jtcampbell
asked on
Security policies were propagated with warning. 0x4b8 : An extended error has occurred.
I the the following error every 5 mins.
I have also ran dcdiag /v and the out put is posted below the error.
Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 1/10/2008
Time: 7:46:14 AM
User: N/A
Computer: ALPHA
Description:
Security policies were propagated with warning. 0x4b8 : An extended error has occurred.
Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events".
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine alpha, is a DC.
* Connecting to directory service on server alpha.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: McConnellsburg\ALPHA
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... ALPHA passed test Connectivity
Doing primary tests
Testing server: McConnellsburg\ALPHA
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=fulto nprecision ,DC=local
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=fulto nprecision ,DC=local
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration ,DC=fulton precision, DC=local
Latency information for 9 entries in the vector were ignored.
9 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=fulton precision, DC=local
Latency information for 9 entries in the vector were ignored.
9 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=fultonprecision,DC=loca l
Latency information for 9 entries in the vector were ignored.
9 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... ALPHA passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC ALPHA.
* Security Permissions Check for
DC=ForestDnsZones,DC=fulto nprecision ,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=fulto nprecision ,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=fulton precision, DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=fulton precision, DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=fultonprecision,DC=loca l
(Domain,Version 2)
......................... ALPHA passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\ALPHA\netlogon
Verified share \\ALPHA\sysvol
......................... ALPHA passed test NetLogons
Starting test: Advertising
The DC ALPHA is advertising itself as a DC and having a DS.
The DC ALPHA is advertising as an LDAP server
The DC ALPHA is advertising as having a writeable directory
The DC ALPHA is advertising as a Key Distribution Center
The DC ALPHA is advertising as a time server
......................... ALPHA passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=BRAVO,CN=Serve rs,CN=McCo nnellsburg ,CN=Sites, CN=Configu ration,DC= fultonprec ision,DC=l ocal
Role Domain Owner = CN=NTDS Settings,CN=ALPHA,CN=Serve rs,CN=McCo nnellsburg ,CN=Sites, CN=Configu ration,DC= fultonprec ision,DC=l ocal
Role PDC Owner = CN=NTDS Settings,CN=BRAVO,CN=Serve rs,CN=McCo nnellsburg ,CN=Sites, CN=Configu ration,DC= fultonprec ision,DC=l ocal
Role Rid Owner = CN=NTDS Settings,CN=BRAVO,CN=Serve rs,CN=McCo nnellsburg ,CN=Sites, CN=Configu ration,DC= fultonprec ision,DC=l ocal
Role Infrastructure Update Owner = CN=NTDS Settings,CN=BRAVO,CN=Serve rs,CN=McCo nnellsburg ,CN=Sites, CN=Configu ration,DC= fultonprec ision,DC=l ocal
......................... ALPHA passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 7603 to 1073741823
* bravo.fultonprecision.loca l is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 6603 to 7102
* rIDPreviousAllocationPool is 6603 to 7102
* rIDNextRID: 6650
......................... ALPHA passed test RidManager
Starting test: MachineAccount
Checking machine account for DC ALPHA on DC ALPHA.
* SPN found :LDAP/alpha.fultonprecisio n.local/fu ltonprecis ion.local
* SPN found :LDAP/alpha.fultonprecisio n.local
* SPN found :LDAP/ALPHA
* SPN found :LDAP/alpha.fultonprecisio n.local/FU LTONPRECIS ION
* SPN found :LDAP/516b990d-ea95-4d17-b d74-ded9d6 1d0b28._ms dcs.fulton precision. local
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/516b990d -ea95-4d17 -bd74-ded9 d61d0b28/f ultonpreci sion.local
* SPN found :HOST/alpha.fultonprecisio n.local/fu ltonprecis ion.local
* SPN found :HOST/alpha.fultonprecisio n.local
* SPN found :HOST/ALPHA
* SPN found :HOST/alpha.fultonprecisio n.local/FU LTONPRECIS ION
* SPN found :GC/alpha.fultonprecision. local/fult onprecisio n.local
......................... ALPHA passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... ALPHA passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
ALPHA is in domain DC=fultonprecision,DC=loca l
Checking for CN=ALPHA,OU=Domain Controllers,DC=fultonpreci sion,DC=lo cal in domain DC=fultonprecision,DC=loca l on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=ALPHA,CN=Serve rs,CN=McCo nnellsburg ,CN=Sites, CN=Configu ration,DC= fultonprec ision,DC=l ocal in domain CN=Configuration,DC=fulton precision, DC=local on 1 servers
Object is up-to-date on all servers.
