Sign in with
Sign up | Sign in
Your question

SceCli Error 1202 filling up the Event Log!

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
February 22, 2005 6:12:30 PM

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

Since yesterday we are getting the following error on our main file server
every 5 minutes. There are no other errors and, up until now, the box
hasn't been touched for over a month and Group Policys haven't been touched.
Our other DC's are reporting that "Security policy has been applied
successfully".

Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Description:
Security policies are propagated with warning. 0x4b8 : An extended error has
occurred.

I've read through the JSI and Microsoft articles I can find on this, but all
seem to rely on associated error messages to find the fault. FWIW, the
Winlogon.log file shows:

Error 1208: An extended error has occurred.
Error deleting SCP.

Help! What is going on??

Thanks,
Cameron:-)
Anonymous
a b 8 Security
February 22, 2005 6:12:31 PM

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

The folowing articels were returned from the KB with a boolean search (scecli and 1202 and (1208 or 0x4b8)):
http://support.microsoft.com?kbid=260715 "Event ID 1000 and 1202 After Configuring Policies "
http://support.microsoft.com?kbid=278316 "ESENT event IDs 1000 1202 412 and 454 are logged repeatedly in the Application log "
http://support.microsoft.com?kbid=285903 "At Startup Error 1332 Occurs Message Reports Lack of Mapping Between Account Names and Security IDs Inability to Find Power Users "
http://support.microsoft.com?kbid=296854 "Restricted Groups Are Limited to Local Domain Members Only "
http://support.microsoft.com?kbid=324383 "Troubleshooting SCECLI 1202 Events "
http://support.microsoft.com?kbid=827012 "#34Windows Cannot Read Template Information#34 Error Message When You Try to View a Windows XP-based Template in a Windows 2000 Domain "
http://support.microsoft.com?kbid=835901 "A Restricted Groups policy setting may not remove security identifiers in Windows 2000 Server "



On Tue, 22 Feb 2005 15:12:30 +1100, "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote:

>Since yesterday we are getting the following error on our main file server
>every 5 minutes. There are no other errors and, up until now, the box
>hasn't been touched for over a month and Group Policys haven't been touched.
>Our other DC's are reporting that "Security policy has been applied
>successfully".
>
>Event Type: Warning
>Event Source: SceCli
>Event Category: None
>Event ID: 1202
>Description:
>Security policies are propagated with warning. 0x4b8 : An extended error has
>occurred.
>
>I've read through the JSI and Microsoft articles I can find on this, but all
>seem to rely on associated error messages to find the fault. FWIW, the
>Winlogon.log file shows:
>
>Error 1208: An extended error has occurred.
> Error deleting SCP.
>
>Help! What is going on??
>
>Thanks,
>Cameron:-)
>
>


Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
Anonymous
a b 8 Security
February 23, 2005 12:49:42 PM

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

Thanks Jerold, but perhaps you missed the following part of my post:

>I've read through the JSI and Microsoft articles I can find on this,
> but all seem to rely on ***associated error messages to find the fault***.
(emphasis added)

I've looked through most if not all of those articles but can find nothing
that refers to the "0x4b8 error every five minutes" on it's own.

Could you please point me in the right direction (ie. not around in
circles)?? :-)

Thanks,
Cameron:-)

"Jerold Schulman" <Jerry@jsiinc.com> wrote in message
news:qadm115lb06ipqm8njknttbrtumo6pdspk@4ax.com...
>
> The folowing articels were returned from the KB with a boolean search
(scecli and 1202 and (1208 or 0x4b8)):
> http://support.microsoft.com?kbid=260715 "Event ID 1000 and 1202 After
Configuring Policies "
> http://support.microsoft.com?kbid=278316 "ESENT event IDs 1000 1202 412
and 454 are logged repeatedly in the Application log "
> http://support.microsoft.com?kbid=285903 "At Startup Error 1332 Occurs
Message Reports Lack of Mapping Between Account Names and Security IDs
Inability to Find Power Users "
> http://support.microsoft.com?kbid=296854 "Restricted Groups Are Limited to
Local Domain Members Only "
> http://support.microsoft.com?kbid=324383 "Troubleshooting SCECLI 1202
Events "
> http://support.microsoft.com?kbid=827012 "#34Windows Cannot Read Template
Information#34 Error Message When You Try to View a Windows XP-based
Template in a Windows 2000 Domain "
> http://support.microsoft.com?kbid=835901 "A Restricted Groups policy
setting may not remove security identifiers in Windows 2000 Server "
>
>
>
> On Tue, 22 Feb 2005 15:12:30 +1100, "Cameron Dorrough"
<cdorrough@nortonconsultants.com> wrote:
>
> >Since yesterday we are getting the following error on our main file
server
> >every 5 minutes. There are no other errors and, up until now, the box
> >hasn't been touched for over a month and Group Policys haven't been
touched.
> >Our other DC's are reporting that "Security policy has been applied
> >successfully".
> >
> >Event Type: Warning
> >Event Source: SceCli
> >Event Category: None
> >Event ID: 1202
> >Description:
> >Security policies are propagated with warning. 0x4b8 : An extended error
has
> >occurred.
> >
> >I've read through the JSI and Microsoft articles I can find on this, but
all
> >seem to rely on associated error messages to find the fault. FWIW, the
> >Winlogon.log file shows:
> >
> >Error 1208: An extended error has occurred.
> > Error deleting SCP.
> >
> >Help! What is going on??
> >
> >Thanks,
> >Cameron:-)
> >
> >
>
>
> Jerold Schulman
> Windows Server MVP
> JSI, Inc.
> http://www.jsiinc.com
Related resources
Anonymous
a b 8 Security
February 23, 2005 1:01:08 PM

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

Okay, maybe I should have been a bit more specific..

The bottom part of my Winlogon.log shows:

Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
Error 1208: An extended error has occurred.
Error deleting SCP.
----Configuration engine is initialized with error.----

Does anyone know how I can fix this?

Thanks,
Cameron:-)

"Jerold Schulman" <Jerry@jsiinc.com> wrote in message
news:qadm115lb06ipqm8njknttbrtumo6pdspk@4ax.com...
>
> The folowing articels were returned from the KB with a boolean search
(scecli and 1202 and (1208 or 0x4b8)):
> http://support.microsoft.com?kbid=260715 "Event ID 1000 and 1202 After
Configuring Policies "
> http://support.microsoft.com?kbid=278316 "ESENT event IDs 1000 1202 412
and 454 are logged repeatedly in the Application log "
> http://support.microsoft.com?kbid=285903 "At Startup Error 1332 Occurs
Message Reports Lack of Mapping Between Account Names and Security IDs
Inability to Find Power Users "
> http://support.microsoft.com?kbid=296854 "Restricted Groups Are Limited to
Local Domain Members Only "
> http://support.microsoft.com?kbid=324383 "Troubleshooting SCECLI 1202
Events "
> http://support.microsoft.com?kbid=827012 "#34Windows Cannot Read Template
Information#34 Error Message When You Try to View a Windows XP-based
Template in a Windows 2000 Domain "
> http://support.microsoft.com?kbid=835901 "A Restricted Groups policy
setting may not remove security identifiers in Windows 2000 Server "
>
>
>
> On Tue, 22 Feb 2005 15:12:30 +1100, "Cameron Dorrough"
<cdorrough@nortonconsultants.com> wrote:
>
> >Since yesterday we are getting the following error on our main file
server
> >every 5 minutes. There are no other errors and, up until now, the box
> >hasn't been touched for over a month and Group Policys haven't been
touched.
> >Our other DC's are reporting that "Security policy has been applied
> >successfully".
> >
> >Event Type: Warning
> >Event Source: SceCli
> >Event Category: None
> >Event ID: 1202
> >Description:
> >Security policies are propagated with warning. 0x4b8 : An extended error
has
> >occurred.
> >
> >I've read through the JSI and Microsoft articles I can find on this, but
all
> >seem to rely on associated error messages to find the fault. FWIW, the
> >Winlogon.log file shows:
> >
> >Error 1208: An extended error has occurred.
> > Error deleting SCP.
> >
> >Help! What is going on??
> >
> >Thanks,
> >Cameron:-)
> >
> >
>
>
> Jerold Schulman
> Windows Server MVP
> JSI, Inc.
> http://www.jsiinc.com
Anonymous
a b 8 Security
February 28, 2005 7:04:02 PM

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

I suggest you turn up winlogon logging to possibly get more detail on this.


Registry Location -
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\WinLogon\GPExtensions\
{827D319E-6EAC-11D2-A4EA-00C04F79F83A

Registry Setting - Add the REG_DWORD value "ExtensionDebugLevel"
and set it to 0x2

Then execute a gpupdate /force
verify you get the 1202 event

Then review and post the winlogon.log to this thread.


--
Glenn L
CCNA, MCSE 2000/2003 + Security

"Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in message
news:cvgden$m3c$1@news-02.connect.com.au...
> Okay, maybe I should have been a bit more specific..
>
> The bottom part of my Winlogon.log shows:
>
> Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
> Error 1208: An extended error has occurred.
> Error deleting SCP.
> ----Configuration engine is initialized with error.----
>
> Does anyone know how I can fix this?
>
> Thanks,
> Cameron:-)
>
> "Jerold Schulman" <Jerry@jsiinc.com> wrote in message
> news:qadm115lb06ipqm8njknttbrtumo6pdspk@4ax.com...
>>
>> The folowing articels were returned from the KB with a boolean search
> (scecli and 1202 and (1208 or 0x4b8)):
>> http://support.microsoft.com?kbid=260715 "Event ID 1000 and 1202 After
> Configuring Policies "
>> http://support.microsoft.com?kbid=278316 "ESENT event IDs 1000 1202 412
> and 454 are logged repeatedly in the Application log "
>> http://support.microsoft.com?kbid=285903 "At Startup Error 1332 Occurs
> Message Reports Lack of Mapping Between Account Names and Security IDs
> Inability to Find Power Users "
>> http://support.microsoft.com?kbid=296854 "Restricted Groups Are Limited
>> to
> Local Domain Members Only "
>> http://support.microsoft.com?kbid=324383 "Troubleshooting SCECLI 1202
> Events "
>> http://support.microsoft.com?kbid=827012 "#34Windows Cannot Read Template
> Information#34 Error Message When You Try to View a Windows XP-based
> Template in a Windows 2000 Domain "
>> http://support.microsoft.com?kbid=835901 "A Restricted Groups policy
> setting may not remove security identifiers in Windows 2000 Server "
>>
>>
>>
>> On Tue, 22 Feb 2005 15:12:30 +1100, "Cameron Dorrough"
> <cdorrough@nortonconsultants.com> wrote:
>>
>> >Since yesterday we are getting the following error on our main file
> server
>> >every 5 minutes. There are no other errors and, up until now, the box
>> >hasn't been touched for over a month and Group Policys haven't been
> touched.
>> >Our other DC's are reporting that "Security policy has been applied
>> >successfully".
>> >
>> >Event Type: Warning
>> >Event Source: SceCli
>> >Event Category: None
>> >Event ID: 1202
>> >Description:
>> >Security policies are propagated with warning. 0x4b8 : An extended error
> has
>> >occurred.
>> >
>> >I've read through the JSI and Microsoft articles I can find on this, but
> all
>> >seem to rely on associated error messages to find the fault. FWIW, the
>> >Winlogon.log file shows:
>> >
>> >Error 1208: An extended error has occurred.
>> > Error deleting SCP.
>> >
>> >Help! What is going on??
>> >
>> >Thanks,
>> >Cameron:-)
>> >
>> >
>>
>>
>> Jerold Schulman
>> Windows Server MVP
>> JSI, Inc.
>> http://www.jsiinc.com
>
>
Anonymous
a b 8 Security
March 1, 2005 4:22:04 PM

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

Thanks Glenn, I'd already set the ExtensionDebugLevel to 0x2.. is there
anything else I can do?

