Security policies were propagated with warning. 0x4b8 : An extended error has occurred.

I the the following error every 5 mins.
I have also ran dcdiag /v and the out put is posted below the error.

Event Type:      Warning
Event Source:      SceCli
Event Category:      None
Event ID:      1202
Date:            1/10/2008
Time:            7:46:14 AM
User:            N/A
Computer:      ALPHA
Description:
Security policies were propagated with warning. 0x4b8 : An extended error has occurred.
Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events".
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.




Domain Controller Diagnosis

Performing initial setup:
   * Verifying that the local machine alpha, is a DC.
   * Connecting to directory service on server alpha.
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 2 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests
   
   Testing server: McConnellsburg\ALPHA
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... ALPHA passed test Connectivity

Doing primary tests
   
   Testing server: McConnellsburg\ALPHA
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=fultonprecision,DC=local
               Latency information for 6 entries in the vector were ignored.
                  6 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=fultonprecision,DC=local
               Latency information for 6 entries in the vector were ignored.
                  6 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=fultonprecision,DC=local
               Latency information for 9 entries in the vector were ignored.
                  9 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=fultonprecision,DC=local
               Latency information for 9 entries in the vector were ignored.
                  9 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=fultonprecision,DC=local
               Latency information for 9 entries in the vector were ignored.
                  9 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... ALPHA passed test Replications
      Test omitted by user request: Topology
      Test omitted by user request: CutoffServers
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC ALPHA.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=fultonprecision,DC=local
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=fultonprecision,DC=local
            (NDNC,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=fultonprecision,DC=local
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=fultonprecision,DC=local
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=fultonprecision,DC=local
            (Domain,Version 2)
         ......................... ALPHA passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\ALPHA\netlogon
         Verified share \\ALPHA\sysvol
         ......................... ALPHA passed test NetLogons
      Starting test: Advertising
         The DC ALPHA is advertising itself as a DC and having a DS.
         The DC ALPHA is advertising as an LDAP server
         The DC ALPHA is advertising as having a writeable directory
         The DC ALPHA is advertising as a Key Distribution Center
         The DC ALPHA is advertising as a time server
         ......................... ALPHA passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=BRAVO,CN=Servers,CN=McConnellsburg,CN=Sites,CN=Configuration,DC=fultonprecision,DC=local
         Role Domain Owner = CN=NTDS Settings,CN=ALPHA,CN=Servers,CN=McConnellsburg,CN=Sites,CN=Configuration,DC=fultonprecision,DC=local
         Role PDC Owner = CN=NTDS Settings,CN=BRAVO,CN=Servers,CN=McConnellsburg,CN=Sites,CN=Configuration,DC=fultonprecision,DC=local
         Role Rid Owner = CN=NTDS Settings,CN=BRAVO,CN=Servers,CN=McConnellsburg,CN=Sites,CN=Configuration,DC=fultonprecision,DC=local
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=BRAVO,CN=Servers,CN=McConnellsburg,CN=Sites,CN=Configuration,DC=fultonprecision,DC=local
         ......................... ALPHA passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 7603 to 1073741823
         * bravo.fultonprecision.local is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 6603 to 7102
         * rIDPreviousAllocationPool is 6603 to 7102
         * rIDNextRID: 6650
         ......................... ALPHA passed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC ALPHA on DC ALPHA.
         * SPN found :LDAP/alpha.fultonprecision.local/fultonprecision.local
         * SPN found :LDAP/alpha.fultonprecision.local
         * SPN found :LDAP/ALPHA
         * SPN found :LDAP/alpha.fultonprecision.local/FULTONPRECISION
         * SPN found :LDAP/516b990d-ea95-4d17-bd74-ded9d61d0b28._msdcs.fultonprecision.local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/516b990d-ea95-4d17-bd74-ded9d61d0b28/fultonprecision.local
         * SPN found :HOST/alpha.fultonprecision.local/fultonprecision.local
         * SPN found :HOST/alpha.fultonprecision.local
         * SPN found :HOST/ALPHA
         * SPN found :HOST/alpha.fultonprecision.local/FULTONPRECISION
         * SPN found :GC/alpha.fultonprecision.local/fultonprecision.local
         ......................... ALPHA passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... ALPHA passed test Services
      Test omitted by user request: OutboundSecureChannels
      Starting test: ObjectsReplicated
         ALPHA is in domain DC=fultonprecision,DC=local
         Checking for CN=ALPHA,OU=Domain Controllers,DC=fultonprecision,DC=local in domain DC=fultonprecision,DC=local on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=ALPHA,CN=Servers,CN=McConnellsburg,CN=Sites,CN=Configuration,DC=fultonprecision,DC=local in domain CN=Configuration,DC=fultonprecision,DC=local on 1 servers
            Object is up-to-date on all servers.
         ......................... ALPHA passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... ALPHA passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test
         ......................... ALPHA passed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... ALPHA passed test kccevent
      Starting test: systemlog
         * The System Event log test
         Found no errors in System Event log in the last 60 minutes.
         ......................... ALPHA passed test systemlog
      Test omitted by user request: VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)          CN=ALPHA,OU=Domain Controllers,DC=fultonprecision,DC=local and          backlink on          CN=ALPHA,CN=Servers,CN=McConnellsburg,CN=Sites,CN=Configuration,DC=fultonprecision,DC=local          are correct.
         The system object reference (frsComputerReferenceBL)          CN=ALPHA,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=fultonprecision,DC=local          and backlink on          CN=ALPHA,OU=Domain Controllers,DC=fultonprecision,DC=local are          correct.
         The system object reference (serverReferenceBL)          CN=ALPHA,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=fultonprecision,DC=local          and backlink on          CN=NTDS Settings,CN=ALPHA,CN=Servers,CN=McConnellsburg,CN=Sites,CN=Configuration,DC=fultonprecision,DC=local          are correct.
         ......................... ALPHA passed test VerifyReferences
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: CheckSecurityError
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : fultonprecision
      Starting test: CrossRefValidation
         ......................... fultonprecision passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... fultonprecision passed test CheckSDRefDom
   