......................... ALPHA passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... ALPHA passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... ALPHA passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... ALPHA passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... ALPHA passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference) CN=ALPHA,OU=Domain Controllers,DC=fultonpreci sion,DC=lo cal and backlink on CN=ALPHA,CN=Servers,CN=McC onnellsbur g,CN=Sites ,CN=Config uration,DC =fultonpre cision,DC= local are correct.
The system object reference (frsComputerReferenceBL) CN=ALPHA,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=fulto nprecision ,DC=local and backlink on CN=ALPHA,OU=Domain Controllers,DC=fultonpreci sion,DC=lo cal are correct.
The system object reference (serverReferenceBL) CN=ALPHA,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=fulto nprecision ,DC=local and backlink on CN=NTDS Settings,CN=ALPHA,CN=Serve rs,CN=McCo nnellsburg ,CN=Sites, CN=Configu ration,DC= fultonprec ision,DC=l ocal are correct.
......................... ALPHA passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : fultonprecision
Starting test: CrossRefValidation
......................... fultonprecision passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... fultonprecision passed test CheckSDRefDom
Running enterprise tests on : fultonprecision.local
Starting test: Intersite
Skipping site McConnellsburg, this site is outside the scope provided by the command line arguments provided.
......................... fultonprecision.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\bravo.fultonprecision.lo cal
Locator Flags: 0xe00003fd
PDC Name: \\bravo.fultonprecision.lo cal
Locator Flags: 0xe00003fd
Time Server Name: \\alpha.fultonprecision.lo cal
Locator Flags: 0xe00001f8
Preferred Time Server Name: \\bravo.fultonprecision.lo cal
Locator Flags: 0xe00003fd
KDC Name: \\alpha.fultonprecision.lo cal
Locator Flags: 0xe00001f8
......................... fultonprecision.local passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
I have also ran dcdiag /v and the out put is posted below the error.
Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 1/10/2008
Time: 7:46:14 AM
User: N/A
Computer: ALPHA
Description:
Security policies were propagated with warning. 0x4b8 : An extended error has occurred.
Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events".
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine alpha, is a DC.
* Connecting to directory service on server alpha.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: McConnellsburg\ALPHA
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... ALPHA passed test Connectivity
Doing primary tests
Testing server: McConnellsburg\ALPHA
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=fulto
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=fulto
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration
Latency information for 9 entries in the vector were ignored.
9 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=fulton
Latency information for 9 entries in the vector were ignored.
9 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=fultonprecision,DC=loca
Latency information for 9 entries in the vector were ignored.
9 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... ALPHA passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC ALPHA.
* Security Permissions Check for
DC=ForestDnsZones,DC=fulto
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=fulto
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=fulton
(Configuration,Version 2)
* Security Permissions Check for
DC=fultonprecision,DC=loca
(Domain,Version 2)
......................... ALPHA passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\ALPHA\netlogon
Verified share \\ALPHA\sysvol
......................... ALPHA passed test NetLogons
Starting test: Advertising
The DC ALPHA is advertising itself as a DC and having a DS.
