have attempted your solution,
    > but
    > > > after restarting the Win2003 server, the secedit.sdb database does not
    > get
    > > > rebuilt, thought the log and chk files do. I know receive different
    > events
    > > > the in Applicaiton log, due the non existence of the secedit.sdb. I have
    > > > found KB article 278316 which describes how to recreate it, but when I
    > > > attempt to import any .inf template. I receive messages under two
    > scenarios:
    > > >
    > > >
    > > >
    > > > I have been unsuccessful in recreating the secedit.sdb. I found KB
    > > > articleCan you provide any insight?
    > > >
    > > > "Glenn L" wrote:
    > > >
    > > > > I have never seen "Error deleting SCP" and don't really know
    > specifically
    > > > > what SCP stands for.
    > > > > I don't know of any increased logging short of attaching a debugger to
    > > > > winlogon.exe to find out what scecli.dll is doing when it applies.
    > > > > However, I suspect this can be fixed by simply blowing away the local
    > > > > security database and have it recreated.
    > > > >
    > > > > The procedure is straight forward, however you need to prepare for it
    > and
    > > > > plan for a short outage in service.
    > > > > This is just a member server right?
    > > > > the database (local group policy) contains out of the box security
    > settings.
    > > > > If you have made any modifications to the local group policy under
    > "computer
    > > > > configuration\windows settings\security settings, you should inventory
    > those
    > > > > settings.
    > > > > Once the settings are inventoried, do the following:
    > > > >
    > > > > browse to c:\windows\security\database & rename secedit.sdb
    > > > > browse to c:\windows\security & rename edb.chk, edb.log, res1.log, &
    > > > > res2.log
    > > > > reboot the server. A new blank database, chkpoint, and logs will be
    > > > > created.
    > > > > All default out of the box security and local group policy settings
    > are gone
    > > > > at this point.
    > > > > You need to reapply them to the server.
    > > > > follow the procedure in http://support.microsoft.com/?kbid=313222
    > > > > This works on W2K and W2K3 server as well.
    > > > > Then reapply local security settings you inventoried previously.
    > > > > At this point you should be able to execute a gpupdate /force and get
    > a
    > > > > *happy* scecli 1704 event.
    > > > >
    > > > > Cheers!
    > > > >
    > > > > --
    > > > > Glenn L
    > > > > CCNA, MCSE 2000/2003 + Security
    > > > >
    > > > > "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in message
    > > > > news:d00jf6$3f1$1@news-02.connect.com.au...
    > > > > > Thanks Glenn, I'd already set the ExtensionDebugLevel to 0x2.. is
    > there
    > > > > > anything else I can do?
    > > > > >
    > > > > > The App Log is filling up every couple of days with the SceCli error
    > and
    > > > > > nothing else! If there were any other errors, this might have been
    > fixed
    > > > > > by
    > > > > > now. I'll include the entire Winlogon.log file below. None of it
    > means
    > > > > > anything to me (or to Microsoft apparently):
    > > > > >
    > > > > > *************************
    > > > > > Error 0 to send control flag 1 over to server.
    > > > > > GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
    > > > > > GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
    > > > > >
    > > > > > [Mapping] gpt00000.dom = Default Domain Policy
    > > > > > -------------------------------------------
    > > > > > 03/01/2005 13:09:58
    > > > > > Administrative privileged user logged on.
    > > > > > Invoke Registry Value Delay Filter.
    > > > > > Analyze machine\software\microsoft\windows
    > > > > > nt\currentversion\setup\recoveryconsole\securitylevel.
    > > > > > Analyze machine\software\microsoft\windows
    > > > > > nt\currentversion\setup\recoveryconsole\setcommand.
    > > > > > Analyze machine\software\microsoft\windows
    > > > > > nt\currentversion\winlogon\allocatecdroms.
    > > > > > Analyze machine\software\microsoft\windows
    > > > > > nt\currentversion\winlogon\allocatedasd.
    > > > > > Analyze machine\software\microsoft\windows
    > > > > > nt\currentversion\winlogon\allocatefloppies.
    > > > > > Analyze machine\software\microsoft\windows
    > > > > > nt\currentversion\winlogon\cachedlogonscount.
    > > > > > Analyze machine\software\microsoft\windows
    > > > > > nt\currentversion\winlogon\passwordexpirywarning.
    > > > > > Analyze machine\software\microsoft\windows
    > > > > > nt\currentversion\winlogon\scremoveoption.