   Running enterprise tests on : fultonprecision.local
      Starting test: Intersite
         Skipping site McConnellsburg, this site is outside the scope provided          by the command line arguments provided.
         ......................... fultonprecision.local passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\bravo.fultonprecision.local
         Locator Flags: 0xe00003fd
         PDC Name: \\bravo.fultonprecision.local
         Locator Flags: 0xe00003fd
         Time Server Name: \\alpha.fultonprecision.local
         Locator Flags: 0xe00001f8
         Preferred Time Server Name: \\bravo.fultonprecision.local
         Locator Flags: 0xe00003fd
         KDC Name: \\alpha.fultonprecision.local
         Locator Flags: 0xe00001f8
         ......................... fultonprecision.local passed test FsmoCheck
      Test omitted by user request: DNS
      Test omitted by user request: DNS
jtcampbellAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jon WinterburnCommented:
and235100Commented:
jtcampbellAuthor Commented:
I have already viewed and tried both above.
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

Jon WinterburnCommented:
According to Microsoft, the 0x4b8 error is "generic and can be caused by a number of different problems".

If you look at the following link it shows you how to enable debugging for the sec conf client-side extension:

http://support.microsoft.com/default.aspx?scid=kb;en-us;324383
jtcampbellAuthor Commented:
I have allready read the microsoft kb's for this issue.
Here is the winlogon.log also.

Error 0 to send control flag 1 over to server.

Make a local copy of \\fultonprecision.local\sysvol\fultonprecision.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )

Make a local copy of \\fultonprecision.local\sysvol\fultonprecision.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkDomain GPO_INFO_FLAG_BACKGROUND )

Process GP template gpt00000.inf.

This is not the last GPO : domain policy is ignored on DC.
-------------------------------------------
Thursday, January 10, 2008 11:03:18 AM
      Administrative privileged user logged on.
      Parsing template C:\WINDOWS\security\templates\policies\gpt00000.inf.
      Copy undo values to the merged policy.


----Un-initialize configuration engine...

Process GP template gpt00001.dom.
-------------------------------------------
Thursday, January 10, 2008 11:03:19 AM
      Administrative privileged user logged on.
      Parsing template C:\WINDOWS\security\templates\policies\gpt00001.dom.
----Configuration engine was initialized successfully.----

----Reading Configuration Template info...