The DC ALPHA is advertising as an LDAP server
The DC ALPHA is advertising as having a writeable directory
The DC ALPHA is advertising as a Key Distribution Center
The DC ALPHA is advertising as a time server
......................... ALPHA passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=BRAVO,CN=Serve
Role Domain Owner = CN=NTDS Settings,CN=ALPHA,CN=Serve
Role PDC Owner = CN=NTDS Settings,CN=BRAVO,CN=Serve
Role Rid Owner = CN=NTDS Settings,CN=BRAVO,CN=Serve
Role Infrastructure Update Owner = CN=NTDS Settings,CN=BRAVO,CN=Serve
......................... ALPHA passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 7603 to 1073741823
* bravo.fultonprecision.loca
* DsBind with RID Master was successful
* rIDAllocationPool is 6603 to 7102
* rIDPreviousAllocationPool is 6603 to 7102
* rIDNextRID: 6650
......................... ALPHA passed test RidManager
Starting test: MachineAccount
Checking machine account for DC ALPHA on DC ALPHA.
* SPN found :LDAP/alpha.fultonprecisio
* SPN found :LDAP/alpha.fultonprecisio
* SPN found :LDAP/ALPHA
* SPN found :LDAP/alpha.fultonprecisio
* SPN found :LDAP/516b990d-ea95-4d17-b
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/alpha.fultonprecisio
* SPN found :HOST/alpha.fultonprecisio
* SPN found :HOST/ALPHA
* SPN found :HOST/alpha.fultonprecisio
* SPN found :GC/alpha.fultonprecision.
......................... ALPHA passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... ALPHA passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
ALPHA is in domain DC=fultonprecision,DC=loca
Checking for CN=ALPHA,OU=Domain Controllers,DC=fultonpreci
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=ALPHA,CN=Serve
Object is up-to-date on all servers.
......................... ALPHA passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... ALPHA passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... ALPHA passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... ALPHA passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... ALPHA passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference) CN=ALPHA,OU=Domain Controllers,DC=fultonpreci
The system object reference (frsComputerReferenceBL) CN=ALPHA,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=fulto
The system object reference (serverReferenceBL) CN=ALPHA,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=fulto
......................... ALPHA passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : fultonprecision
Starting test: CrossRefValidation
......................... fultonprecision passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... fultonprecision passed test CheckSDRefDom
Running enterprise tests on : fultonprecision.local
Starting test: Intersite
Skipping site McConnellsburg, this site is outside the scope provided by the command line arguments provided.
......................... fultonprecision.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\bravo.fultonprecision.lo
Locator Flags: 0xe00003fd
PDC Name: \\bravo.fultonprecision.lo
Locator Flags: 0xe00003fd
Time Server Name: \\alpha.fultonprecision.lo
Locator Flags: 0xe00001f8
Preferred Time Server Name: \\bravo.fultonprecision.lo
Locator Flags: 0xe00003fd
KDC Name: \\alpha.fultonprecision.lo
Locator Flags: 0xe00001f8
......................... fultonprecision.local passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
Check through the suggestions here for a start:
http://eventid.net/display.asp?eventid=1202&eventno=348&source=SceCli&phase=1
http://eventid.net/display.asp?eventid=1202&eventno=348&source=SceCli&phase=1
ASKER
I have already viewed and tried both above.
According to Microsoft, the 0x4b8 error is "generic and can be caused by a number of different problems".
If you look at the following link it shows you how to enable debugging for the sec conf client-side extension:
http://support.microsoft.com/default.aspx?scid=kb;en-us;324383
If you look at the following link it shows you how to enable debugging for the sec conf client-side extension:
http://support.microsoft.com/default.aspx?scid=kb;en-us;324383
ASKER
I have allready read the microsoft kb's for this issue.
Here is the winlogon.log also.
Error 0 to send control flag 1 over to server.