    > > > > > Analyze
    > > > > >
    > machine\software\microsoft\windows\currentversion\policies\system\disablecad
    > > > > > .
    > > > > > Analyze
    > > > > >
    > machine\software\microsoft\windows\currentversion\policies\system\dontdispla
    > > > > > ylastusername.
    > > > > > Analyze
    > > > > >
    > machine\software\microsoft\windows\currentversion\policies\system\legalnotic
    > > > > > ecaption.
    > > > > > Analyze
    > > > > >
    > machine\software\microsoft\windows\currentversion\policies\system\legalnotic
    > > > > > etext.
    > > > > > Analyze
    > > > > >
    > machine\software\microsoft\windows\currentversion\policies\system\shutdownwi
    > > > > > thoutlogon.
    > > > > > Analyze
    > machine\system\currentcontrolset\control\lsa\auditbaseobjects.
    > > > > > Analyze
    > machine\system\currentcontrolset\control\lsa\crashonauditfail.
    > > > > > Analyze
    > > > > > machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
    > > > > > Analyze
    > machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
    > > > > > Analyze
    > machine\system\currentcontrolset\control\lsa\restrictanonymous.
    > > > > > Analyze
    > machine\system\currentcontrolset\control\print\providers\lanman
    > > > > > print services\servers\addprinterdrivers.
    > > > > > Analyze machine\system\currentcontrolset\control\session
    > manager\memory
    > > > > > management\clearpagefileatshutdown.
    > > > > > Analyze machine\system\currentcontrolset\control\session
    > > > > > manager\protectionmode.
    > > > > > Analyze
    > > > > >
    > machine\system\currentcontrolset\services\lanmanserver\parameters\autodiscon
    > > > > > nect.
    > > > > > Analyze
    > > > > >
    > machine\system\currentcontrolset\services\lanmanserver\parameters\enableforc
    > > > > > edlogoff.
    > > > > > Analyze
    > > > > >
    > machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecu
    > > > > > ritysignature.
    > > > > > Analyze
    > > > > >
    > machine\system\currentcontrolset\services\lanmanserver\parameters\requiresec
    > > > > > uritysignature.
    > > > > > Analyze
    > > > > >
    > machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
    > > > > > eplaintextpassword.
    > > > > > Analyze
    > > > > >
    > machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
    > > > > > esecuritysignature.
    > > > > > Analyze
    > > > > >
    > machine\system\currentcontrolset\services\lanmanworkstation\parameters\requi
    > > > > > resecuritysignature.
    > > > > > Analyze
    > > > > >
    > machine\system\currentcontrolset\services\netlogon\parameters\disablepasswor
    > > > > > dchange.
    > > > > > Analyze
    > > > > >
    > machine\system\currentcontrolset\services\netlogon\parameters\requiresignors
    > > > > > eal.
    > > > > > Analyze
    > > > > >
    > machine\system\currentcontrolset\services\netlogon\parameters\requirestrongk
    > > > > > ey.
    > > > > > Analyze
    > > > > >
    > machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechan
    > > > > > nel.
    > > > > > Analyze
    > > > > >
    > machine\system\currentcontrolset\services\netlogon\parameters\signsecurechan
    > > > > > nel.
    > > > > > Analyze MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl.
    > > > > > Analyze MACHINE\Software\Microsoft\Non-Driver Signing\Policy.
    > > > > > Analyze MACHINE\Software\Microsoft\Driver Signing\Policy.
    > > > > > Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
    > > > > > Error 1208: An extended error has occurred.
    > > > > > Error deleting SCP.
    > > > > > ----Configuration engine is initialized with error.----
    > > > > >
    > > > > > ----Un-initialize configuration engine...
    > > > > >
    > > > > > I am rather frustrated but I do appreciate your help.
    > > > > >
    > > > > > BTW, 'gpupdate' doesn't seem to work, but 'secedit' does and that's
    > how I
    > > > > > generated the above..
    > > > > >
    > > > > > Thanks again,
    > > > > > Cameron:-)
    > > > > >
    > > > > > "Glenn L" <the.only(delete)@gmail dot com> wrote in message
    > > > > > news:edpIuIfHFHA.2924@TK2MSFTNGP15.phx.gbl...
    > > > > >> I suggest you turn up winlogon logging to possibly get more detail
    > on
    > > > > > this.
    > > > > >>
    > > > > >>
    > > > > >> Registry Location -
    > > > > >>
    > HKLM\Software\Microsoft\WindowsNT\CurrentVersion\WinLogon\GPExtensions\
    > > > > >> {827D319E-6EAC-11D2-A4EA-00C04F79F83A
    > > > > >>
    > > > > >> Registry Setting - Add the REG_DWORD value
    > "ExtensionDebugLevel"
    > > > > >> and set it to 0x2
    > > > > >>
