jtcampbell
asked on
Security policies were propagated with warning. 0x4b8 : An extended error has occurred.
I the the following error every 5 mins.
I have also ran dcdiag /v and the out put is posted below the error.
Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 1/10/2008
Time: 7:46:14 AM
User: N/A
Computer: ALPHA
Description:
Security policies were propagated with warning. 0x4b8 : An extended error has occurred.
Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events".
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine alpha, is a DC.
* Connecting to directory service on server alpha.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: McConnellsburg\ALPHA
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... ALPHA passed test Connectivity
Doing primary tests
Testing server: McConnellsburg\ALPHA
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=fulto
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=fulto
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration
Latency information for 9 entries in the vector were ignored.
9 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=fulton
Latency information for 9 entries in the vector were ignored.
9 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=fultonprecision,DC=loca
Latency information for 9 entries in the vector were ignored.
9 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... ALPHA passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC ALPHA.
* Security Permissions Check for
DC=ForestDnsZones,DC=fulto
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=fulto
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=fulton
(Configuration,Version 2)
* Security Permissions Check for
DC=fultonprecision,DC=loca
(Domain,Version 2)
......................... ALPHA passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\ALPHA\netlogon
Verified share \\ALPHA\sysvol
......................... ALPHA passed test NetLogons
Starting test: Advertising
The DC ALPHA is advertising itself as a DC and having a DS.
The DC ALPHA is advertising as an LDAP server
The DC ALPHA is advertising as having a writeable directory
The DC ALPHA is advertising as a Key Distribution Center
The DC ALPHA is advertising as a time server
......................... ALPHA passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=BRAVO,CN=Serve
Role Domain Owner = CN=NTDS Settings,CN=ALPHA,CN=Serve
Role PDC Owner = CN=NTDS Settings,CN=BRAVO,CN=Serve
Role Rid Owner = CN=NTDS Settings,CN=BRAVO,CN=Serve
Role Infrastructure Update Owner = CN=NTDS Settings,CN=BRAVO,CN=Serve
......................... ALPHA passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 7603 to 1073741823
* bravo.fultonprecision.loca
* DsBind with RID Master was successful
* rIDAllocationPool is 6603 to 7102
* rIDPreviousAllocationPool is 6603 to 7102
* rIDNextRID: 6650
......................... ALPHA passed test RidManager
Starting test: MachineAccount
Checking machine account for DC ALPHA on DC ALPHA.
* SPN found :LDAP/alpha.fultonprecisio
* SPN found :LDAP/alpha.fultonprecisio
* SPN found :LDAP/ALPHA
* SPN found :LDAP/alpha.fultonprecisio
* SPN found :LDAP/516b990d-ea95-4d17-b
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/alpha.fultonprecisio
* SPN found :HOST/alpha.fultonprecisio
* SPN found :HOST/ALPHA
* SPN found :HOST/alpha.fultonprecisio
* SPN found :GC/alpha.fultonprecision.
......................... ALPHA passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... ALPHA passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
ALPHA is in domain DC=fultonprecision,DC=loca
Checking for CN=ALPHA,OU=Domain Controllers,DC=fultonpreci
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=ALPHA,CN=Serve
Object is up-to-date on all servers.
......................... ALPHA passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... ALPHA passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... ALPHA passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... ALPHA passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... ALPHA passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference) CN=ALPHA,OU=Domain Controllers,DC=fultonpreci
The system object reference (frsComputerReferenceBL) CN=ALPHA,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=fulto
The system object reference (serverReferenceBL) CN=ALPHA,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=fulto
......................... ALPHA passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : fultonprecision
Starting test: CrossRefValidation
......................... fultonprecision passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... fultonprecision passed test CheckSDRefDom
Running enterprise tests on : fultonprecision.local
Starting test: Intersite
Skipping site McConnellsburg, this site is outside the scope provided by the command line arguments provided.