Make a local copy of \\fultonprecision.local\sy svol\fulto nprecision .local\Pol icies\{6AC 1786C-016F -11D2-945F -00C04fB98 4F9}\Machi ne\Microso ft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
Make a local copy of \\fultonprecision.local\sy svol\fulto nprecision .local\Pol icies\{31B 2F340-016D -11D2-945F -00C04FB98 4F9}\Machi ne\Microso ft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
Process GP template gpt00000.inf.
This is not the last GPO : domain policy is ignored on DC.
-------------------------- ---------- -------
Thursday, January 10, 2008 11:03:18 AM
Administrative privileged user logged on.
Parsing template C:\WINDOWS\security\templa tes\polici es\gpt0000 0.inf.
Copy undo values to the merged policy.
----Un-initialize configuration engine...
Process GP template gpt00001.dom.
-------------------------- ---------- -------
Thursday, January 10, 2008 11:03:19 AM
Administrative privileged user logged on.
Parsing template C:\WINDOWS\security\templa tes\polici es\gpt0000 1.dom.
----Configuration engine was initialized successfully.----
----Reading Configuration Template info...
----Configure User Rights...
SeSystemtimePrivilege must be assigned to administrators. This setting is adjusted.
Configure S-1-5-21-3370397029-427924 9883-32634 91998-7104 .
Configure S-1-5-19.
Configure S-1-5-20.
Configure S-1-5-21-3370397029-427924 9883-32634 91998-5131 .
Configure S-1-5-21-3370397029-427924 9883-32634 91998-6612 .
Configure S-1-5-21-3370397029-427924 9883-32634 91998-6644 .
Configure S-1-5-32-544.
Configure S-1-5-32-551.
Configure S-1-5-32-549.
Configure S-1-5-21-3370397029-427924 9883-32634 91998-6611 .
Configure S-1-5-21-3370397029-427924 9883-32634 91998-5130 .
Configure S-1-5-21-3370397029-427924 9883-32634 91998-3621 .
Configure S-1-5-21-3370397029-427924 9883-32634 91998-500.
Configure S-1-5-21-3370397029-427924 9883-32634 91998-5108 .
Configure S-1-5-21-3370397029-427924 9883-32634 91998-6625 .
Configure S-1-1-0.
Configure S-1-5-11.
Configure S-1-5-32-554.
Configure S-1-5-21-3370397029-427924 9883-32634 91998-6619 .
Configure S-1-5-32-548.
Configure S-1-5-32-550.
Configure S-1-5-18.
Configure S-1-5-9.
Configure S-1-5-21-3370397029-427924 9883-32634 91998-5110 .
User Rights configuration was completed successfully.
----Configure Registry Keys...
Configure machine\software.
Configure machine\software\Aladdin Knowledge Systems.
Configure machine\software\Analog Devices.
Configure machine\software\Andrea Electronics.
Configure machine\software\C07ft5Y.
Configure machine\software\Clients.
Configure machine\software\Distribut ed Computing Technologies, Inc..
Configure machine\software\Executive Software.
Configure machine\software\FLEXlm License Manager.
Configure machine\software\Gemplus.
Configure machine\software\Installed Options.
Configure machine\software\InstallSh ield.
Configure machine\software\INTEL.
Configure machine\software\Intuit.
Configure machine\software\JavaSoft.
Configure machine\software\KONICA MINOLTA.
Configure machine\software\Kyocera Mita.
Configure machine\software\KyoceraMi ta.
Configure machine\software\Licenses.
Warning 1336: The access control list (ACL) structure is invalid.
Error setting security on machine\software\Licenses.
Configuration of Registry Keys was completed with one or more errors.
----Configure File Security...
Configure c:\program files.
Configure c:\windows.
Configure c:\windows\downloaded program files.
Configure c:\windows\help.
Configure c:\windows\system32.
Configure c:\windows\temp.
File Security configuration was completed successfully.
----Configure Security Policy...
Audit/Log configuration was completed successfully.
Kerberos Policy configuration was completed successfully.