    > > > > >> Then execute a gpupdate /force
    > > > > >> verify you get the 1202 event
    > > > > >>
    > > > > >> Then review and post the winlogon.log to this thread.
    > > > > >>
    > > > > >>
    > > > > >> --
    > > > > >> Glenn L
    > > > > >> CCNA, MCSE 2000/2003 + Security
    > > > > >>
    > > > > >> "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in
    > message
    > > > > >> news:cvgden$m3c$1@news-02.connect.com.au...
    > > > > >> > Okay, maybe I should have been a bit more specific..
    > > > > >> >
    > > > > >> > The bottom part of my Winlogon.log shows:
    > > > > >> >
    > > > > >> > Parsing template
    > C:\WINNT\security\templates\policies\gpt00000.dom.
    > > > > >> > Error 1208: An extended error has occurred.
    > > > > >> > Error deleting SCP.
    > > > > >> > ----Configuration engine is initialized with error.----
    > > > > >> >
    > > > > >> > Does anyone know how I can fix this?
    > > > > >> >
    > > > > >> > Thanks,
    > > > > >> > Cameron:-)
    > > > > >> >
    > > > > >> > "Jerold Schulman" <Jerry@jsiinc.com> wrote in message
    > > > > >> > news:qadm115lb06ipqm8njknttbrtumo6pdspk@4ax.com...
    > > > > >> >>
    > > > > >> >> The folowing articels were returned from the KB with a boolean
    > search
    > > > > >> > (scecli and 1202 and (1208 or 0x4b8)):
    > > > > >> >> http://support.microsoft.com?kbid=260715 "Event ID 1000 and 1202
    > After
    > > > > >> > Configuring Policies "
    > > > > >> >> http://support.microsoft.com?kbid=278316 "ESENT event IDs 1000
    > 1202
    > > > > >> >> 412
    > > > > >> > and 454 are logged repeatedly in the Application log "
    > > > > >> >> http://support.microsoft.com?kbid=285903 "At Startup Error 1332
    > Occurs
    > > > > >> > Message Reports Lack of Mapping Between Account Names and
    > Security IDs
    > > > > >> > Inability to Find Power Users "
    > > > > >> >> http://support.microsoft.com?kbid=296854 "Restricted Groups Are
    > > > > >> >> Limited
    > > > > >> >> to
    > > > > >> > Local Domain Members Only "
    > > > > >> >> http://support.microsoft.com?kbid=324383 "Troubleshooting SCECLI
    > 1202
    > > > > >> > Events "
    > > > > >> >> http://support.microsoft.com?kbid=827012 "#34Windows Cannot Read
    > > > > > Template
    > > > > >> > Information#34 Error Message When You Try to View a Windows
    > XP-based
    > > > > >> > Template in a Windows 2000 Domain "
    > > > > >> >> http://support.microsoft.com?kbid=835901 "A Restricted Groups
    > policy
    > > > > >> > setting may not remove security identifiers in Windows 2000
    > Server "
    > > > > >> >>
    > > > > >> >>
    > > > > >> >>
    > > > > >> >> On Tue, 22 Feb 2005 15:12:30 +1100, "Cameron Dorrough"
    > > > > >> > <cdorrough@nortonconsultants.com> wrote:
    > > > > >> >>
    > > > > >> >> >Since yesterday we are getting the following error on our main
    > file
    > > > > >> > server
    > > > > >> >> >every 5 minutes. There are no other errors and, up until now,
    > the
    > > > > >> >> >box
    > > > > >> >> >hasn't been touched for over a month and Group Policys haven't
    > been
    > > > > >> > touched.
    > > > > >> >> >Our other DC's are reporting that "Security policy has been
    > applied
    > > > > >> >> >successfully".
    > > > > >> >> >
    > > > > >> >> >Event Type: Warning
    > > > > >> >> >Event Source: SceCli
    > > > > >> >> >Event Category: None
    > > > > >> >> >Event ID: 1202
    > > > > >> >> >Description:
    > > > > >> >> >Security policies are propagated with warning. 0x4b8 : An
    > extended
    > > > > > error
    > > > > >> > has
    > > > > >> >> >occurred.
    > > > > >> >> >
    > > > > >> >> >I've read through the JSI and Microsoft articles I can find on
    > this,
    > > > > > but
    > > > > >> > all
    > > > > >> >> >seem to rely on associated error messages to find the fault.
    > FWIW,
    > > > > > the
    > > > > >> >> >Winlogon.log file shows:
    > > > > >> >> >
    > > > > >> >> >Error 1208: An extended error has occurred.
    > > > > >> >> > Error deleting SCP.
    > > > > >> >> >
    > > > > >> >> >Help! What is going on??
    > > > > >> >> >
    > > > > >> >> >Thanks,
    > > > > >> >> >Cameron:-)
    > > > > >> >> >
    > > > > >> >> >
    > > > > >> >>
    > > > > >> >>
    > > > > >> >> Jerold Schulman
    > > > > >> >> Windows Server MVP
    > > > > >> >> JSI, Inc.
    > > > > >> >> http://www.jsiinc.com
    > > > > >> >
    > > > > >> >
    > > > > >>
    > > > > >>
    > > > > >
    > > > > >
    > > > >
    > > > >
    > > > >
    >
    >
    >
  13. Archived from groups: microsoft.public.win2000.advanced_server (More info?)