The App Log is filling up every couple of days with the SceCli error and
nothing else! If there were any other errors, this might have been fixed by
now. I'll include the entire Winlogon.log file below. None of it means
anything to me (or to Microsoft apparently):

*************************
Error 0 to send control flag 1 over to server.
GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )

[Mapping] gpt00000.dom = Default Domain Policy
-------------------------------------------
03/01/2005 13:09:58
Administrative privileged user logged on.
Invoke Registry Value Delay Filter.
Analyze machine\software\microsoft\windows
nt\currentversion\setup\recoveryconsole\securitylevel.
Analyze machine\software\microsoft\windows
nt\currentversion\setup\recoveryconsole\setcommand.
Analyze machine\software\microsoft\windows
nt\currentversion\winlogon\allocatecdroms.
Analyze machine\software\microsoft\windows
nt\currentversion\winlogon\allocatedasd.
Analyze machine\software\microsoft\windows
nt\currentversion\winlogon\allocatefloppies.
Analyze machine\software\microsoft\windows
nt\currentversion\winlogon\cachedlogonscount.
Analyze machine\software\microsoft\windows
nt\currentversion\winlogon\passwordexpirywarning.
Analyze machine\software\microsoft\windows
nt\currentversion\winlogon\scremoveoption.
Analyze
machine\software\microsoft\windows\currentversion\policies\system\disablecad
..
Analyze
machine\software\microsoft\windows\currentversion\policies\system\dontdispla
ylastusername.
Analyze
machine\software\microsoft\windows\currentversion\policies\system\legalnotic
ecaption.
Analyze
machine\software\microsoft\windows\currentversion\policies\system\legalnotic
etext.
Analyze
machine\software\microsoft\windows\currentversion\policies\system\shutdownwi
thoutlogon.
Analyze machine\system\currentcontrolset\control\lsa\auditbaseobjects.
Analyze machine\system\currentcontrolset\control\lsa\crashonauditfail.
Analyze machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
Analyze machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
Analyze machine\system\currentcontrolset\control\lsa\restrictanonymous.
Analyze machine\system\currentcontrolset\control\print\providers\lanman
print services\servers\addprinterdrivers.
Analyze machine\system\currentcontrolset\control\session manager\memory
management\clearpagefileatshutdown.
Analyze machine\system\currentcontrolset\control\session
manager\protectionmode.
Analyze
machine\system\currentcontrolset\services\lanmanserver\parameters\autodiscon
nect.
Analyze
machine\system\currentcontrolset\services\lanmanserver\parameters\enableforc
edlogoff.
Analyze
machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecu
ritysignature.
Analyze
machine\system\currentcontrolset\services\lanmanserver\parameters\requiresec
uritysignature.
Analyze
machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
eplaintextpassword.
Analyze
machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
esecuritysignature.
Analyze
machine\system\currentcontrolset\services\lanmanworkstation\parameters\requi
resecuritysignature.
Analyze
machine\system\currentcontrolset\services\netlogon\parameters\disablepasswor
dchange.
Analyze
machine\system\currentcontrolset\services\netlogon\parameters\requiresignors
eal.
Analyze
machine\system\currentcontrolset\services\netlogon\parameters\requirestrongk
ey.
Analyze
machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechan
nel.
Analyze
machine\system\currentcontrolset\services\netlogon\parameters\signsecurechan
nel.
Analyze MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl.
Analyze MACHINE\Software\Microsoft\Non-Driver Signing\Policy.
Analyze MACHINE\Software\Microsoft\Driver Signing\Policy.
Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
Error 1208: An extended error has occurred.
Error deleting SCP.
----Configuration engine is initialized with error.----

----Un-initialize configuration engine...

I am rather frustrated but I do appreciate your help.

BTW, 'gpupdate' doesn't seem to work, but 'secedit' does and that's how I
generated the above..

Thanks again,
Cameron:-)

"Glenn L" <the.only(delete)@gmail dot com> wrote in message
news:edpIuIfHFHA.2924@TK2MSFTNGP15.phx.gbl...
> I suggest you turn up winlogon logging to possibly get more detail on
this.
>
>
> Registry Location -
> HKLM\Software\Microsoft\WindowsNT\CurrentVersion\WinLogon\GPExtensions\
> {827D319E-6EAC-11D2-A4EA-00C04F79F83A
>
> Registry Setting - Add the REG_DWORD value "ExtensionDebugLevel"
> and set it to 0x2
>
> Then execute a gpupdate /force
> verify you get the 1202 event
>
> Then review and post the winlogon.log to this thread.
>
>
> --
> Glenn L
> CCNA, MCSE 2000/2003 + Security
>
> "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in message
> news:cvgden$m3c$1@news-02.connect.com.au...
> > Okay, maybe I should have been a bit more specific..
> >
> > The bottom part of my Winlogon.log shows:
> >
> > Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
> > Error 1208: An extended error has occurred.
> > Error deleting SCP.
> > ----Configuration engine is initialized with error.----
> >
> > Does anyone know how I can fix this?
> >
> > Thanks,
> > Cameron:-)
> >
> > "Jerold Schulman" <Jerry@jsiinc.com> wrote in message
> > news:qadm115lb06ipqm8njknttbrtumo6pdspk@4ax.com...
> >>
> >> The folowing articels were returned from the KB with a boolean search
> > (scecli and 1202 and (1208 or 0x4b8)):
> >> http://support.microsoft.com?kbid=260715 "Event ID 1000 and 1202 After
> > Configuring Policies "
> >> http://support.microsoft.com?kbid=278316 "ESENT event IDs 1000 1202 412
> > and 454 are logged repeatedly in the Application log "
> >> http://support.microsoft.com?kbid=285903 "At Startup Error 1332 Occurs
> > Message Reports Lack of Mapping Between Account Names and Security IDs
> > Inability to Find Power Users "
> >> http://support.microsoft.com?kbid=296854 "Restricted Groups Are Limited
> >> to
> > Local Domain Members Only "
> >> http://support.microsoft.com?kbid=324383 "Troubleshooting SCECLI 1202
> > Events "
> >> http://support.microsoft.com?kbid=827012 "#34Windows Cannot Read
Template
> > Information#34 Error Message When You Try to View a Windows XP-based
> > Template in a Windows 2000 Domain "
> >> http://support.microsoft.com?kbid=835901 "A Restricted Groups policy
> > setting may not remove security identifiers in Windows 2000 Server "
> >>
> >>
> >>
> >> On Tue, 22 Feb 2005 15:12:30 +1100, "Cameron Dorrough"
> > <cdorrough@nortonconsultants.com> wrote:
> >>
> >> >Since yesterday we are getting the following error on our main file
> > server
> >> >every 5 minutes. There are no other errors and, up until now, the box
> >> >hasn't been touched for over a month and Group Policys haven't been
> > touched.
> >> >Our other DC's are reporting that "Security policy has been applied
> >> >successfully".
> >> >
> >> >Event Type: Warning
> >> >Event Source: SceCli
> >> >Event Category: None
> >> >Event ID: 1202
> >> >Description:
> >> >Security policies are propagated with warning. 0x4b8 : An extended
error
> > has
> >> >occurred.
> >> >
> >> >I've read through the JSI and Microsoft articles I can find on this,
but
> > all
> >> >seem to rely on associated error messages to find the fault. FWIW,
the
> >> >Winlogon.log file shows:
> >> >
> >> >Error 1208: An extended error has occurred.
> >> > Error deleting SCP.
> >> >
> >> >Help! What is going on??
> >> >
> >> >Thanks,
> >> >Cameron:-)
> >> >
> >> >
> >>
> >>
> >> Jerold Schulman
> >> Windows Server MVP
> >> JSI, Inc.
> >> http://www.jsiinc.com
> >
> >
>
>
Anonymous
a b 8 Security
March 1, 2005 4:22:05 PM

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

I have never seen "Error deleting SCP" and don't really know specifically
what SCP stands for.
I don't know of any increased logging short of attaching a debugger to
winlogon.exe to find out what scecli.dll is doing when it applies.
However, I suspect this can be fixed by simply blowing away the local
security database and have it recreated.

The procedure is straight forward, however you need to prepare for it and
plan for a short outage in service.
This is just a member server right?
the database (local group policy) contains out of the box security settings.
If you have made any modifications to the local group policy under "computer
configuration\windows settings\security settings, you should inventory those
settings.
Once the settings are inventoried, do the following:

browse to c:\windows\security\database & rename secedit.sdb
browse to c:\windows\security & rename edb.chk, edb.log, res1.log, &
res2.log
reboot the server. A new blank database, chkpoint, and logs will be
created.
All default out of the box security and local group policy settings are gone
at this point.
You need to reapply them to the server.
follow the procedure in http://support.microsoft.com/?kbid=313222
This works on W2K and W2K3 server as well.
Then reapply local security settings you inventoried previously.
At this point you should be able to execute a gpupdate /force and get a
*happy* scecli 1704 event.

Cheers!