Configure machine\system\currentcont rolset\con trol\lsa\l mcompatibi litylevel.
There is already an undo value for group policy setting <machine\system\currentcon trolset\co ntrol\lsa\ lmcompatib ilitylevel >.
Configure machine\system\currentcont rolset\ser vices\lanm anserver\p arameters\ enablesecu ritysignat ure.
There is already an undo value for group policy setting <machine\system\currentcon trolset\se rvices\lan manserver\ parameters \enablesec uritysigna ture>.
Configure machine\system\currentcont rolset\ser vices\lanm anserver\p arameters\ requiresec uritysigna ture.
There is already an undo value for group policy setting <machine\system\currentcon trolset\se rvices\lan manserver\ parameters \requirese curitysign ature>.
Configure machine\system\currentcont rolset\ser vices\netl ogon\param eters\requ iresignors eal.
There is already an undo value for group policy setting <machine\system\currentcon trolset\se rvices\net logon\para meters\req uiresignor seal>.
Configure machine\system\currentcont rolset\ser vices\ntds \parameter s\ldapserv erintegrit y.
There is already an undo value for group policy setting <machine\system\currentcon trolset\se rvices\ntd s\paramete rs\ldapser verintegri ty>.
Configuration of Registry Values was completed successfully.
----Configure available attachment engines...
Configuration of attachment engines was completed successfully.
Here is the winlogon.log also.
Error 0 to send control flag 1 over to server.
Make a local copy of \\fultonprecision.local\sy
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
Make a local copy of \\fultonprecision.local\sy
GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
Process GP template gpt00000.inf.
This is not the last GPO : domain policy is ignored on DC.
--------------------------
Thursday, January 10, 2008 11:03:18 AM
Administrative privileged user logged on.
Parsing template C:\WINDOWS\security\templa
Copy undo values to the merged policy.
----Un-initialize configuration engine...
Process GP template gpt00001.dom.
--------------------------
Thursday, January 10, 2008 11:03:19 AM
Administrative privileged user logged on.
Parsing template C:\WINDOWS\security\templa
----Configuration engine was initialized successfully.----
----Reading Configuration Template info...
----Configure User Rights...
SeSystemtimePrivilege must be assigned to administrators. This setting is adjusted.
Configure S-1-5-21-3370397029-427924
Configure S-1-5-19.
Configure S-1-5-20.
Configure S-1-5-21-3370397029-427924
Configure S-1-5-21-3370397029-427924
Configure S-1-5-21-3370397029-427924
Configure S-1-5-32-544.
Configure S-1-5-32-551.
Configure S-1-5-32-549.
Configure S-1-5-21-3370397029-427924
Configure S-1-5-21-3370397029-427924
Configure S-1-5-21-3370397029-427924
Configure S-1-5-21-3370397029-427924
Configure S-1-5-21-3370397029-427924
Configure S-1-5-21-3370397029-427924
Configure S-1-1-0.
Configure S-1-5-11.
Configure S-1-5-32-554.
Configure S-1-5-21-3370397029-427924
Configure S-1-5-32-548.
Configure S-1-5-32-550.
Configure S-1-5-18.
Configure S-1-5-9.
Configure S-1-5-21-3370397029-427924
User Rights configuration was completed successfully.
----Configure Registry Keys...
Configure machine\software.
Configure machine\software\Aladdin Knowledge Systems.
Configure machine\software\Analog Devices.
Configure machine\software\Andrea Electronics.
Configure machine\software\C07ft5Y.
Configure machine\software\Clients.
Configure machine\software\Distribut
Configure machine\software\Executive
Configure machine\software\FLEXlm License Manager.
Configure machine\software\Gemplus.
Configure machine\software\Installed
Configure machine\software\InstallSh
Configure machine\software\INTEL.
Configure machine\software\Intuit.
Configure machine\software\JavaSoft.
Configure machine\software\KONICA MINOLTA.