    "LThibx" <lthibx@discussions.microsoft.com> wrote in message
    news:3DCFC37B-9C42-4E07-B516-1D51BA6C20C7@microsoft.com...
    >
    > [snip]
    >
    > I believe its time to call MS, I can find no other info. There is a
    hotfix
    > for this error - KB 320099. Cameron, I wonder, do you already have the
    > patch, and maybe this is why you were able to resolve your issue?
    > My scesrv.dll version is: 5.2.3790.0, the hotfix version is: 5.2.3790.132

    I'm using ordinary Win2k Server with SP4 - no other fixes applied - and I
    still have no idea why the problem happened in the first place...

    IMHO, you've done pretty much all you can. If no-one else in this group can
    help, then yep, it is probably time to make the call.

    > Thanks for listening :-)
    > LThibx

    Glad to help.
    Cameron:-)
  14. Archived from groups: microsoft.public.win2000.advanced_server (More info?)

    You should post a fresh post in the group policy discussion groups on this.
    Also, you are not likely to get too many eyes on a post that is over a month
    old.

    You can recreate the secedit.sdb database manually.
    Here is the procedure. However, I think your box has bigger problems when
    it cannot recreate it on its own. I don't have any ideas on that one.

    open up the security configuration and analysis MMC snapin.
    right click 'security configuration and analysis' and choose open database.
    browse to c:\windows\security\database.
    put secedit in the file name field and click open.
    Then choose secsetup.inf from the windows\repair directory
    You now have a new secedit.sdb populated with the settings in secsetup.inf
    Close the security configuration and analysis snapin.
    Reboot the computer.
    Your 1202s should be gone.