......................... fultonprecision.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\bravo.fultonprecision.lo
Locator Flags: 0xe00003fd
PDC Name: \\bravo.fultonprecision.lo
Locator Flags: 0xe00003fd
Time Server Name: \\alpha.fultonprecision.lo
Locator Flags: 0xe00001f8
Preferred Time Server Name: \\bravo.fultonprecision.lo
Locator Flags: 0xe00003fd
KDC Name: \\alpha.fultonprecision.lo
Locator Flags: 0xe00001f8
......................... fultonprecision.local passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
I have also ran dcdiag /v and the out put is posted below the error.
Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 1/10/2008
Time: 7:46:14 AM
User: N/A
Computer: ALPHA
Description:
Security policies were propagated with warning. 0x4b8 : An extended error has occurred.
Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events".
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine alpha, is a DC.
* Connecting to directory service on server alpha.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: McConnellsburg\ALPHA
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... ALPHA passed test Connectivity
Doing primary tests
Testing server: McConnellsburg\ALPHA
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=fulto
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=fulto
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration
Latency information for 9 entries in the vector were ignored.
9 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=fulton
Latency information for 9 entries in the vector were ignored.
9 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=fultonprecision,DC=loca
Latency information for 9 entries in the vector were ignored.
9 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... ALPHA passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC ALPHA.
* Security Permissions Check for
DC=ForestDnsZones,DC=fulto
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=fulto
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=fulton
(Configuration,Version 2)
* Security Permissions Check for
DC=fultonprecision,DC=loca
(Domain,Version 2)
......................... ALPHA passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\ALPHA\netlogon
Verified share \\ALPHA\sysvol
......................... ALPHA passed test NetLogons
Starting test: Advertising
The DC ALPHA is advertising itself as a DC and having a DS.
The DC ALPHA is advertising as an LDAP server
The DC ALPHA is advertising as having a writeable directory
The DC ALPHA is advertising as a Key Distribution Center
The DC ALPHA is advertising as a time server
......................... ALPHA passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=BRAVO,CN=Serve
Role Domain Owner = CN=NTDS Settings,CN=ALPHA,CN=Serve
Role PDC Owner = CN=NTDS Settings,CN=BRAVO,CN=Serve
Role Rid Owner = CN=NTDS Settings,CN=BRAVO,CN=Serve
Role Infrastructure Update Owner = CN=NTDS Settings,CN=BRAVO,CN=Serve
......................... ALPHA passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 7603 to 1073741823
* bravo.fultonprecision.loca
* DsBind with RID Master was successful
* rIDAllocationPool is 6603 to 7102
* rIDPreviousAllocationPool is 6603 to 7102
* rIDNextRID: 6650
......................... ALPHA passed test RidManager
Starting test: MachineAccount
Checking machine account for DC ALPHA on DC ALPHA.
* SPN found :LDAP/alpha.fultonprecisio
* SPN found :LDAP/alpha.fultonprecisio
* SPN found :LDAP/ALPHA
* SPN found :LDAP/alpha.fultonprecisio
* SPN found :LDAP/516b990d-ea95-4d17-b
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/alpha.fultonprecisio
* SPN found :HOST/alpha.fultonprecisio
* SPN found :HOST/ALPHA
* SPN found :HOST/alpha.fultonprecisio
* SPN found :GC/alpha.fultonprecision.
......................... ALPHA passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... ALPHA passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
ALPHA is in domain DC=fultonprecision,DC=loca
Checking for CN=ALPHA,OU=Domain Controllers,DC=fultonpreci
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=ALPHA,CN=Serve
Object is up-to-date on all servers.