--
Glenn L
CCNA, MCSE 2000/2003 + Security

"Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in message
news:D 00jf6$3f1$1@news-02.connect.com.au...
> Thanks Glenn, I'd already set the ExtensionDebugLevel to 0x2.. is there
> anything else I can do?
>
> The App Log is filling up every couple of days with the SceCli error and
> nothing else! If there were any other errors, this might have been fixed
> by
> now. I'll include the entire Winlogon.log file below. None of it means
> anything to me (or to Microsoft apparently):
>
> *************************
> Error 0 to send control flag 1 over to server.
> GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
> GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
>
> [Mapping] gpt00000.dom = Default Domain Policy
> -------------------------------------------
> 03/01/2005 13:09:58
> Administrative privileged user logged on.
> Invoke Registry Value Delay Filter.
> Analyze machine\software\microsoft\windows
> nt\currentversion\setup\recoveryconsole\securitylevel.
> Analyze machine\software\microsoft\windows
> nt\currentversion\setup\recoveryconsole\setcommand.
> Analyze machine\software\microsoft\windows
> nt\currentversion\winlogon\allocatecdroms.
> Analyze machine\software\microsoft\windows
> nt\currentversion\winlogon\allocatedasd.
> Analyze machine\software\microsoft\windows
> nt\currentversion\winlogon\allocatefloppies.
> Analyze machine\software\microsoft\windows
> nt\currentversion\winlogon\cachedlogonscount.
> Analyze machine\software\microsoft\windows
> nt\currentversion\winlogon\passwordexpirywarning.
> Analyze machine\software\microsoft\windows
> nt\currentversion\winlogon\scremoveoption.
> Analyze
> machine\software\microsoft\windows\currentversion\policies\system\disablecad
> .
> Analyze
> machine\software\microsoft\windows\currentversion\policies\system\dontdispla
> ylastusername.
> Analyze
> machine\software\microsoft\windows\currentversion\policies\system\legalnotic
> ecaption.
> Analyze
> machine\software\microsoft\windows\currentversion\policies\system\legalnotic
> etext.
> Analyze
> machine\software\microsoft\windows\currentversion\policies\system\shutdownwi
> thoutlogon.
> Analyze machine\system\currentcontrolset\control\lsa\auditbaseobjects.
> Analyze machine\system\currentcontrolset\control\lsa\crashonauditfail.
> Analyze
> machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
> Analyze machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
> Analyze machine\system\currentcontrolset\control\lsa\restrictanonymous.
> Analyze machine\system\currentcontrolset\control\print\providers\lanman
> print services\servers\addprinterdrivers.
> Analyze machine\system\currentcontrolset\control\session manager\memory
> management\clearpagefileatshutdown.
> Analyze machine\system\currentcontrolset\control\session
> manager\protectionmode.
> Analyze
> machine\system\currentcontrolset\services\lanmanserver\parameters\autodiscon
> nect.
> Analyze
> machine\system\currentcontrolset\services\lanmanserver\parameters\enableforc
> edlogoff.
> Analyze
> machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecu
> ritysignature.
> Analyze
> machine\system\currentcontrolset\services\lanmanserver\parameters\requiresec
> uritysignature.
> Analyze
> machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
> eplaintextpassword.
> Analyze
> machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
> esecuritysignature.
> Analyze
> machine\system\currentcontrolset\services\lanmanworkstation\parameters\requi
> resecuritysignature.
> Analyze
> machine\system\currentcontrolset\services\netlogon\parameters\disablepasswor
> dchange.
> Analyze
> machine\system\currentcontrolset\services\netlogon\parameters\requiresignors
> eal.
> Analyze
> machine\system\currentcontrolset\services\netlogon\parameters\requirestrongk
> ey.
> Analyze
> machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechan
> nel.
> Analyze
> machine\system\currentcontrolset\services\netlogon\parameters\signsecurechan
> nel.
> Analyze MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl.
> Analyze MACHINE\Software\Microsoft\Non-Driver Signing\Policy.
> Analyze MACHINE\Software\Microsoft\Driver Signing\Policy.
> Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
> Error 1208: An extended error has occurred.
> Error deleting SCP.
> ----Configuration engine is initialized with error.----
>
> ----Un-initialize configuration engine...
>
> I am rather frustrated but I do appreciate your help.
>
> BTW, 'gpupdate' doesn't seem to work, but 'secedit' does and that's how I
> generated the above..
>
> Thanks again,
> Cameron:-)
>
> "Glenn L" <the.only(delete)@gmail dot com> wrote in message
> news:edpIuIfHFHA.2924@TK2MSFTNGP15.phx.gbl...
>> I suggest you turn up winlogon logging to possibly get more detail on
> this.
>>
>>
>> Registry Location -
>> HKLM\Software\Microsoft\WindowsNT\CurrentVersion\WinLogon\GPExtensions\
>> {827D319E-6EAC-11D2-A4EA-00C04F79F83A
>>
>> Registry Setting - Add the REG_DWORD value "ExtensionDebugLevel"
>> and set it to 0x2
>>
>> Then execute a gpupdate /force
>> verify you get the 1202 event
>>
>> Then review and post the winlogon.log to this thread.
>>
>>
>> --
>> Glenn L
>> CCNA, MCSE 2000/2003 + Security
>>
>> "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in message
>> news:cvgden$m3c$1@news-02.connect.com.au...
>> > Okay, maybe I should have been a bit more specific..
>> >
>> > The bottom part of my Winlogon.log shows:
>> >
>> > Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
>> > Error 1208: An extended error has occurred.
>> > Error deleting SCP.
>> > ----Configuration engine is initialized with error.----
>> >
>> > Does anyone know how I can fix this?
>> >
>> > Thanks,
>> > Cameron:-)
>> >
>> > "Jerold Schulman" <Jerry@jsiinc.com> wrote in message
>> > news:qadm115lb06ipqm8njknttbrtumo6pdspk@4ax.com...
>> >>
>> >> The folowing articels were returned from the KB with a boolean search
>> > (scecli and 1202 and (1208 or 0x4b8)):
>> >> http://support.microsoft.com?kbid=260715 "Event ID 1000 and 1202 After
>> > Configuring Policies "
>> >> http://support.microsoft.com?kbid=278316 "ESENT event IDs 1000 1202
>> >> 412
>> > and 454 are logged repeatedly in the Application log "
>> >> http://support.microsoft.com?kbid=285903 "At Startup Error 1332 Occurs
>> > Message Reports Lack of Mapping Between Account Names and Security IDs
>> > Inability to Find Power Users "
>> >> http://support.microsoft.com?kbid=296854 "Restricted Groups Are
>> >> Limited
>> >> to
>> > Local Domain Members Only "
>> >> http://support.microsoft.com?kbid=324383 "Troubleshooting SCECLI 1202
>> > Events "
>> >> http://support.microsoft.com?kbid=827012 "#34Windows Cannot Read
> Template
>> > Information#34 Error Message When You Try to View a Windows XP-based
>> > Template in a Windows 2000 Domain "
>> >> http://support.microsoft.com?kbid=835901 "A Restricted Groups policy
>> > setting may not remove security identifiers in Windows 2000 Server "
>> >>
>> >>
>> >>
>> >> On Tue, 22 Feb 2005 15:12:30 +1100, "Cameron Dorrough"
>> > <cdorrough@nortonconsultants.com> wrote:
>> >>
>> >> >Since yesterday we are getting the following error on our main file
>> > server
>> >> >every 5 minutes. There are no other errors and, up until now, the
>> >> >box
>> >> >hasn't been touched for over a month and Group Policys haven't been
>> > touched.
>> >> >Our other DC's are reporting that "Security policy has been applied
>> >> >successfully".
>> >> >
>> >> >Event Type: Warning
>> >> >Event Source: SceCli
>> >> >Event Category: None
>> >> >Event ID: 1202
>> >> >Description:
>> >> >Security policies are propagated with warning. 0x4b8 : An extended
> error
>> > has
>> >> >occurred.
>> >> >
>> >> >I've read through the JSI and Microsoft articles I can find on this,
> but
>> > all
>> >> >seem to rely on associated error messages to find the fault. FWIW,
> the
>> >> >Winlogon.log file shows:
>> >> >
>> >> >Error 1208: An extended error has occurred.
>> >> > Error deleting SCP.
>> >> >
>> >> >Help! What is going on??
>> >> >
>> >> >Thanks,
>> >> >Cameron:-)
>> >> >
>> >> >
>> >>
>> >>
>> >> Jerold Schulman
>> >> Windows Server MVP
>> >> JSI, Inc.
>> >> http://www.jsiinc.com
>> >
>> >
>>
>>
>
>
Anonymous
a b 8 Security
March 1, 2005 8:54:24 PM

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

"Glenn L" <the.only(delete)@gmail dot com> wrote in message
news:o Q1JGmhHFHA.3612@TK2MSFTNGP09.phx.gbl...
> I have never seen "Error deleting SCP" and don't really know specifically
> what SCP stands for.
> I don't know of any increased logging short of attaching a debugger to
> winlogon.exe to find out what scecli.dll is doing when it applies.
> However, I suspect this can be fixed by simply blowing away the local
> security database and have it recreated.

Thanks heaps, Glenn - that is exactly the sort of info I need! :-)

I will try that and let you know how I get on.

Cameron:-)
Anonymous
a b 8 Security
March 2, 2005 12:21:35 PM

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

Glenn, it works!! :-)

I followed your procedure late last night and checked the event log this
morning and it is now full of nice blue information messages. Thanks
heaps - now I can get back to some real work! :-)

Stuff knows what went wrong - AFAIK nobody had touched the machine or
changed policy settings in ages..

I've left your instructions below in case anyone else ever has a similar
issue (one change - I had to boot into Safe mode to change the file names..
;-)

Have a great day.

Cameron:-)

"Glenn L" <the.only(delete)@gmail dot com> wrote in message
news:o Q1JGmhHFHA.3612@TK2MSFTNGP09.phx.gbl...
> I have never seen "Error deleting SCP" and don't really know specifically
> what SCP stands for.
> I don't know of any increased logging short of attaching a debugger to
> winlogon.exe to find out what scecli.dll is doing when it applies.
> However, I suspect this can be fixed by simply blowing away the local
> security database and have it recreated.
>
> The procedure is straight forward, however you need to prepare for it and
> plan for a short outage in service.
> This is just a member server right?
> the database (local group policy) contains out of the box security
settings.
> If you have made any modifications to the local group policy under
"computer
> configuration\windows settings\security settings, you should inventory
those
> settings.
> Once the settings are inventoried, do the following:
>
> browse to c:\windows\security\database & rename secedit.sdb
> browse to c:\windows\security & rename edb.chk, edb.log, res1.log, &
> res2.log
> reboot the server. A new blank database, chkpoint, and logs will be
> created.
> All default out of the box security and local group policy settings are
gone
> at this point.
> You need to reapply them to the server.
> follow the procedure in http://support.microsoft.com/?kbid=313222
> This works on W2K and W2K3 server as well.
> Then reapply local security settings you inventoried previously.
> At this point you should be able to execute a gpupdate /force and get a
> *happy* scecli 1704 event.
>
> Cheers!
>
> --
> Glenn L
> CCNA, MCSE 2000/2003 + Security
>
Anonymous
a b 8 Security
March 31, 2005 4:57:03 PM

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

Glenn,

I have the same exact problem that Cameron Dorrough had reported. I am
attempting to bring a new Win2003 DC online which will eventually replace my
Win2000 DC (2 separate machines). I receive the same error on my Win2003
box. My Win2000 DC applies GP fine. I have attempted your solution, but
after restarting the Win2003 server, the secedit.sdb database does not get
rebuilt, thought the log and chk files do. I know receive different events
the in Applicaiton log, due the non existence of the secedit.sdb. I have
found KB article 278316 which describes how to recreate it, but when I
attempt to import any .inf template. I receive messages under two scenarios:



I have been unsuccessful in recreating the secedit.sdb. I found KB
articleCan you provide any insight?

"Glenn L" wrote:

> I have never seen "Error deleting SCP" and don't really know specifically
> what SCP stands for.
> I don't know of any increased logging short of attaching a debugger to
> winlogon.exe to find out what scecli.dll is doing when it applies.
> However, I suspect this can be fixed by simply blowing away the local
> security database and have it recreated.
>
> The procedure is straight forward, however you need to prepare for it and
> plan for a short outage in service.
> This is just a member server right?
> the database (local group policy) contains out of the box security settings.
> If you have made any modifications to the local group policy under "computer
> configuration\windows settings\security settings, you should inventory those
> settings.
> Once the settings are inventoried, do the following:
>
> browse to c:\windows\security\database & rename secedit.sdb
> browse to c:\windows\security & rename edb.chk, edb.log, res1.log, &
> res2.log
> reboot the server. A new blank database, chkpoint, and logs will be
> created.
> All default out of the box security and local group policy settings are gone
> at this point.
> You need to reapply them to the server.
> follow the procedure in http://support.microsoft.com/?kbid=313222
> This works on W2K and W2K3 server as well.
> Then reapply local security settings you inventoried previously.
> At this point you should be able to execute a gpupdate /force and get a
> *happy* scecli 1704 event.
>
> Cheers!
>
> --
> Glenn L
> CCNA, MCSE 2000/2003 + Security
>
> "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in message
> news:D 00jf6$3f1$1@news-02.connect.com.au...
> > Thanks Glenn, I'd already set the ExtensionDebugLevel to 0x2.. is there
> > anything else I can do?
> >
> > The App Log is filling up every couple of days with the SceCli error and
> > nothing else! If there were any other errors, this might have been fixed
> > by
> > now. I'll include the entire Winlogon.log file below. None of it means
> > anything to me (or to Microsoft apparently):
> >
> > *************************
> > Error 0 to send control flag 1 over to server.
> > GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
> > GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
> >
> > [Mapping] gpt00000.dom = Default Domain Policy
> > -------------------------------------------
> > 03/01/2005 13:09:58
> > Administrative privileged user logged on.
> > Invoke Registry Value Delay Filter.
> > Analyze machine\software\microsoft\windows
> > nt\currentversion\setup\recoveryconsole\securitylevel.
> > Analyze machine\software\microsoft\windows
> > nt\currentversion\setup\recoveryconsole\setcommand.
> > Analyze machine\software\microsoft\windows
> > nt\currentversion\winlogon\allocatecdroms.
> > Analyze machine\software\microsoft\windows
> > nt\currentversion\winlogon\allocatedasd.
> > Analyze machine\software\microsoft\windows
> > nt\currentversion\winlogon\allocatefloppies.
> > Analyze machine\software\microsoft\windows
> > nt\currentversion\winlogon\cachedlogonscount.
> > Analyze machine\software\microsoft\windows
> > nt\currentversion\winlogon\passwordexpirywarning.
> > Analyze machine\software\microsoft\windows
> > nt\currentversion\winlogon\scremoveoption.
> > Analyze
> > machine\software\microsoft\windows\currentversion\policies\system\disablecad
> > .
> > Analyze
> > machine\software\microsoft\windows\currentversion\policies\system\dontdispla
> > ylastusername.
> > Analyze
> > machine\software\microsoft\windows\currentversion\policies\system\legalnotic
> > ecaption.
> > Analyze
> > machine\software\microsoft\windows\currentversion\policies\system\legalnotic
> > etext.
> > Analyze
> > machine\software\microsoft\windows\currentversion\policies\system\shutdownwi
> > thoutlogon.
> > Analyze machine\system\currentcontrolset\control\lsa\auditbaseobjects.
> > Analyze machine\system\currentcontrolset\control\lsa\crashonauditfail.
> > Analyze
> > machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
> > Analyze machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
> > Analyze machine\system\currentcontrolset\control\lsa\restrictanonymous.
> > Analyze machine\system\currentcontrolset\control\print\providers\lanman
> > print services\servers\addprinterdrivers.
> > Analyze machine\system\currentcontrolset\control\session manager\memory
> > management\clearpagefileatshutdown.
> > Analyze machine\system\currentcontrolset\control\session
> > manager\protectionmode.
> > Analyze
> > machine\system\currentcontrolset\services\lanmanserver\parameters\autodiscon
> > nect.
> > Analyze
> > machine\system\currentcontrolset\services\lanmanserver\parameters\enableforc
> > edlogoff.
> > Analyze
> > machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecu
> > ritysignature.
> > Analyze
> > machine\system\currentcontrolset\services\lanmanserver\parameters\requiresec
> > uritysignature.
> > Analyze
> > machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
> > eplaintextpassword.
> > Analyze
> > machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
> > esecuritysignature.
> > Analyze
> > machine\system\currentcontrolset\services\lanmanworkstation\parameters\requi
> > resecuritysignature.
> > Analyze
> > machine\system\currentcontrolset\services\netlogon\parameters\disablepasswor
> > dchange.
> > Analyze
> > machine\system\currentcontrolset\services\netlogon\parameters\requiresignors
> > eal.
> > Analyze
> > machine\system\currentcontrolset\services\netlogon\parameters\requirestrongk
> > ey.
> > Analyze
> > machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechan
> > nel.
> > Analyze
> > machine\system\currentcontrolset\services\netlogon\parameters\signsecurechan
> > nel.
> > Analyze MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl.
> > Analyze MACHINE\Software\Microsoft\Non-Driver Signing\Policy.
> > Analyze MACHINE\Software\Microsoft\Driver Signing\Policy.
> > Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
> > Error 1208: An extended error has occurred.
> > Error deleting SCP.
> > ----Configuration engine is initialized with error.----
> >
> > ----Un-initialize configuration engine...
> >
> > I am rather frustrated but I do appreciate your help.
> >
> > BTW, 'gpupdate' doesn't seem to work, but 'secedit' does and that's how I
> > generated the above..
> >
> > Thanks again,
> > Cameron:-)
> >
> > "Glenn L" <the.only(delete)@gmail dot com> wrote in message
> > news:edpIuIfHFHA.2924@TK2MSFTNGP15.phx.gbl...
> >> I suggest you turn up winlogon logging to possibly get more detail on
> > this.
> >>
> >>
> >> Registry Location -
> >> HKLM\Software\Microsoft\WindowsNT\CurrentVersion\WinLogon\GPExtensions\
> >> {827D319E-6EAC-11D2-A4EA-00C04F79F83A
> >>
> >> Registry Setting - Add the REG_DWORD value "ExtensionDebugLevel"
> >> and set it to 0x2
> >>
> >> Then execute a gpupdate /force
> >> verify you get the 1202 event
> >>
> >> Then review and post the winlogon.log to this thread.
> >>
> >>
> >> --
> >> Glenn L
> >> CCNA, MCSE 2000/2003 + Security
> >>
> >> "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in message
> >> news:cvgden$m3c$1@news-02.connect.com.au...
> >> > Okay, maybe I should have been a bit more specific..
> >> >
> >> > The bottom part of my Winlogon.log shows:
> >> >
> >> > Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
> >> > Error 1208: An extended error has occurred.
> >> > Error deleting SCP.
> >> > ----Configuration engine is initialized with error.----
> >> >
> >> > Does anyone know how I can fix this?
> >> >
> >> > Thanks,
> >> > Cameron:-)
> >> >
> >> > "Jerold Schulman" <Jerry@jsiinc.com> wrote in message
> >> > news:qadm115lb06ipqm8njknttbrtumo6pdspk@4ax.com...
> >> >>
> >> >> The folowing articels were returned from the KB with a boolean search
> >> > (scecli and 1202 and (1208 or 0x4b8)):
> >> >> http://support.microsoft.com?kbid=260715 "Event ID 1000 and 1202 After
> >> > Configuring Policies "
> >> >> http://support.microsoft.com?kbid=278316 "ESENT event IDs 1000 1202
> >> >> 412
> >> > and 454 are logged repeatedly in the Application log "
> >> >> http://support.microsoft.com?kbid=285903 "At Startup Error 1332 Occurs
> >> > Message Reports Lack of Mapping Between Account Names and Security IDs
> >> > Inability to Find Power Users "
> >> >> http://support.microsoft.com?kbid=296854 "Restricted Groups Are
> >> >> Limited
> >> >> to
> >> > Local Domain Members Only "
> >> >> http://support.microsoft.com?kbid=324383 "Troubleshooting SCECLI 1202
> >> > Events "
> >> >> http://support.microsoft.com?kbid=827012 "#34Windows Cannot Read
> > Template
> >> > Information#34 Error Message When You Try to View a Windows XP-based
> >> > Template in a Windows 2000 Domain "
> >> >> http://support.microsoft.com?kbid=835901 "A Restricted Groups policy
> >> > setting may not remove security identifiers in Windows 2000 Server "
> >> >>
> >> >>
> >> >>
> >> >> On Tue, 22 Feb 2005 15:12:30 +1100, "Cameron Dorrough"
> >> > <cdorrough@nortonconsultants.com> wrote:
> >> >>
> >> >> >Since yesterday we are getting the following error on our main file
> >> > server
> >> >> >every 5 minutes. There are no other errors and, up until now, the
> >> >> >box
> >> >> >hasn't been touched for over a month and Group Policys haven't been
> >> > touched.
> >> >> >Our other DC's are reporting that "Security policy has been applied
> >> >> >successfully".
> >> >> >
> >> >> >Event Type: Warning
> >> >> >Event Source: SceCli
> >> >> >Event Category: None
> >> >> >Event ID: 1202
> >> >> >Description:
> >> >> >Security policies are propagated with warning. 0x4b8 : An extended
> > error
> >> > has
> >> >> >occurred.
> >> >> >
> >> >> >I've read through the JSI and Microsoft articles I can find on this,
> > but
> >> > all
> >> >> >seem to rely on associated error messages to find the fault. FWIW,
> > the
> >> >> >Winlogon.log file shows:
> >> >> >
> >> >> >Error 1208: An extended error has occurred.
> >> >> > Error deleting SCP.
> >> >> >
> >> >> >Help! What is going on??
> >> >> >
> >> >> >Thanks,
> >> >> >Cameron:-)
> >> >> >
> >> >> >
> >> >>
> >> >>
> >> >> Jerold Schulman
> >> >> Windows Server MVP
> >> >> JSI, Inc.
> >> >> http://www.jsiinc.com
> >> >
> >> >
> >>
> >>
> >
> >
>
>
>
Anonymous
a b 8 Security
March 31, 2005 5:15:02 PM

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

Please excuse my first post. My first message was inadvertantly posted
before it was complete.

Glenn,

I have the same exact problem that Cameron Dorrough had reported. I am
attempting to bring a new Win2003 DC online which will eventually replace my
Win2000 DC (2 separate machines). I receive the same error on my Win2003
box. My Win2000 DC applies GP fine. I have attempted your solution, but
after restarting the Win2003 server, the secedit.sdb database does not get
rebuilt, thought the log and chk files do.

I now receive different events the in Applicaiton log, due the non existence
of the secedit.sdb. I have found KB article 278316 which describes how to
recreate it, but when I attempt to import any .inf template. I receive
messages under two scenarios:
Using secedit.sdb as the database name to create, I receive 'Access is
denied.
Import Failed. Make sure that you have rith right permissions to this
object'.

Using some other db name, such as test.sdb, I receive 'An extended error
has
occured. Import Failed'

I receive the messages above regardless of the .inf I choose. I am logged
in as Admistrator.
Can you provide any insight?



"LThibx" wrote:

> Glenn,
>
> I have the same exact problem that Cameron Dorrough had reported. I am
> attempting to bring a new Win2003 DC online which will eventually replace my
> Win2000 DC (2 separate machines). I receive the same error on my Win2003
> box. My Win2000 DC applies GP fine. I have attempted your solution, but
> after restarting the Win2003 server, the secedit.sdb database does not get
> rebuilt, thought the log and chk files do. I know receive different events
> the in Applicaiton log, due the non existence of the secedit.sdb. I have
> found KB article 278316 which describes how to recreate it, but when I
> attempt to import any .inf template. I receive messages under two scenarios:
>
>
>
> I have been unsuccessful in recreating the secedit.sdb. I found KB
> articleCan you provide any insight?
>
> "Glenn L" wrote:
>
> > I have never seen "Error deleting SCP" and don't really know specifically
> > what SCP stands for.
> > I don't know of any increased logging short of attaching a debugger to
> > winlogon.exe to find out what scecli.dll is doing when it applies.
> > However, I suspect this can be fixed by simply blowing away the local
> > security database and have it recreated.
> >
> > The procedure is straight forward, however you need to prepare for it and
> > plan for a short outage in service.
> > This is just a member server right?
> > the database (local group policy) contains out of the box security settings.
> > If you have made any modifications to the local group policy under "computer
> > configuration\windows settings\security settings, you should inventory those
> > settings.
> > Once the settings are inventoried, do the following:
> >
> > browse to c:\windows\security\database & rename secedit.sdb
> > browse to c:\windows\security & rename edb.chk, edb.log, res1.log, &
> > res2.log
> > reboot the server. A new blank database, chkpoint, and logs will be
> > created.
> > All default out of the box security and local group policy settings are gone
> > at this point.
> > You need to reapply them to the server.
> > follow the procedure in http://support.microsoft.com/?kbid=313222
> > This works on W2K and W2K3 server as well.
> > Then reapply local security settings you inventoried previously.
> > At this point you should be able to execute a gpupdate /force and get a
> > *happy* scecli 1704 event.
> >
> > Cheers!
> >
> > --
> > Glenn L
> > CCNA, MCSE 2000/2003 + Security
> >
> > "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in message
> > news:D 00jf6$3f1$1@news-02.connect.com.au...
> > > Thanks Glenn, I'd already set the ExtensionDebugLevel to 0x2.. is there
> > > anything else I can do?
> > >
> > > The App Log is filling up every couple of days with the SceCli error and
> > > nothing else! If there were any other errors, this might have been fixed
> > > by
> > > now. I'll include the entire Winlogon.log file below. None of it means
> > > anything to me (or to Microsoft apparently):
> > >
> > > *************************
> > > Error 0 to send control flag 1 over to server.
> > > GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
> > > GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
> > >
> > > [Mapping] gpt00000.dom = Default Domain Policy
> > > -------------------------------------------
> > > 03/01/2005 13:09:58
> > > Administrative privileged user logged on.
> > > Invoke Registry Value Delay Filter.
> > > Analyze machine\software\microsoft\windows
> > > nt\currentversion\setup\recoveryconsole\securitylevel.
> > > Analyze machine\software\microsoft\windows
> > > nt\currentversion\setup\recoveryconsole\setcommand.
> > > Analyze machine\software\microsoft\windows
> > > nt\currentversion\winlogon\allocatecdroms.
> > > Analyze machine\software\microsoft\windows
> > > nt\currentversion\winlogon\allocatedasd.
> > > Analyze machine\software\microsoft\windows
> > > nt\currentversion\winlogon\allocatefloppies.
> > > Analyze machine\software\microsoft\windows
> > > nt\currentversion\winlogon\cachedlogonscount.
> > > Analyze machine\software\microsoft\windows
> > > nt\currentversion\winlogon\passwordexpirywarning.
> > > Analyze machine\software\microsoft\windows
> > > nt\currentversion\winlogon\scremoveoption.
> > > Analyze
> > > machine\software\microsoft\windows\currentversion\policies\system\disablecad
> > > .
> > > Analyze
> > > machine\software\microsoft\windows\currentversion\policies\system\dontdispla
> > > ylastusername.
> > > Analyze
> > > machine\software\microsoft\windows\currentversion\policies\system\legalnotic
> > > ecaption.
> > > Analyze
> > > machine\software\microsoft\windows\currentversion\policies\system\legalnotic
> > > etext.
> > > Analyze
> > > machine\software\microsoft\windows\currentversion\policies\system\shutdownwi
> > > thoutlogon.
> > > Analyze machine\system\currentcontrolset\control\lsa\auditbaseobjects.
> > > Analyze machine\system\currentcontrolset\control\lsa\crashonauditfail.
> > > Analyze
> > > machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
> > > Analyze machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
> > > Analyze machine\system\currentcontrolset\control\lsa\restrictanonymous.
> > > Analyze machine\system\currentcontrolset\control\print\providers\lanman
> > > print services\servers\addprinterdrivers.
> > > Analyze machine\system\currentcontrolset\control\session manager\memory
> > > management\clearpagefileatshutdown.
> > > Analyze machine\system\currentcontrolset\control\session
> > > manager\protectionmode.
> > > Analyze
> > > machine\system\currentcontrolset\services\lanmanserver\parameters\autodiscon
> > > nect.
> > > Analyze
> > > machine\system\currentcontrolset\services\lanmanserver\parameters\enableforc
> > > edlogoff.
> > > Analyze
> > > machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecu
> > > ritysignature.
> > > Analyze
> > > machine\system\currentcontrolset\services\lanmanserver\parameters\requiresec
> > > uritysignature.
> > > Analyze
> > > machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
> > > eplaintextpassword.
> > > Analyze
> > > machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
> > > esecuritysignature.
> > > Analyze
> > > machine\system\currentcontrolset\services\lanmanworkstation\parameters\requi
> > > resecuritysignature.
> > > Analyze
> > > machine\system\currentcontrolset\services\netlogon\parameters\disablepasswor
> > > dchange.
> > > Analyze
> > > machine\system\currentcontrolset\services\netlogon\parameters\requiresignors
> > > eal.
> > > Analyze
> > > machine\system\currentcontrolset\services\netlogon\parameters\requirestrongk
> > > ey.
> > > Analyze
> > > machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechan
> > > nel.
> > > Analyze
> > > machine\system\currentcontrolset\services\netlogon\parameters\signsecurechan
> > > nel.
> > > Analyze MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl.
> > > Analyze MACHINE\Software\Microsoft\Non-Driver Signing\Policy.
> > > Analyze MACHINE\Software\Microsoft\Driver Signing\Policy.
> > > Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
> > > Error 1208: An extended error has occurred.
> > > Error deleting SCP.
> > > ----Configuration engine is initialized with error.----
> > >
> > > ----Un-initialize configuration engine...
> > >
> > > I am rather frustrated but I do appreciate your help.
> > >
> > > BTW, 'gpupdate' doesn't seem to work, but 'secedit' does and that's how I
> > > generated the above..
> > >
> > > Thanks again,
> > > Cameron:-)
> > >
> > > "Glenn L" <the.only(delete)@gmail dot com> wrote in message
> > > news:edpIuIfHFHA.2924@TK2MSFTNGP15.phx.gbl...
> > >> I suggest you turn up winlogon logging to possibly get more detail on
> > > this.
> > >>
> > >>
> > >> Registry Location -
> > >> HKLM\Software\Microsoft\WindowsNT\CurrentVersion\WinLogon\GPExtensions\
> > >> {827D319E-6EAC-11D2-A4EA-00C04F79F83A
> > >>
> > >> Registry Setting - Add the REG_DWORD value "ExtensionDebugLevel"
> > >> and set it to 0x2
> > >>
> > >> Then execute a gpupdate /force
> > >> verify you get the 1202 event
> > >>
> > >> Then review and post the winlogon.log to this thread.
> > >>
> > >>
> > >> --
> > >> Glenn L
> > >> CCNA, MCSE 2000/2003 + Security
> > >>
> > >> "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in message
> > >> news:cvgden$m3c$1@news-02.connect.com.au...
> > >> > Okay, maybe I should have been a bit more specific..
> > >> >
> > >> > The bottom part of my Winlogon.log shows:
> > >> >
> > >> > Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
> > >> > Error 1208: An extended error has occurred.
> > >> > Error deleting SCP.
> > >> > ----Configuration engine is initialized with error.----
> > >> >
> > >> > Does anyone know how I can fix this?
> > >> >
> > >> > Thanks,
> > >> > Cameron:-)
> > >> >
> > >> > "Jerold Schulman" <Jerry@jsiinc.com> wrote in message
> > >> > news:qadm115lb06ipqm8njknttbrtumo6pdspk@4ax.com...
> > >> >>
> > >> >> The folowing articels were returned from the KB with a boolean search
> > >> > (scecli and 1202 and (1208 or 0x4b8)):
> > >> >> http://support.microsoft.com?kbid=260715 "Event ID 1000 and 1202 After
> > >> > Configuring Policies "
> > >> >> http://support.microsoft.com?kbid=278316 "ESENT event IDs 1000 1202
> > >> >> 412
> > >> > and 454 are logged repeatedly in the Application log "
> > >> >> http://support.microsoft.com?kbid=285903 "At Startup Error 1332 Occurs
> > >> > Message Reports Lack of Mapping Between Account Names and Security IDs
> > >> > Inability to Find Power Users "
> > >> >> http://support.microsoft.com?kbid=296854 "Restricted Groups Are
> > >> >> Limited
> > >> >> to
> > >> > Local Domain Members Only "
> > >> >> http://support.microsoft.com?kbid=324383 "Troubleshooting SCECLI 1202
> > >> > Events "
> > >> >> http://support.microsoft.com?kbid=827012 "#34Windows Cannot Read
> > > Template
> > >> > Information#34 Error Message When You Try to View a Windows XP-based
> > >> > Template in a Windows 2000 Domain "
> > >> >> http://support.microsoft.com?kbid=835901 "A Restricted Groups policy
> > >> > setting may not remove security identifiers in Windows 2000 Server "
> > >> >>
> > >> >>
> > >> >>
> > >> >> On Tue, 22 Feb 2005 15:12:30 +1100, "Cameron Dorrough"
> > >> > <cdorrough@nortonconsultants.com> wrote:
> > >> >>
> > >> >> >Since yesterday we are getting the following error on our main file
> > >> > server
> > >> >> >every 5 minutes. There are no other errors and, up until now, the
> > >> >> >box
> > >> >> >hasn't been touched for over a month and Group Policys haven't been
> > >> > touched.
> > >> >> >Our other DC's are reporting that "Security policy has been applied
> > >> >> >successfully".
> > >> >> >
> > >> >> >Event Type: Warning
> > >> >> >Event Source: SceCli
> > >> >> >Event Category: None
> > >> >> >Event ID: 1202
> > >> >> >Description:
> > >> >> >Security policies are propagated with warning. 0x4b8 : An extended
> > > error
> > >> > has
> > >> >> >occurred.
> > >> >> >
> > >> >> >I've read through the JSI and Microsoft articles I can find on this,
> > > but
> > >> > all
> > >> >> >seem to rely on associated error messages to find the fault. FWIW,
> > > the
> > >> >> >Winlogon.log file shows:
> > >> >> >
> > >> >> >Error 1208: An extended error has occurred.
> > >> >> > Error deleting SCP.
> > >> >> >
> > >> >> >Help! What is going on??
> > >> >> >
> > >> >> >Thanks,
> > >> >> >Cameron:-)
> > >> >> >
> > >> >> >
> > >> >>
> > >> >>
> > >> >> Jerold Schulman
> > >> >> Windows Server MVP
> > >> >> JSI, Inc.
> > >> >> http://www.jsiinc.com
> > >> >
> > >> >
> > >>
> > >>
> > >
> > >
> >
> >
> >
Anonymous
a b 8 Security
April 1, 2005 1:12:35 PM

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

Hi. A quick question: Are you doing this in Safe Mode??

My system has been fine ever since. Good luck :-)

Cameron:-)