----Configure User Rights...
            SeSystemtimePrivilege must be assigned to administrators. This setting is adjusted.
      Configure S-1-5-21-3370397029-4279249883-3263491998-7104.
      Configure S-1-5-19.
      Configure S-1-5-20.
      Configure S-1-5-21-3370397029-4279249883-3263491998-5131.
      Configure S-1-5-21-3370397029-4279249883-3263491998-6612.
      Configure S-1-5-21-3370397029-4279249883-3263491998-6644.
      Configure S-1-5-32-544.
      Configure S-1-5-32-551.
      Configure S-1-5-32-549.
      Configure S-1-5-21-3370397029-4279249883-3263491998-6611.
      Configure S-1-5-21-3370397029-4279249883-3263491998-5130.
      Configure S-1-5-21-3370397029-4279249883-3263491998-3621.
      Configure S-1-5-21-3370397029-4279249883-3263491998-500.
      Configure S-1-5-21-3370397029-4279249883-3263491998-5108.
      Configure S-1-5-21-3370397029-4279249883-3263491998-6625.
      Configure S-1-1-0.
      Configure S-1-5-11.
      Configure S-1-5-32-554.
      Configure S-1-5-21-3370397029-4279249883-3263491998-6619.
      Configure S-1-5-32-548.
      Configure S-1-5-32-550.
      Configure S-1-5-18.
      Configure S-1-5-9.
      Configure S-1-5-21-3370397029-4279249883-3263491998-5110.

      User Rights configuration was completed successfully.


----Configure Registry Keys...
      Configure machine\software.
      Configure machine\software\Aladdin Knowledge Systems.
      Configure machine\software\Analog Devices.
      Configure machine\software\Andrea Electronics.
      Configure machine\software\C07ft5Y.
      Configure machine\software\Clients.
      Configure machine\software\Distributed Computing Technologies, Inc..
      Configure machine\software\Executive Software.
      Configure machine\software\FLEXlm License Manager.
      Configure machine\software\Gemplus.
      Configure machine\software\InstalledOptions.
      Configure machine\software\InstallShield.
      Configure machine\software\INTEL.
      Configure machine\software\Intuit.
      Configure machine\software\JavaSoft.
      Configure machine\software\KONICA MINOLTA.
      Configure machine\software\Kyocera Mita.
      Configure machine\software\KyoceraMita.
      Configure machine\software\Licenses.
Warning 1336: The access control list (ACL) structure is invalid.
       Error setting security on machine\software\Licenses.

      Configuration of Registry Keys was completed with one or more errors.


----Configure File Security...
      Configure c:\program files.
      Configure c:\windows.
      Configure c:\windows\downloaded program files.
      Configure c:\windows\help.
      Configure c:\windows\system32.
      Configure c:\windows\temp.

      File Security configuration was completed successfully.


----Configure Security Policy...

      Audit/Log configuration was completed successfully.

      Kerberos Policy configuration was completed successfully.
      Configure machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
            There is already an undo value for group policy setting <machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel>.
      Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
            There is already an undo value for group policy setting <machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature>.
      Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
            There is already an undo value for group policy setting <machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature>.
      Configure machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.
            There is already an undo value for group policy setting <machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal>.
      Configure machine\system\currentcontrolset\services\ntds\parameters\ldapserverintegrity.
            There is already an undo value for group policy setting <machine\system\currentcontrolset\services\ntds\parameters\ldapserverintegrity>.

      Configuration of Registry Values was completed successfully.


----Configure available attachment engines...

      Configuration of attachment engines was completed successfully.
Jon WinterburnCommented:
jtcampbellAuthor Commented:
Yes I have done that already.
Jon WinterburnCommented:
Well I'm outta ideas, but I've searched around (as you no doubt have) and came across the following - I hope maybe this helps:

"None of eventid.net's links helped (which is unusual). So I decided to
define the driver signing policy. I chose "warn but allow", and within
5 minutes time, I had an informational event 1704: "Security policy in
the Group policy objects has been applied successfully", and my 1202's
went away"

(from http://www.pcreview.co.uk/forums/thread-1534466.php)
jtcampbellAuthor Commented:
Thanks to your reply i think I narrowed it down to this error...

      Configure machine\software\Licenses.
Warning 1336: The access control list (ACL) structure is invalid.
       Error setting security on machine\software\Licenses.
jtcampbellAuthor Commented:
Ok
I added the administrators group to  the permitions on the registry key(HLM/software/licenses) and when i clicked apply it automatcly add system, interactive, and users.
HLM/software/licenses

then ran gpudated. error was still there... check the winlogon.log and there was another acl that need HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47DBA803-D7D0-6665-0475-0EDE1A6B799F}
I added administrtors group to the permitions. it automaticly add the same groups as the last one.

ran gpupdate and there is no error
now I just get

Event Type:      Information
Event Source:      SceCli
Event Category:      None
Event ID:      1704
Date:            1/10/2008
Time:            1:49:11 PM
User:            N/A
Computer:      ALPHA
Description:
Security policy in the Group policy objects has been applied successfully.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Jon WinterburnCommented:
Excellent!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.