......................... ALPHA passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... ALPHA passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... ALPHA passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... ALPHA passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... ALPHA passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference) CN=ALPHA,OU=Domain Controllers,DC=fultonpreci
The system object reference (frsComputerReferenceBL) CN=ALPHA,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=fulto
The system object reference (serverReferenceBL) CN=ALPHA,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=fulto
......................... ALPHA passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : fultonprecision
Starting test: CrossRefValidation
......................... fultonprecision passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... fultonprecision passed test CheckSDRefDom
Running enterprise tests on : fultonprecision.local
Starting test: Intersite
Skipping site McConnellsburg, this site is outside the scope provided by the command line arguments provided.
......................... fultonprecision.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\bravo.fultonprecision.lo
Locator Flags: 0xe00003fd
PDC Name: \\bravo.fultonprecision.lo
Locator Flags: 0xe00003fd
Time Server Name: \\alpha.fultonprecision.lo
Locator Flags: 0xe00001f8
Preferred Time Server Name: \\bravo.fultonprecision.lo
Locator Flags: 0xe00003fd
KDC Name: \\alpha.fultonprecision.lo
Locator Flags: 0xe00001f8
......................... fultonprecision.local passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
Check through the suggestions here for a start:
http://eventid.net/display.asp?eventid=1202&eventno=348&source=SceCli&phase=1
http://eventid.net/display.asp?eventid=1202&eventno=348&source=SceCli&phase=1
ASKER
I have already viewed and tried both above.
According to Microsoft, the 0x4b8 error is "generic and can be caused by a number of different problems".
If you look at the following link it shows you how to enable debugging for the sec conf client-side extension:
http://support.microsoft.com/default.aspx?scid=kb;en-us;324383
If you look at the following link it shows you how to enable debugging for the sec conf client-side extension:
http://support.microsoft.com/default.aspx?scid=kb;en-us;324383
ASKER
I have allready read the microsoft kb's for this issue.
Here is the winlogon.log also.
Error 0 to send control flag 1 over to server.
Make a local copy of \\fultonprecision.local\sy
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
Make a local copy of \\fultonprecision.local\sy
GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
Process GP template gpt00000.inf.
This is not the last GPO : domain policy is ignored on DC.
--------------------------
Thursday, January 10, 2008 11:03:18 AM
Administrative privileged user logged on.
Parsing template C:\WINDOWS\security\templa
Copy undo values to the merged policy.
----Un-initialize configuration engine...
Process GP template gpt00001.dom.
--------------------------
Thursday, January 10, 2008 11:03:19 AM
Administrative privileged user logged on.
Parsing template C:\WINDOWS\security\templa
----Configuration engine was initialized successfully.----
----Reading Configuration Template info...
----Configure User Rights...
SeSystemtimePrivilege must be assigned to administrators. This setting is adjusted.
Configure S-1-5-21-3370397029-427924
Configure S-1-5-19.
Configure S-1-5-20.
Configure S-1-5-21-3370397029-427924
Configure S-1-5-21-3370397029-427924
Configure S-1-5-21-3370397029-427924
Configure S-1-5-32-544.
Configure S-1-5-32-551.
Configure S-1-5-32-549.
Configure S-1-5-21-3370397029-427924
Configure S-1-5-21-3370397029-427924
Configure S-1-5-21-3370397029-427924
Configure S-1-5-21-3370397029-427924
Configure S-1-5-21-3370397029-427924
Configure S-1-5-21-3370397029-427924
Configure S-1-1-0.
Configure S-1-5-11.
Configure S-1-5-32-554.
Configure S-1-5-21-3370397029-427924
Configure S-1-5-32-548.
Configure S-1-5-32-550.
Configure S-1-5-18.
Configure S-1-5-9.
Configure S-1-5-21-3370397029-427924
User Rights configuration was completed successfully.
----Configure Registry Keys...
Configure machine\software.
Configure machine\software\Aladdin Knowledge Systems.
Configure machine\software\Analog Devices.
Configure machine\software\Andrea Electronics.
Configure machine\software\C07ft5Y.
Configure machine\software\Clients.
Configure machine\software\Distribut
Configure machine\software\Executive
Configure machine\software\FLEXlm License Manager.
