?
Solved

Windows 2000 Domain Controller logging Event ID 1202 errors

Posted on 2008-11-14
3
Medium Priority
?
330 Views
Last Modified: 2013-12-05
Hello,

I have a couple of Windows 2000 Domain Controllers that are logging Event ID SceCli 1202 errors on a regular basis.  The complete error is as follows:

Security policies are propagated with warning. 0x57 : The parameter is incorrect.

I've looked through the winlogon.log file to see if I can find anything.  I do find one line that says completed with errors, but it doesn't state what the error is.  The snippet from winlogon.log is attached.(note the "Configure File Security section" that shows completed with errors")

Any ideas on what to look for?  Thanks.

11/14/2008 09:56:45
----Configuration engine is initialized successfully.----
 
----Reading Configuration template info...
 
 
----Configure User Rights...
	Configure S-1-5-21-1013974696-1236999600-1520766640-20005.
	Configure S-1-5-21-1013974696-1236999600-1520766640-9871.
	Configure S-1-5-21-1013974696-1236999600-1520766640-14037.
	Configure S-1-5-21-1013974696-1236999600-1520766640-512.
	Configure S-1-5-32-544.
	Configure S-1-5-32-551.
	Configure S-1-5-21-1013974696-1236999600-1520766640-500.
	Configure S-1-5-21-1013974696-1236999600-1520766640-13493.
	Configure S-1-5-21-1013974696-1236999600-1520766640-15993.
	Configure S-1-5-21-1013974696-1236999600-1520766640-16499.
	Configure S-1-5-21-1013974696-1236999600-1520766640-10993.
	Configure S-1-5-21-1013974696-1236999600-1520766640-15019.
	Configure S-1-5-21-1013974696-1236999600-1520766640-13492.
	Configure S-1-5-21-1013974696-1236999600-1520766640-15992.
	Configure S-1-5-21-1013974696-1236999600-1520766640-16500.
	Configure S-1-5-21-1013974696-1236999600-1520766640-10992.
	Configure S-1-5-21-1013974696-1236999600-1520766640-15020.
	Configure S-1-5-21-1013974696-1236999600-1520766640-19992.
	Configure S-1-5-18.
	Configure S-1-5-32-545.
	Configure S-1-5-21-73586283-261478967-839522115-1003.
	Configure S-1-5-6.
	Configure S-1-5-21-1013974696-1236999600-1520766640-20000.
	Configure S-1-5-21-1013974696-1236999600-1520766640-9895.
	Configure S-1-5-21-1013974696-1236999600-1520766640-8527.
	Configure S-1-5-11.
	Configure S-1-5-21-1013974696-1236999600-1520766640-1224.
	Configure S-1-5-21-1013974696-1236999600-1520766640-513.
	Configure S-1-5-21-1013974696-1236999600-1520766640-11994.
	Configure S-1-5-21-1013974696-1236999600-1520766640-11993.
	Configure S-1-1-0.
	Configure S-1-5-21-1013974696-1236999600-1520766640-11714.
	Configure S-1-5-21-1013974696-1236999600-1520766640-20003.
	Configure S-1-5-21-1013974696-1236999600-1520766640-9879.
	Configure S-1-5-21-1013974696-1236999600-1520766640-17506.
	Configure S-1-5-21-1013974696-1236999600-1520766640-10333.
	Configure S-1-5-21-1013974696-1236999600-1520766640-9864.
 
	User Rights configuration completed successfully.
 
 
----Configure Group Membership...
 
	Group Membership configuration completed successfully.
 
 
----Configure File Security...
 
	File security configuration completed with error.
 
 
----Configure Security Policy...
	Configure log settings.
 
	Audit/Log configuration completed successfully.
	Configure kerberos policy.
 
	Kerberos policy configuration completed successfully.
	Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\securitylevel.
	Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\setcommand.
	Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatecdroms.
	Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatedasd.
	Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatefloppies.
	Configure machine\software\microsoft\windows nt\currentversion\winlogon\cachedlogonscount.
	Configure machine\software\microsoft\windows nt\currentversion\winlogon\passwordexpirywarning.
	Configure machine\software\microsoft\windows nt\currentversion\winlogon\scremoveoption.
	Configure machine\software\microsoft\windows\currentversion\policies\system\disablecad.
	Configure machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
	Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption.
	Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext.
	Configure machine\software\microsoft\windows\currentversion\policies\system\shutdownwithoutlogon.
	Configure machine\system\currentcontrolset\control\lsa\auditbaseobjects.
	Configure machine\system\currentcontrolset\control\lsa\crashonauditfail.
	Configure machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
	Configure machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
	Configure machine\system\currentcontrolset\control\lsa\restrictanonymous.
	Configure machine\system\currentcontrolset\control\print\providers\lanman print services\servers\addprinterdrivers.
	Configure machine\system\currentcontrolset\control\session manager\memory management\clearpagefileatshutdown.
	Configure machine\system\currentcontrolset\control\session manager\protectionmode.
	Configure machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect.
	Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff.
	Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
	Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
	Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enableplaintextpassword.
	Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature.
	Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuritysignature.
	Configure machine\system\currentcontrolset\services\netlogon\parameters\disablepasswordchange.
	Configure machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.
	Configure machine\system\currentcontrolset\services\netlogon\parameters\requirestrongkey.
	Configure machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechannel.
	Configure machine\system\currentcontrolset\services\netlogon\parameters\signsecurechannel.
 
	Registry values configuration completed successfully.
 
 
----Configure available attachment engines...
 
	Attachment engines configuration completed successfully.
 
 
----Un-initialize configuration engine...

Open in new window

0
Comment
Question by:mcascio
  • 2
3 Comments
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 400 total points
ID: 22960794
0
 

Author Comment

by:mcascio
ID: 22960827
For the most part, that is the whole event.  But here it is:

Security policies are propagated with warning. 0x57 : The parameter is incorrect.

For best results in resolving this event, log on with a non-administrative account and search http://support.microsoft.com for "Troubleshooting Event 1202s".
0
 

Accepted Solution

by:
mcascio earned 0 total points
ID: 23014495
I found that there were two settings in Group Policy, either of which were causing this error.  The first was a file security right that referenced a file that did not exist.  The second was a file security right where the account listed did not have permissions set.  I removed both of these file system rights and the problem went away.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question