Solved

Windows 2000 Advanced Server DC - Event 1202 - SceCli

Posted on 2003-10-27
20
719 Views
Last Modified: 2007-12-19
Rebooted the DC last night and thsi morning I get this error in the Application Log:

Source:  SceCli
Security policies are propagated with warning. 0xd : The data is invalid.

For best results in resolving this event, log on with a non-administrative account and search http://support.microsoft.com for "Troubleshooting Event 1202s".

I googled around and found a couple or articles,,all of which I tried,,but to no end.

I have the hisecdc.inf imported into the "Domain Security Poilcy" and the "Domain Controller Security Policy".  In the Domain Group Poilcy, I have the "Default Domain Policy".

It is causing sparactic network connection problems for some of my users, but not all.  in my winlogon.log I get:

Error 13: The data is invalid. Error convert %SYSVOL%\DOMAIN\POLICIES

and in my userenv.log I get:

Process GPOs: Extension Security ProcessGroupPolicy failed, status 0xd

I have consulted MS KB 256000, but it did not work.

Any help is greatly!!!!!!!! appreciated.

Thanks,
Rob
0
Comment
Question by:pgp4privacy
  • 11
  • 5
  • 4
20 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9628988
0
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 500 total points
ID: 9628994
0
 

Author Comment

by:pgp4privacy
ID: 9629039
I am trying your jsiinc fix now.

I had the hisec imported a hwile back, then I imported basicdc to troubleshoot,,I think that is where the problem started.  I have recently imported hisec again as i stated above.

is there a direct issue with re-importing the hisec that you know of?

Thanks,
Rob

0
 

Author Comment

by:pgp4privacy
ID: 9629070
No such luck my friend.

still made another 1202 entry in the appliation log 5 minutes later.  

Should I revert back to the basicdc.inf on the "Domain Security Poilcy" and the "Domain Controller Security Policy"?

Thanks,
Rob
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9629079
Rob,

Not sure why it gave you another entry

Try reverting back.

Sunray
0
 

Author Comment

by:pgp4privacy
ID: 9629199
I tried a reboot before I reverted back to the basicdc.inf,,and now, weird behaviour.

I terminal'd in and noticed the machine to be really lagging,,like it was chomping on something.

I go to the event viewer, and notice no new SceCli warning messages(1202) like before, but instead a new SceCli information entry(1704).  I tried to open it, and it bombed on me.  I noticed right before it bombed some other Databse and Logging Error entries above that information entry.  

Now the machine seems to busy to answer my Terminal Service Connect attempt.

Any suggestions?

Thanks,
Rob
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9629237
Rob,

check this

http://www.monitorware.com/en/events/details.asp?details_id=1917&PrinterVersion=1

It says policy applied successfully . Should be same for windows 2003

Sunray
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9629261
Rob,

same info
http://support.microsoft.com/?kbid=284461

Scroll down and check 1704

Sunray
0
 

Author Comment

by:pgp4privacy
ID: 9629277
Ok, new, worse issue.

now, from a domain logged in machine,,I go to browse the network..  And there are zero objects shown...as if nothing is added to the domain :o

Rob
0
 

Author Comment

by:pgp4privacy
ID: 9629338
addendum to above problem.

when trying to connect directly to a networked machien,,\\<server name>, I also get:

no logon servers available to service your request.

Rob
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:pgp4privacy
ID: 9629655
Ok, went to the machine and logged in.

When I went up to the machine, It said "Hard Error",,and I hit OK and it popped back up about 20 times.  Then it, rebooted itself.

When it came backup, all seemed well, I got the following "good"  entries:

Logging/Recovery:
ntfrs(1288) The database engine has successfully completed recovery steps.

ntfrs (1288) The database engine is replaying log file c:\winnt\ntfrs\jet\log\edb.log

tcpsvcs(1020) The database engine has successfully completed recovery steps.

wins(1532) The database engine has successfully completed recovery steps.

SVC:
MS DTC has started.

SceCli:
Security policy in the Group policy objects are applied successfully.

But, unfortunately, I still have some clients who cannot browse the network or connect to network servers.

And now, I get the following error for various machines:

SYSTEM LOG
IPSEC:
Received <n> packet(s) in the clear from <client ip> which should have been secured.  This could be a temporary glitch; if it persists please stop and restart hte IPSec Policy Agent service on this machine.

I did restart it, but it didn't seem to help.  There are a lot of these error entries.

Thanks,
Rob




0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 9632438
Do you have a backup of this server?  
0
 

Author Comment

by:pgp4privacy
ID: 9634227
I had a ghost image,,but tried to load it on another identical machine earlier,,and it was corrupted.  I tell you, this is not my lucky week.

You know of any way to build another machine, migrate, and promote?

As of this mroning, the errors above have stopped except the IPSEC error,,which I think I can track to my gig ethernet adapter.  

Also, got transaction log write errors and disk warning in my event viewer, and a "Hard Error" message popup.  Seems as though, I am having hardware issues.  Need to get this DC on another machine.

Rob
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 9634716
When you use DCPROMO on another machine it should synconise the AD Directory and objects.

I will see if I can fish out a URL for you.
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 9634770
This link has some helpful topics:
http://www.microsoft.com/windows2000/en/server/help/

I would configure another server with AD, backup the data off the current server and restore it onto the 2nd server, and if the place is shut down on friday afternoon/saturday go in and test the new one on its own.

Have you an old ERD to try?
0
 

Author Comment

by:pgp4privacy
ID: 9634850
I have demoted and promoted a client machine back in to the domain,,no luck.

I am having serious connection issues today...hardly anyone can connect to the network shares.  Keep getting:

<servername> network path cannot be found.

or

<drive letter> another name is already in use.

Logins are slow.

But I see no specific errors in the event viewer.

Thanks,
Rob
0
 

Author Comment

by:pgp4privacy
ID: 9635095
Even better one for you now,,and I assume this compliments the IPSEC errors above.  Occasionally when opening files from the file server to a domain authenticated client,,and then saving them back,,the file gets corrupted.

Any clues?

This is definitely a deteriorating situation,,and am not sure what path to take.

Thanks,
Rob
0
 

Author Comment

by:pgp4privacy
ID: 9635552
This machine is fried beyong belief.  I am rebuilding the domain on a second machine.

Do I rebuild with same name and infomration?  if so, how do I migrate domain information?  or can I?

Thanks,
Rob
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 9640410
I would build the new server with a new name, take over DNS, AD, etc.

If you want to move the DNS database files they are in the WINNT\SYSTEM32\DNS folder (same for WINS).

Set it up as DHCP and set the scope the same, then deactivate the scope on the current server and activate the scope on the new server.

Copy the Files over last, get AD/DNS/DHCP working first.  If you have any policies it may be worth doing them after everything else too to make sure the server is working correctly first.

Once its been promoted use the syncronisation of AD to copy the objects across.
0
 

Author Comment

by:pgp4privacy
ID: 9641349
Ok, I ended up just building it identical to the first box, and adding in my machines.  It worked just fine.  Just finishing up this morning.

Since the actual question was about the SceCli entry, I am awarding the points to sunray.

Thank you both for your help!

This has been a trying Microsoft moment for me.....Long Live Unix!!!

Thanks,
Rob
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
This video discusses moving either the default database or any database to a new volume.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now