"LThibx" <lthibx@discussions.microsoft.com> wrote in message
news:FE3AF5D9-50BC-41EF-BEC1-7874AADD91A3@microsoft.com...
> Please excuse my first post. My first message was inadvertantly posted
> before it was complete.
>
> Glenn,
>
> I have the same exact problem that Cameron Dorrough had reported. I am
> attempting to bring a new Win2003 DC online which will eventually replace
my
> Win2000 DC (2 separate machines). I receive the same error on my Win2003
> box. My Win2000 DC applies GP fine. I have attempted your solution, but
> after restarting the Win2003 server, the secedit.sdb database does not get
> rebuilt, thought the log and chk files do.
>
> I now receive different events the in Applicaiton log, due the non
existence
> of the secedit.sdb. I have found KB article 278316 which describes how to
> recreate it, but when I attempt to import any .inf template. I receive
> messages under two scenarios:
> Using secedit.sdb as the database name to create, I receive 'Access is
> denied.
> Import Failed. Make sure that you have rith right permissions to this
> object'.
>
> Using some other db name, such as test.sdb, I receive 'An extended
error
> has
> occured. Import Failed'
>
> I receive the messages above regardless of the .inf I choose. I am logged
> in as Admistrator.
> Can you provide any insight?
>
>
>
> "LThibx" wrote:
>
> > Glenn,
> >
> > I have the same exact problem that Cameron Dorrough had reported. I am
> > attempting to bring a new Win2003 DC online which will eventually
replace my
> > Win2000 DC (2 separate machines). I receive the same error on my
Win2003
> > box. My Win2000 DC applies GP fine. I have attempted your solution,
but
> > after restarting the Win2003 server, the secedit.sdb database does not
get
> > rebuilt, thought the log and chk files do. I know receive different
events
> > the in Applicaiton log, due the non existence of the secedit.sdb. I have
> > found KB article 278316 which describes how to recreate it, but when I
> > attempt to import any .inf template. I receive messages under two
scenarios:
> >
> >
> >
> > I have been unsuccessful in recreating the secedit.sdb. I found KB
> > articleCan you provide any insight?
> >
> > "Glenn L" wrote:
> >
> > > I have never seen "Error deleting SCP" and don't really know
specifically
> > > what SCP stands for.
> > > I don't know of any increased logging short of attaching a debugger to
> > > winlogon.exe to find out what scecli.dll is doing when it applies.
> > > However, I suspect this can be fixed by simply blowing away the local
> > > security database and have it recreated.
> > >
> > > The procedure is straight forward, however you need to prepare for it
and
> > > plan for a short outage in service.
> > > This is just a member server right?
> > > the database (local group policy) contains out of the box security
settings.
> > > If you have made any modifications to the local group policy under
"computer
> > > configuration\windows settings\security settings, you should inventory
those
> > > settings.
> > > Once the settings are inventoried, do the following:
> > >
> > > browse to c:\windows\security\database & rename secedit.sdb
> > > browse to c:\windows\security & rename edb.chk, edb.log, res1.log, &
> > > res2.log
> > > reboot the server. A new blank database, chkpoint, and logs will be
> > > created.
> > > All default out of the box security and local group policy settings
are gone
> > > at this point.
> > > You need to reapply them to the server.
> > > follow the procedure in http://support.microsoft.com/?kbid=313222
> > > This works on W2K and W2K3 server as well.
> > > Then reapply local security settings you inventoried previously.
> > > At this point you should be able to execute a gpupdate /force and get
a
> > > *happy* scecli 1704 event.
> > >
> > > Cheers!
> > >
> > > --
> > > Glenn L
> > > CCNA, MCSE 2000/2003 + Security
> > >
> > > "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in message
> > > news:D 00jf6$3f1$1@news-02.connect.com.au...
> > > > Thanks Glenn, I'd already set the ExtensionDebugLevel to 0x2.. is
there
> > > > anything else I can do?
> > > >
> > > > The App Log is filling up every couple of days with the SceCli error
and
> > > > nothing else! If there were any other errors, this might have been
fixed
> > > > by
> > > > now. I'll include the entire Winlogon.log file below. None of it
means
> > > > anything to me (or to Microsoft apparently):
> > > >
> > > > *************************
> > > > Error 0 to send control flag 1 over to server.
> > > > GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
> > > > GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
> > > >
> > > > [Mapping] gpt00000.dom = Default Domain Policy
> > > > -------------------------------------------
> > > > 03/01/2005 13:09:58
> > > > Administrative privileged user logged on.
> > > > Invoke Registry Value Delay Filter.
> > > > Analyze machine\software\microsoft\windows
> > > > nt\currentversion\setup\recoveryconsole\securitylevel.
> > > > Analyze machine\software\microsoft\windows
> > > > nt\currentversion\setup\recoveryconsole\setcommand.
> > > > Analyze machine\software\microsoft\windows
> > > > nt\currentversion\winlogon\allocatecdroms.
> > > > Analyze machine\software\microsoft\windows
> > > > nt\currentversion\winlogon\allocatedasd.
> > > > Analyze machine\software\microsoft\windows
> > > > nt\currentversion\winlogon\allocatefloppies.
> > > > Analyze machine\software\microsoft\windows
> > > > nt\currentversion\winlogon\cachedlogonscount.
> > > > Analyze machine\software\microsoft\windows
> > > > nt\currentversion\winlogon\passwordexpirywarning.
> > > > Analyze machine\software\microsoft\windows
> > > > nt\currentversion\winlogon\scremoveoption.
> > > > Analyze
> > > >
machine\software\microsoft\windows\currentversion\policies\system\disablecad
> > > > .
> > > > Analyze
> > > >
machine\software\microsoft\windows\currentversion\policies\system\dontdispla
> > > > ylastusername.
> > > > Analyze
> > > >
machine\software\microsoft\windows\currentversion\policies\system\legalnotic
> > > > ecaption.
> > > > Analyze
> > > >
machine\software\microsoft\windows\currentversion\policies\system\legalnotic
> > > > etext.
> > > > Analyze
> > > >
machine\software\microsoft\windows\currentversion\policies\system\shutdownwi
> > > > thoutlogon.
> > > > Analyze
machine\system\currentcontrolset\control\lsa\auditbaseobjects.
> > > > Analyze
machine\system\currentcontrolset\control\lsa\crashonauditfail.
> > > > Analyze
> > > > machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
> > > > Analyze
machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
> > > > Analyze
machine\system\currentcontrolset\control\lsa\restrictanonymous.
> > > > Analyze
machine\system\currentcontrolset\control\print\providers\lanman
> > > > print services\servers\addprinterdrivers.
> > > > Analyze machine\system\currentcontrolset\control\session
manager\memory
> > > > management\clearpagefileatshutdown.
> > > > Analyze machine\system\currentcontrolset\control\session
> > > > manager\protectionmode.
> > > > Analyze
> > > >
machine\system\currentcontrolset\services\lanmanserver\parameters\autodiscon
> > > > nect.
> > > > Analyze
> > > >
machine\system\currentcontrolset\services\lanmanserver\parameters\enableforc
> > > > edlogoff.
> > > > Analyze
> > > >
machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecu
> > > > ritysignature.
> > > > Analyze
> > > >
machine\system\currentcontrolset\services\lanmanserver\parameters\requiresec
> > > > uritysignature.
> > > > Analyze
> > > >
machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
> > > > eplaintextpassword.
> > > > Analyze
> > > >
machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
> > > > esecuritysignature.
> > > > Analyze
> > > >
machine\system\currentcontrolset\services\lanmanworkstation\parameters\requi
> > > > resecuritysignature.
> > > > Analyze
> > > >
machine\system\currentcontrolset\services\netlogon\parameters\disablepasswor
> > > > dchange.
> > > > Analyze
> > > >
machine\system\currentcontrolset\services\netlogon\parameters\requiresignors
> > > > eal.
> > > > Analyze
> > > >
machine\system\currentcontrolset\services\netlogon\parameters\requirestrongk
> > > > ey.
> > > > Analyze
> > > >
machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechan
> > > > nel.
> > > > Analyze
> > > >
machine\system\currentcontrolset\services\netlogon\parameters\signsecurechan
> > > > nel.
> > > > Analyze MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl.
> > > > Analyze MACHINE\Software\Microsoft\Non-Driver Signing\Policy.
> > > > Analyze MACHINE\Software\Microsoft\Driver Signing\Policy.
> > > > Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
> > > > Error 1208: An extended error has occurred.
> > > > Error deleting SCP.
> > > > ----Configuration engine is initialized with error.----
> > > >
> > > > ----Un-initialize configuration engine...
> > > >
> > > > I am rather frustrated but I do appreciate your help.
> > > >
> > > > BTW, 'gpupdate' doesn't seem to work, but 'secedit' does and that's
how I
> > > > generated the above..
> > > >
> > > > Thanks again,
> > > > Cameron:-)
> > > >
> > > > "Glenn L" <the.only(delete)@gmail dot com> wrote in message
> > > > news:edpIuIfHFHA.2924@TK2MSFTNGP15.phx.gbl...
> > > >> I suggest you turn up winlogon logging to possibly get more detail
on
> > > > this.
> > > >>
> > > >>
> > > >> Registry Location -
> > > >>
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\WinLogon\GPExtensions\
> > > >> {827D319E-6EAC-11D2-A4EA-00C04F79F83A
> > > >>
> > > >> Registry Setting - Add the REG_DWORD value
"ExtensionDebugLevel"
> > > >> and set it to 0x2
> > > >>
> > > >> Then execute a gpupdate /force
> > > >> verify you get the 1202 event
> > > >>
> > > >> Then review and post the winlogon.log to this thread.
> > > >>
> > > >>
> > > >> --
> > > >> Glenn L
> > > >> CCNA, MCSE 2000/2003 + Security
> > > >>
> > > >> "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in
message
> > > >> news:cvgden$m3c$1@news-02.connect.com.au...
> > > >> > Okay, maybe I should have been a bit more specific..
> > > >> >
> > > >> > The bottom part of my Winlogon.log shows:
> > > >> >
> > > >> > Parsing template
C:\WINNT\security\templates\policies\gpt00000.dom.
> > > >> > Error 1208: An extended error has occurred.
> > > >> > Error deleting SCP.
> > > >> > ----Configuration engine is initialized with error.----
> > > >> >
> > > >> > Does anyone know how I can fix this?
> > > >> >
> > > >> > Thanks,
> > > >> > Cameron:-)
> > > >> >
> > > >> > "Jerold Schulman" <Jerry@jsiinc.com> wrote in message
> > > >> > news:qadm115lb06ipqm8njknttbrtumo6pdspk@4ax.com...
> > > >> >>
> > > >> >> The folowing articels were returned from the KB with a boolean
search
> > > >> > (scecli and 1202 and (1208 or 0x4b8)):
> > > >> >> http://support.microsoft.com?kbid=260715 "Event ID 1000 and 1202
After
> > > >> > Configuring Policies "
> > > >> >> http://support.microsoft.com?kbid=278316 "ESENT event IDs 1000
1202
> > > >> >> 412
> > > >> > and 454 are logged repeatedly in the Application log "
> > > >> >> http://support.microsoft.com?kbid=285903 "At Startup Error 1332
Occurs
> > > >> > Message Reports Lack of Mapping Between Account Names and
Security IDs
> > > >> > Inability to Find Power Users "
> > > >> >> http://support.microsoft.com?kbid=296854 "Restricted Groups Are
> > > >> >> Limited
> > > >> >> to
> > > >> > Local Domain Members Only "
> > > >> >> http://support.microsoft.com?kbid=324383 "Troubleshooting SCECLI
1202
> > > >> > Events "
> > > >> >> http://support.microsoft.com?kbid=827012 "#34Windows Cannot Read
> > > > Template
> > > >> > Information#34 Error Message When You Try to View a Windows
XP-based
> > > >> > Template in a Windows 2000 Domain "
> > > >> >> http://support.microsoft.com?kbid=835901 "A Restricted Groups
policy
> > > >> > setting may not remove security identifiers in Windows 2000
Server "
> > > >> >>
> > > >> >>
> > > >> >>
> > > >> >> On Tue, 22 Feb 2005 15:12:30 +1100, "Cameron Dorrough"
> > > >> > <cdorrough@nortonconsultants.com> wrote:
> > > >> >>
> > > >> >> >Since yesterday we are getting the following error on our main
file
> > > >> > server
> > > >> >> >every 5 minutes. There are no other errors and, up until now,
the
> > > >> >> >box
> > > >> >> >hasn't been touched for over a month and Group Policys haven't
been
> > > >> > touched.
> > > >> >> >Our other DC's are reporting that "Security policy has been
applied
> > > >> >> >successfully".
> > > >> >> >
> > > >> >> >Event Type: Warning
> > > >> >> >Event Source: SceCli
> > > >> >> >Event Category: None
> > > >> >> >Event ID: 1202
> > > >> >> >Description:
> > > >> >> >Security policies are propagated with warning. 0x4b8 : An
extended
> > > > error
> > > >> > has
> > > >> >> >occurred.
> > > >> >> >
> > > >> >> >I've read through the JSI and Microsoft articles I can find on
this,
> > > > but
> > > >> > all
> > > >> >> >seem to rely on associated error messages to find the fault.
FWIW,
> > > > the
> > > >> >> >Winlogon.log file shows:
> > > >> >> >
> > > >> >> >Error 1208: An extended error has occurred.
> > > >> >> > Error deleting SCP.
> > > >> >> >
> > > >> >> >Help! What is going on??
> > > >> >> >
> > > >> >> >Thanks,
> > > >> >> >Cameron:-)
> > > >> >> >
> > > >> >> >
> > > >> >>
> > > >> >>
> > > >> >> Jerold Schulman
> > > >> >> Windows Server MVP
> > > >> >> JSI, Inc.
> > > >> >> http://www.jsiinc.com
> > > >> >
> > > >> >
> > > >>
> > > >>
> > > >
> > > >
> > >
> > >
> > >
Anonymous
a b 8 Security
April 1, 2005 1:12:36 PM

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

Cameron,

Thanks for responding.

Yes, my process was:
Boot to safe mode.
Rename the files as Glenn stated, including secedit.sdb, then reboot to
normal
mode.
In my case the secedit.sdb file does not get recreated. I even attempted to
recreate it manually using either the Security Configuration and Analysis
console (which I described in my previous message), or the command: "Secedit
/configure /db secedit.sdb /cfg 'DC Security.inf' /overwrite /log dcsec.log"

I even tried copying my secedit.sdb from my Win2000 machine. I get the same
1202 event and either 0x428 or 0x4b8.

BTW. I put my Win2003 original back in place. Until 3:35 this morning, I
receive the 1202 error with a code of 0x428. After 3:35 AM it changes to
0x4b8 (at this time I start receiving the 'error deleting scp' in
Winlogon.log. I have pasted the log at this time period:
----------------------------------------------------------------------------------------------
*** This generates a 0x428 - An exception error occurred in the service when
handling the control request ***
-------------------------------------------
Friday, April 01, 2005 3:30:43 AM
Administrative privileged user logged on.
----Configuration engine was initialized successfully.----

----Reading Configuration Template info...
**************************

Error 0 to send control flag 1 over to server.