    --
    Glenn L
    CCNA, MCSE 2000/2003 + Security

    "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in message
    news:d2puim$8vp$1@news-01.bur.connect.com.au...
    > "LThibx" <lthibx@discussions.microsoft.com> wrote in message
    > news:3DCFC37B-9C42-4E07-B516-1D51BA6C20C7@microsoft.com...
    >>
    >> [snip]
    >>
    >> I believe its time to call MS, I can find no other info. There is a
    > hotfix
    >> for this error - KB 320099. Cameron, I wonder, do you already have the
    >> patch, and maybe this is why you were able to resolve your issue?
    >> My scesrv.dll version is: 5.2.3790.0, the hotfix version is: 5.2.3790.132
    >
    > I'm using ordinary Win2k Server with SP4 - no other fixes applied - and I
    > still have no idea why the problem happened in the first place...
    >
    > IMHO, you've done pretty much all you can. If no-one else in this group
    > can
    > help, then yep, it is probably time to make the call.
    >
    >> Thanks for listening :-)
    >> LThibx
    >
    > Glad to help.
    > Cameron:-)
    >
    >
    >
  15. Archived from groups: microsoft.public.win2000.advanced_server (More info?)

    Glenn,

    I just wanted to provide an update on my scenario. Since I posted my last
    message, I had decided to start fresh. I completely scratched the machine
    and reinstalled. (Actually, I did this twice). My procedure was:
    1. Scratch and clean installation of Win2k3 Server.
    2. Just for kicks, I ran secpol.msc and reviewed each section. I was able
    to access all sections.
    3. Did a DCPromo as a second DC in domain. Replicates fine. Soon I
    begin to receive the 1202 errors with a code of 0x428.
    4. I run secpol.msc and receive the errors I posted earler when
    attempting to access the User Rights Assignments, and Security Options nodes.
    BTW, at this point, if I attempt to create a new database (of any name) as
    you described, I receive 'An extended error has occured, Import failed'.
    5. Leaving this machine running, during the early morning, the code
    changes from 0x428 to 0x4b8 - Error deleting SCP.
    6. I applied W2k3 SP1, with hopes that this problem will go away.
    Installed and applied fine. But I still receive the 1202 errors.
    7. Also, my primary DC Win 2000 Server, does not have any such problems
    and there is not problems accessing any nodes under local policy.

    I agree that there is some other reason this is happening. In the past my
    W2k DC had some issues and crashed a few times, and I had to recover AD. But
    all seems well on that box.

    I am now waiting to contact an OS support person from Dell.
    Once this is resolved I will post the solution.

    Thanks
    LThibx


    "Glenn L" wrote:

    > You should post a fresh post in the group policy discussion groups on this.
    > Also, you are not likely to get too many eyes on a post that is over a month
    > old.
    >
    > You can recreate the secedit.sdb database manually.
    > Here is the procedure. However, I think your box has bigger problems when
    > it cannot recreate it on its own. I don't have any ideas on that one.
    >
    > open up the security configuration and analysis MMC snapin.
    > right click 'security configuration and analysis' and choose open database.
    > browse to c:\windows\security\database.
    > put secedit in the file name field and click open.
    > Then choose secsetup.inf from the windows\repair directory
    > You now have a new secedit.sdb populated with the settings in secsetup.inf
    > Close the security configuration and analysis snapin.
    > Reboot the computer.
    > Your 1202s should be gone.
    >
    >
    >
    >
    > --
    > Glenn L
    > CCNA, MCSE 2000/2003 + Security
    >
    > "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in message
    > news:d2puim$8vp$1@news-01.bur.connect.com.au...
    > > "LThibx" <lthibx@discussions.microsoft.com> wrote in message
    > > news:3DCFC37B-9C42-4E07-B516-1D51BA6C20C7@microsoft.com...
    > >>
    > >> [snip]
    > >>
    > >> I believe its time to call MS, I can find no other info. There is a
    > > hotfix
    > >> for this error - KB 320099. Cameron, I wonder, do you already have the
    > >> patch, and maybe this is why you were able to resolve your issue?
    > >> My scesrv.dll version is: 5.2.3790.0, the hotfix version is: 5.2.3790.132
    > >
    > > I'm using ordinary Win2k Server with SP4 - no other fixes applied - and I
    > > still have no idea why the problem happened in the first place...
    > >
    > > IMHO, you've done pretty much all you can. If no-one else in this group
    > > can
    > > help, then yep, it is probably time to make the call.
    > >
    > >> Thanks for listening :-)
    > >> LThibx
    > >
    > > Glad to help.
    > > Cameron:-)
    > >
    > >
    > >
    >
    >
    >
Ask a new question

Read More

Security Microsoft Windows