Configure machine\software\Gemplus.
Configure machine\software\Installed
Configure machine\software\InstallSh
Configure machine\software\INTEL.
Configure machine\software\Intuit.
Configure machine\software\JavaSoft.
Configure machine\software\KONICA MINOLTA.
Configure machine\software\Kyocera Mita.
Configure machine\software\KyoceraMi
Configure machine\software\Licenses.
Warning 1336: The access control list (ACL) structure is invalid.
Error setting security on machine\software\Licenses.
Configuration of Registry Keys was completed with one or more errors.
----Configure File Security...
Configure c:\program files.
Configure c:\windows.
Configure c:\windows\downloaded program files.
Configure c:\windows\help.
Configure c:\windows\system32.
Configure c:\windows\temp.
File Security configuration was completed successfully.
----Configure Security Policy...
Audit/Log configuration was completed successfully.
Kerberos Policy configuration was completed successfully.
Configure machine\system\currentcont
There is already an undo value for group policy setting <machine\system\currentcon
Configure machine\system\currentcont
There is already an undo value for group policy setting <machine\system\currentcon
Configure machine\system\currentcont
There is already an undo value for group policy setting <machine\system\currentcon
Configure machine\system\currentcont
There is already an undo value for group policy setting <machine\system\currentcon
Configure machine\system\currentcont
There is already an undo value for group policy setting <machine\system\currentcon
Configuration of Registry Values was completed successfully.
----Configure available attachment engines...
Configuration of attachment engines was completed successfully.
Here is the winlogon.log also.
Error 0 to send control flag 1 over to server.
Make a local copy of \\fultonprecision.local\sy
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
Make a local copy of \\fultonprecision.local\sy
GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
Process GP template gpt00000.inf.
This is not the last GPO : domain policy is ignored on DC.
--------------------------
Thursday, January 10, 2008 11:03:18 AM
Administrative privileged user logged on.
Parsing template C:\WINDOWS\security\templa
Copy undo values to the merged policy.
----Un-initialize configuration engine...
Process GP template gpt00001.dom.
--------------------------
Thursday, January 10, 2008 11:03:19 AM
Administrative privileged user logged on.
Parsing template C:\WINDOWS\security\templa
----Configuration engine was initialized successfully.----
----Reading Configuration Template info...
----Configure User Rights...
SeSystemtimePrivilege must be assigned to administrators. This setting is adjusted.
Configure S-1-5-21-3370397029-427924
Configure S-1-5-19.
Configure S-1-5-20.
Configure S-1-5-21-3370397029-427924
Configure S-1-5-21-3370397029-427924
Configure S-1-5-21-3370397029-427924
Configure S-1-5-32-544.
Configure S-1-5-32-551.
Configure S-1-5-32-549.
Configure S-1-5-21-3370397029-427924
Configure S-1-5-21-3370397029-427924
Configure S-1-5-21-3370397029-427924
Configure S-1-5-21-3370397029-427924
Configure S-1-5-21-3370397029-427924
Configure S-1-5-21-3370397029-427924
Configure S-1-1-0.
Configure S-1-5-11.
Configure S-1-5-32-554.
Configure S-1-5-21-3370397029-427924
Configure S-1-5-32-548.
Configure S-1-5-32-550.
Configure S-1-5-18.
Configure S-1-5-9.
Configure S-1-5-21-3370397029-427924
User Rights configuration was completed successfully.
----Configure Registry Keys...
Configure machine\software.
Configure machine\software\Aladdin Knowledge Systems.
Configure machine\software\Analog Devices.
Configure machine\software\Andrea Electronics.
Configure machine\software\C07ft5Y.
Configure machine\software\Clients.
Configure machine\software\Distribut
Configure machine\software\Executive
Configure machine\software\FLEXlm License Manager.
Configure machine\software\Gemplus.
Configure machine\software\Installed
Configure machine\software\InstallSh
Configure machine\software\INTEL.