Make a local copy of
\\tclafayette1.local\sysvol\tclafayette1.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkDomain GPO_INFO_FLAG_BACKGROUND )

Make a local copy of
\\tclafayette1.local\sysvol\tclafayette1.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )

Process GP template gpt00000.dom.

This is not the last GPO.
-------------------------------------------
Friday, April 01, 2005 3:35:52 AM
Administrative privileged user logged on.
Parsing template C:\WINDOWS\security\templates\policies\gpt00000.dom.
Copy undo values to the merged policy.


----Un-initialize configuration engine...

Process GP template gpt00001.inf.

This is the last GPO : domain policy is ignored on DC.
-------------------------------------------
Friday, April 01, 2005 3:35:53 AM
Administrative privileged user logged on.
Parsing template C:\WINDOWS\security\templates\policies\gpt00001.inf.


----Un-initialize configuration engine...
-------------------------------------------
Friday, April 01, 2005 3:35:53 AM
Administrative privileged user logged on.
----Configuration engine was initialized successfully.----

----Reading Configuration Template info...
**************************
*** At this point the error code changes to 0x4b8 - An extended error has
occurred ***


Error 0 to send control flag 1 over to server.

Make a local copy of
\\tclafayette1.local\sysvol\tclafayette1.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkDomain GPO_INFO_FLAG_BACKGROUND )

Make a local copy of
\\tclafayette1.local\sysvol\tclafayette1.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )

Process GP template gpt00000.dom.

This is not the last GPO.
-------------------------------------------
Friday, April 01, 2005 3:41:02 AM
Administrative privileged user logged on.
Parsing template C:\WINDOWS\security\templates\policies\gpt00000.dom.
Error 1208: An extended error has occurred.
Error deleting SCP.
----Configuration engine was initialized with one or more errors.----


----Un-initialize configuration engine...
----------------------------------------------------------------------------------------------
If I try to view / edit my local security policy (secpol), I can access
certain parts with no error. When I attempt to access \Computer
Configuration\Windows Settings\Local Policies\User Rights Assignment or
...\Security Options, I recieve an error on secedit.sdb: An extended error has
occurred.

I believe its time to call MS, I can find no other info. There is a hotfix
for this error - KB 320099. Cameron, I wonder, do you already have the
patch, and maybe this is why you were able to resolve your issue?
My scesrv.dll version is: 5.2.3790.0, the hotfix version is: 5.2.3790.132

Thanks for listening :-)
LThibx


"Cameron Dorrough" wrote:

> Hi. A quick question: Are you doing this in Safe Mode??
>
> My system has been fine ever since. Good luck :-)
>
> Cameron:-)
>
> "LThibx" <lthibx@discussions.microsoft.com> wrote in message
> news:FE3AF5D9-50BC-41EF-BEC1-7874AADD91A3@microsoft.com...
> > Please excuse my first post. My first message was inadvertantly posted
> > before it was complete.
> >
> > Glenn,
> >
> > I have the same exact problem that Cameron Dorrough had reported. I am
> > attempting to bring a new Win2003 DC online which will eventually replace
> my
> > Win2000 DC (2 separate machines). I receive the same error on my Win2003
> > box. My Win2000 DC applies GP fine. I have attempted your solution, but
> > after restarting the Win2003 server, the secedit.sdb database does not get
> > rebuilt, thought the log and chk files do.
> >
> > I now receive different events the in Applicaiton log, due the non
> existence
> > of the secedit.sdb. I have found KB article 278316 which describes how to
> > recreate it, but when I attempt to import any .inf template. I receive
> > messages under two scenarios:
> > Using secedit.sdb as the database name to create, I receive 'Access is
> > denied.
> > Import Failed. Make sure that you have rith right permissions to this
> > object'.
> >
> > Using some other db name, such as test.sdb, I receive 'An extended
> error
> > has
> > occured. Import Failed'
> >
> > I receive the messages above regardless of the .inf I choose. I am logged
> > in as Admistrator.
> > Can you provide any insight?
> >
> >
> >
> > "LThibx" wrote:
> >
> > > Glenn,
> > >
> > > I have the same exact problem that Cameron Dorrough had reported. I am
> > > attempting to bring a new Win2003 DC online which will eventually
> replace my
> > > Win2000 DC (2 separate machines). I receive the same error on my
> Win2003
> > > box. My Win2000 DC applies GP fine. I have attempted your solution,
> but
> > > after restarting the Win2003 server, the secedit.sdb database does not
> get
> > > rebuilt, thought the log and chk files do. I know receive different
> events
> > > the in Applicaiton log, due the non existence of the secedit.sdb. I have
> > > found KB article 278316 which describes how to recreate it, but when I
> > > attempt to import any .inf template. I receive messages under two
> scenarios:
> > >
> > >
> > >
> > > I have been unsuccessful in recreating the secedit.sdb. I found KB
> > > articleCan you provide any insight?
> > >
> > > "Glenn L" wrote:
> > >
> > > > I have never seen "Error deleting SCP" and don't really know
> specifically
> > > > what SCP stands for.
> > > > I don't know of any increased logging short of attaching a debugger to
> > > > winlogon.exe to find out what scecli.dll is doing when it applies.
> > > > However, I suspect this can be fixed by simply blowing away the local
> > > > security database and have it recreated.
> > > >
> > > > The procedure is straight forward, however you need to prepare for it
> and
> > > > plan for a short outage in service.
> > > > This is just a member server right?
> > > > the database (local group policy) contains out of the box security
> settings.
> > > > If you have made any modifications to the local group policy under
> "computer
> > > > configuration\windows settings\security settings, you should inventory
> those
> > > > settings.
> > > > Once the settings are inventoried, do the following:
> > > >
> > > > browse to c:\windows\security\database & rename secedit.sdb
> > > > browse to c:\windows\security & rename edb.chk, edb.log, res1.log, &
> > > > res2.log
> > > > reboot the server. A new blank database, chkpoint, and logs will be
> > > > created.
> > > > All default out of the box security and local group policy settings
> are gone
> > > > at this point.
> > > > You need to reapply them to the server.
> > > > follow the procedure in http://support.microsoft.com/?kbid=313222
> > > > This works on W2K and W2K3 server as well.
> > > > Then reapply local security settings you inventoried previously.
> > > > At this point you should be able to execute a gpupdate /force and get
> a
> > > > *happy* scecli 1704 event.
> > > >
> > > > Cheers!
> > > >
> > > > --
> > > > Glenn L
> > > > CCNA, MCSE 2000/2003 + Security
> > > >
> > > > "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in message
> > > > news:D 00jf6$3f1$1@news-02.connect.com.au...
> > > > > Thanks Glenn, I'd already set the ExtensionDebugLevel to 0x2.. is
> there
> > > > > anything else I can do?
> > > > >
> > > > > The App Log is filling up every couple of days with the SceCli error
> and
> > > > > nothing else! If there were any other errors, this might have been
> fixed
> > > > > by
> > > > > now. I'll include the entire Winlogon.log file below. None of it
> means
> > > > > anything to me (or to Microsoft apparently):
> > > > >
> > > > > *************************
> > > > > Error 0 to send control flag 1 over to server.
> > > > > GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
> > > > > GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
> > > > >
> > > > > [Mapping] gpt00000.dom = Default Domain Policy
> > > > > -------------------------------------------
> > > > > 03/01/2005 13:09:58
> > > > > Administrative privileged user logged on.
> > > > > Invoke Registry Value Delay Filter.
> > > > > Analyze machine\software\microsoft\windows
> > > > > nt\currentversion\setup\recoveryconsole\securitylevel.
> > > > > Analyze machine\software\microsoft\windows
> > > > > nt\currentversion\setup\recoveryconsole\setcommand.
> > > > > Analyze machine\software\microsoft\windows
> > > > > nt\currentversion\winlogon\allocatecdroms.
> > > > > Analyze machine\software\microsoft\windows
> > > > > nt\currentversion\winlogon\allocatedasd.
> > > > > Analyze machine\software\microsoft\windows
> > > > > nt\currentversion\winlogon\allocatefloppies.
> > > > > Analyze machine\software\microsoft\windows
> > > > > nt\currentversion\winlogon\cachedlogonscount.
> > > > > Analyze machine\software\microsoft\windows
> > > > > nt\currentversion\winlogon\passwordexpirywarning.
> > > > > Analyze machine\software\microsoft\windows
> > > > > nt\currentversion\winlogon\scremoveoption.
> > > > > Analyze
> > > > >
> machine\software\microsoft\windows\currentversion\policies\system\disablecad
> > > > > .
> > > > > Analyze
> > > > >
> machine\software\microsoft\windows\currentversion\policies\system\dontdispla
> > > > > ylastusername.
> > > > > Analyze
> > > > >
> machine\software\microsoft\windows\currentversion\policies\system\legalnotic
> > > > > ecaption.
> > > > > Analyze
> > > > >
> machine\software\microsoft\windows\currentversion\policies\system\legalnotic
> > > > > etext.
> > > > > Analyze
> > > > >
> machine\software\microsoft\windows\currentversion\policies\system\shutdownwi
> > > > > thoutlogon.
> > > > > Analyze
> machine\system\currentcontrolset\control\lsa\auditbaseobjects.
> > > > > Analyze
> machine\system\currentcontrolset\control\lsa\crashonauditfail.
> > > > > Analyze
> > > > > machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
> > > > > Analyze
> machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
> > > > > Analyze
> machine\system\currentcontrolset\control\lsa\restrictanonymous.
> > > > > Analyze
> machine\system\currentcontrolset\control\print\providers\lanman
> > > > > print services\servers\addprinterdrivers.
> > > > > Analyze machine\system\currentcontrolset\control\session
> manager\memory
> > > > > management\clearpagefileatshutdown.
> > > > > Analyze machine\system\currentcontrolset\control\session
> > > > > manager\protectionmode.
> > > > > Analyze
> > > > >
> machine\system\currentcontrolset\services\lanmanserver\parameters\autodiscon
> > > > > nect.
> > > > > Analyze
> > > > >
> machine\system\currentcontrolset\services\lanmanserver\parameters\enableforc
> > > > > edlogoff.
> > > > > Analyze
> > > > >
> machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecu
> > > > > ritysignature.
> > > > > Analyze
> > > > >
> machine\system\currentcontrolset\services\lanmanserver\parameters\requiresec
> > > > > uritysignature.
> > > > > Analyze
> > > > >
> machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
> > > > > eplaintextpassword.
> > > > > Analyze
> > > > >
> machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
> > > > > esecuritysignature.
> > > > > Analyze
> > > > >
> machine\system\currentcontrolset\services\lanmanworkstation\parameters\requi
> > > > > resecuritysignature.
> > > > > Analyze
> > > > >
> machine\system\currentcontrolset\services\netlogon\parameters\disablepasswor
> > > > > dchange.
> > > > > Analyze
> > > > >
> machine\system\currentcontrolset\services\netlogon\parameters\requiresignors
> > > > > eal.
> > > > > Analyze
> > > > >
> machine\system\currentcontrolset\services\netlogon\parameters\requirestrongk
> > > > > ey.
> > > > > Analyze
> > > > >
> machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechan
> > > > > nel.
> > > > > Analyze
> > > > >
> machine\system\currentcontrolset\services\netlogon\parameters\signsecurechan
> > > > > nel.
> > > > > Analyze MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl.
> > > > > Analyze MACHINE\Software\Microsoft\Non-Driver Signing\Policy.
> > > > > Analyze MACHINE\Software\Microsoft\Driver Signing\Policy.
> > > > > Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
> > > > > Error 1208: An extended error has occurred.
> > > > > Error deleting SCP.
> > > > > ----Configuration engine is initialized with error.----
> > > > >
> > > > > ----Un-initialize configuration engine...
> > > > >
> > > > > I am rather frustrated but I do appreciate your help.
> > > > >
> > > > > BTW, 'gpupdate' doesn't seem to work, but 'secedit' does and that's
> how I
> > > > > generated the above..
> > > > >
> > > > > Thanks again,
> > > > > Cameron:-)
> > > > >
> > > > > "Glenn L" <the.only(delete)@gmail dot com> wrote in message
> > > > > news:edpIuIfHFHA.2924@TK2MSFTNGP15.phx.gbl...
> > > > >> I suggest you turn up winlogon logging to possibly get more detail
> on
> > > > > this.
> > > > >>
> > > > >>
> > > > >> Registry Location -
> > > > >>
> HKLM\Software\Microsoft\WindowsNT\CurrentVersion\WinLogon\GPExtensions\
> > > > >> {827D319E-6EAC-11D2-A4EA-00C04F79F83A
> > > > >>
> > > > >> Registry Setting - Add the REG_DWORD value
> "ExtensionDebugLevel"
> > > > >> and set it to 0x2
> > > > >>
> > > > >> Then execute a gpupdate /force
> > > > >> verify you get the 1202 event
> > > > >>
> > > > >> Then review and post the winlogon.log to this thread.
> > > > >>
> > > > >>
> > > > >> --
> > > > >> Glenn L
> > > > >> CCNA, MCSE 2000/2003 + Security
> > > > >>
> > > > >> "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in
> message
> > > > >> news:cvgden$m3c$1@news-02.connect.com.au...
> > > > >> > Okay, maybe I should have been a bit more specific..
> > > > >> >
> > > > >> > The bottom part of my Winlogon.log shows:
> > > > >> >
> > > > >> > Parsing template
> C:\WINNT\security\templates\policies\gpt00000.dom.
> > > > >> > Error 1208: An extended error has occurred.
> > > > >> > Error deleting SCP.
> > > > >> > ----Configuration engine is initialized with error.----
> > > > >> >
> > > > >> > Does anyone know how I can fix this?
> > > > >> >
> > > > >> > Thanks,
> > > > >> > Cameron:-)
> > > > >> >
> > > > >> > "Jerold Schulman" <Jerry@jsiinc.com> wrote in message
> > > > >> > news:qadm115lb06ipqm8njknttbrtumo6pdspk@4ax.com...
> > > > >> >>
> > > > >> >> The folowing articels were returned from the KB with a boolean
> search
> > > > >> > (scecli and 1202 and (1208 or 0x4b8)):
> > > > >> >> http://support.microsoft.com?kbid=260715 "Event ID 1000 and 1202
> After
> > > > >> > Configuring Policies "
> > > > >> >> http://support.microsoft.com?kbid=278316 "ESENT event IDs 1000
> 1202
> > > > >> >> 412
> > > > >> > and 454 are logged repeatedly in the Application log "
> > > > >> >> http://support.microsoft.com?kbid=285903 "At Startup Error 1332
> Occurs
> > > > >> > Message Reports Lack of Mapping Between Account Names and
> Security IDs
> > > > >> > Inability to Find Power Users "
> > > > >> >> http://support.microsoft.com?kbid=296854 "Restricted Groups Are
> > > > >> >> Limited
> > > > >> >> to
> > > > >> > Local Domain Members Only "
> > > > >> >> http://support.microsoft.com?kbid=324383 "Troubleshooting SCECLI
> 1202
> > > > >> > Events "
> > > > >> >> http://support.microsoft.com?kbid=827012 "#34Windows Cannot Read
> > > > > Template
> > > > >> > Information#34 Error Message When You Try to View a Windows
> XP-based
> > > > >> > Template in a Windows 2000 Domain "
> > > > >> >> http://support.microsoft.com?kbid=835901 "A Restricted Groups
> policy
> > > > >> > setting may not remove security identifiers in Windows 2000
> Server "
> > > > >> >>
> > > > >> >>
> > > > >> >>
> > > > >> >> On Tue, 22 Feb 2005 15:12:30 +1100, "Cameron Dorrough"
> > > > >> > <cdorrough@nortonconsultants.com> wrote:
> > > > >> >>
> > > > >> >> >Since yesterday we are getting the following error on our main
> file
> > > > >> > server
> > > > >> >> >every 5 minutes. There are no other errors and, up until now,
> the
> > > > >> >> >box
> > > > >> >> >hasn't been touched for over a month and Group Policys haven't
> been
> > > > >> > touched.
> > > > >> >> >Our other DC's are reporting that "Security policy has been
> applied
> > > > >> >> >successfully".
> > > > >> >> >
> > > > >> >> >Event Type: Warning
> > > > >> >> >Event Source: SceCli
> > > > >> >> >Event Category: None
> > > > >> >> >Event ID: 1202
> > > > >> >> >Description:
> > > > >> >> >Security policies are propagated with warning. 0x4b8 : An
> extended
> > > > > error
> > > > >> > has
> > > > >> >> >occurred.
> > > > >> >> >
> > > > >> >> >I've read through the JSI and Microsoft articles I can find on
> this,
> > > > > but
> > > > >> > all
> > > > >> >> >seem to rely on associated error messages to find the fault.
> FWIW,
> > > > > the
> > > > >> >> >Winlogon.log file shows:
> > > > >> >> >
> > > > >> >> >Error 1208: An extended error has occurred.
> > > > >> >> > Error deleting SCP.
> > > > >> >> >
> > > > >> >> >Help! What is going on??
> > > > >> >> >
> > > > >> >> >Thanks,
> > > > >> >> >Cameron:-)
> > > > >> >> >
> > > > >> >> >
> > > > >> >>
> > > > >> >>
> > > > >> >> Jerold Schulman
> > > > >> >> Windows Server MVP
> > > > >> >> JSI, Inc.
> > > > >> >> http://www.jsiinc.com
> > > > >> >
> > > > >> >
> > > > >>
> > > > >>
> > > > >
> > > > >
> > > >
> > > >
> > > >
>
>
>
Anonymous
a b 8 Security
April 4, 2005 1:34:46 PM