Configure machine\software\Kyocera Mita.
Configure machine\software\KyoceraMi
Configure machine\software\Licenses.
Warning 1336: The access control list (ACL) structure is invalid.
Error setting security on machine\software\Licenses.
Configuration of Registry Keys was completed with one or more errors.
----Configure File Security...
Configure c:\program files.
Configure c:\windows.
Configure c:\windows\downloaded program files.
Configure c:\windows\help.
Configure c:\windows\system32.
Configure c:\windows\temp.
File Security configuration was completed successfully.
----Configure Security Policy...
Audit/Log configuration was completed successfully.
Kerberos Policy configuration was completed successfully.
Configure machine\system\currentcont
There is already an undo value for group policy setting <machine\system\currentcon
Configure machine\system\currentcont
There is already an undo value for group policy setting <machine\system\currentcon
Configure machine\system\currentcont
There is already an undo value for group policy setting <machine\system\currentcon
Configure machine\system\currentcont
There is already an undo value for group policy setting <machine\system\currentcon
Configure machine\system\currentcont
There is already an undo value for group policy setting <machine\system\currentcon
Configuration of Registry Values was completed successfully.
----Configure available attachment engines...
Configuration of attachment engines was completed successfully.
ASKER
Yes I have done that already.
Well I'm outta ideas, but I've searched around (as you no doubt have) and came across the following - I hope maybe this helps:
"None of eventid.net's links helped (which is unusual). So I decided to
define the driver signing policy. I chose "warn but allow", and within
5 minutes time, I had an informational event 1704: "Security policy in
the Group policy objects has been applied successfully", and my 1202's
went away"
(from http://www.pcreview.co.uk/forums/thread-1534466.php)
"None of eventid.net's links helped (which is unusual). So I decided to
define the driver signing policy. I chose "warn but allow", and within
5 minutes time, I had an informational event 1704: "Security policy in
the Group policy objects has been applied successfully", and my 1202's
went away"
(from http://www.pcreview.co.uk/forums/thread-1534466.php)
ASKER
Thanks to your reply i think I narrowed it down to this error...
Configure machine\software\Licenses.
Warning 1336: The access control list (ACL) structure is invalid.
Error setting security on machine\software\Licenses.
Configure machine\software\Licenses.
Warning 1336: The access control list (ACL) structure is invalid.
Error setting security on machine\software\Licenses.
ASKER
Ok
I added the administrators group to the permitions on the registry key(HLM/software/licenses) and when i clicked apply it automatcly add system, interactive, and users.
HLM/software/licenses
then ran gpudated. error was still there... check the winlogon.log and there was another acl that need HKEY_LOCAL_MACHINE\SOFTWAR E\Classes\ CLSID\{47D BA803-D7D0 -6665-0475 -0EDE1A6B7 99F}
I added administrtors group to the permitions. it automaticly add the same groups as the last one.
ran gpupdate and there is no error
now I just get
Event Type: Information
Event Source: SceCli
Event Category: None
Event ID: 1704
Date: 1/10/2008
Time: 1:49:11 PM
User: N/A
Computer: ALPHA
Description:
Security policy in the Group policy objects has been applied successfully.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I added the administrators group to the permitions on the registry key(HLM/software/licenses)
HLM/software/licenses
then ran gpudated. error was still there... check the winlogon.log and there was another acl that need HKEY_LOCAL_MACHINE\SOFTWAR
I added administrtors group to the permitions. it automaticly add the same groups as the last one.
ran gpupdate and there is no error
now I just get
Event Type: Information
Event Source: SceCli
Event Category: None
Event ID: 1704
Date: 1/10/2008
Time: 1:49:11 PM
User: N/A
Computer: ALPHA
Description:
Security policy in the Group policy objects has been applied successfully.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
https://www.experts-exchange.com/questions/22049789/Security-policies-were-propagated-with-warning-0x4b8-An-extended-error-has-occurred.html