Configure machine\software\Intuit.
Configure machine\software\JavaSoft.
Configure machine\software\KONICA MINOLTA.
Configure machine\software\Kyocera Mita.
Configure machine\software\KyoceraMi
Configure machine\software\Licenses.
Warning 1336: The access control list (ACL) structure is invalid.
Error setting security on machine\software\Licenses.
Configuration of Registry Keys was completed with one or more errors.
----Configure File Security...
Configure c:\program files.
Configure c:\windows.
Configure c:\windows\downloaded program files.
Configure c:\windows\help.
Configure c:\windows\system32.
Configure c:\windows\temp.
File Security configuration was completed successfully.
----Configure Security Policy...
Audit/Log configuration was completed successfully.
Kerberos Policy configuration was completed successfully.
Configure machine\system\currentcont
There is already an undo value for group policy setting <machine\system\currentcon
Configure machine\system\currentcont
There is already an undo value for group policy setting <machine\system\currentcon
Configure machine\system\currentcont
There is already an undo value for group policy setting <machine\system\currentcon
Configure machine\system\currentcont
There is already an undo value for group policy setting <machine\system\currentcon
Configure machine\system\currentcont
There is already an undo value for group policy setting <machine\system\currentcon
Configuration of Registry Values was completed successfully.
----Configure available attachment engines...
Configuration of attachment engines was completed successfully.
ASKER
Yes I have done that already.
Well I'm outta ideas, but I've searched around (as you no doubt have) and came across the following - I hope maybe this helps:
"None of eventid.net's links helped (which is unusual). So I decided to
define the driver signing policy. I chose "warn but allow", and within
5 minutes time, I had an informational event 1704: "Security policy in
the Group policy objects has been applied successfully", and my 1202's
went away"
(from http://www.pcreview.co.uk/forums/thread-1534466.php)
"None of eventid.net's links helped (which is unusual). So I decided to
define the driver signing policy. I chose "warn but allow", and within
5 minutes time, I had an informational event 1704: "Security policy in
the Group policy objects has been applied successfully", and my 1202's
went away"
(from http://www.pcreview.co.uk/forums/thread-1534466.php)
ASKER
Thanks to your reply i think I narrowed it down to this error...
Configure machine\software\Licenses.
Warning 1336: The access control list (ACL) structure is invalid.
Error setting security on machine\software\Licenses.
Configure machine\software\Licenses.
Warning 1336: The access control list (ACL) structure is invalid.
Error setting security on machine\software\Licenses.
ASKER
Ok
I added the administrators group to the permitions on the registry key(HLM/software/licenses)
HLM/software/licenses
then ran gpudated. error was still there... check the winlogon.log and there was another acl that need HKEY_LOCAL_MACHINE\SOFTWAR
I added administrtors group to the permitions. it automaticly add the same groups as the last one.
ran gpupdate and there is no error
now I just get
Event Type: Information
Event Source: SceCli
Event Category: None
Event ID: 1704
Date: 1/10/2008
Time: 1:49:11 PM
User: N/A
Computer: ALPHA
Description:
Security policy in the Group policy objects has been applied successfully.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I added the administrators group to the permitions on the registry key(HLM/software/licenses)
HLM/software/licenses
then ran gpudated. error was still there... check the winlogon.log and there was another acl that need HKEY_LOCAL_MACHINE\SOFTWAR
I added administrtors group to the permitions. it automaticly add the same groups as the last one.
ran gpupdate and there is no error
now I just get
Event Type: Information
Event Source: SceCli
Event Category: None
Event ID: 1704
Date: 1/10/2008
Time: 1:49:11 PM
User: N/A
Computer: ALPHA
Description:
Security policy in the Group policy objects has been applied successfully.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
https://www.experts-exchange.com/questions/22049789/Security-policies-were-propagated-with-warning-0x4b8-An-extended-error-has-occurred.html