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

"LThibx" <lthibx@discussions.microsoft.com> wrote in message
news:3DCFC37B-9C42-4E07-B516-1D51BA6C20C7@microsoft.com...
>
> [snip]
>
> I believe its time to call MS, I can find no other info. There is a
hotfix
> for this error - KB 320099. Cameron, I wonder, do you already have the
> patch, and maybe this is why you were able to resolve your issue?
> My scesrv.dll version is: 5.2.3790.0, the hotfix version is: 5.2.3790.132

I'm using ordinary Win2k Server with SP4 - no other fixes applied - and I
still have no idea why the problem happened in the first place...

IMHO, you've done pretty much all you can. If no-one else in this group can
help, then yep, it is probably time to make the call.

> Thanks for listening :-)
> LThibx

Glad to help.
Cameron:-)
Anonymous
a b 8 Security
April 8, 2005 2:24:45 AM

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

You should post a fresh post in the group policy discussion groups on this.
Also, you are not likely to get too many eyes on a post that is over a month
old.

You can recreate the secedit.sdb database manually.
Here is the procedure. However, I think your box has bigger problems when
it cannot recreate it on its own. I don't have any ideas on that one.

open up the security configuration and analysis MMC snapin.
right click 'security configuration and analysis' and choose open database.
browse to c:\windows\security\database.
put secedit in the file name field and click open.
Then choose secsetup.inf from the windows\repair directory
You now have a new secedit.sdb populated with the settings in secsetup.inf
Close the security configuration and analysis snapin.
Reboot the computer.
Your 1202s should be gone.




--
Glenn L
CCNA, MCSE 2000/2003 + Security

"Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in message
news:D 2puim$8vp$1@news-01.bur.connect.com.au...
> "LThibx" <lthibx@discussions.microsoft.com> wrote in message
> news:3DCFC37B-9C42-4E07-B516-1D51BA6C20C7@microsoft.com...
>>
>> [snip]
>>
>> I believe its time to call MS, I can find no other info. There is a
> hotfix
>> for this error - KB 320099. Cameron, I wonder, do you already have the
>> patch, and maybe this is why you were able to resolve your issue?
>> My scesrv.dll version is: 5.2.3790.0, the hotfix version is: 5.2.3790.132
>
> I'm using ordinary Win2k Server with SP4 - no other fixes applied - and I
> still have no idea why the problem happened in the first place...
>
> IMHO, you've done pretty much all you can. If no-one else in this group
> can
> help, then yep, it is probably time to make the call.
>
>> Thanks for listening :-)
>> LThibx
>
> Glad to help.
> Cameron:-)
>
>
>
Anonymous
a b 8 Security
April 8, 2005 12:19:05 PM

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

Glenn,

I just wanted to provide an update on my scenario. Since I posted my last
message, I had decided to start fresh. I completely scratched the machine
and reinstalled. (Actually, I did this twice). My procedure was:
1. Scratch and clean installation of Win2k3 Server.
2. Just for kicks, I ran secpol.msc and reviewed each section. I was able
to access all sections.
3. Did a DCPromo as a second DC in domain. Replicates fine. Soon I
begin to receive the 1202 errors with a code of 0x428.
4. I run secpol.msc and receive the errors I posted earler when
attempting to access the User Rights Assignments, and Security Options nodes.
BTW, at this point, if I attempt to create a new database (of any name) as
you described, I receive 'An extended error has occured, Import failed'.
5. Leaving this machine running, during the early morning, the code
changes from 0x428 to 0x4b8 - Error deleting SCP.
6. I applied W2k3 SP1, with hopes that this problem will go away.
Installed and applied fine. But I still receive the 1202 errors.
7. Also, my primary DC Win 2000 Server, does not have any such problems
and there is not problems accessing any nodes under local policy.

I agree that there is some other reason this is happening. In the past my
W2k DC had some issues and crashed a few times, and I had to recover AD. But
all seems well on that box.

I am now waiting to contact an OS support person from Dell.
Once this is resolved I will post the solution.

Thanks
LThibx


"Glenn L" wrote:

> You should post a fresh post in the group policy discussion groups on this.
> Also, you are not likely to get too many eyes on a post that is over a month
> old.
>
> You can recreate the secedit.sdb database manually.
> Here is the procedure. However, I think your box has bigger problems when
> it cannot recreate it on its own. I don't have any ideas on that one.
>
> open up the security configuration and analysis MMC snapin.
> right click 'security configuration and analysis' and choose open database.
> browse to c:\windows\security\database.
> put secedit in the file name field and click open.
> Then choose secsetup.inf from the windows\repair directory
> You now have a new secedit.sdb populated with the settings in secsetup.inf
> Close the security configuration and analysis snapin.
> Reboot the computer.
> Your 1202s should be gone.
>
>
>
>
> --
> Glenn L
> CCNA, MCSE 2000/2003 + Security
>
> "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in message
> news:D 2puim$8vp$1@news-01.bur.connect.com.au...
> > "LThibx" <lthibx@discussions.microsoft.com> wrote in message
> > news:3DCFC37B-9C42-4E07-B516-1D51BA6C20C7@microsoft.com...
> >>
> >> [snip]
> >>
> >> I believe its time to call MS, I can find no other info. There is a
> > hotfix
> >> for this error - KB 320099. Cameron, I wonder, do you already have the
> >> patch, and maybe this is why you were able to resolve your issue?
> >> My scesrv.dll version is: 5.2.3790.0, the hotfix version is: 5.2.3790.132
> >
> > I'm using ordinary Win2k Server with SP4 - no other fixes applied - and I
> > still have no idea why the problem happened in the first place...
> >
> > IMHO, you've done pretty much all you can. If no-one else in this group
> > can
> > help, then yep, it is probably time to make the call.
> >
> >> Thanks for listening :-)
> >> LThibx
> >
> > Glad to help.
> > Cameron:-)
> >
> >
> >
>
>
>
!