Solved

Security policies were propagated with warning 0x4b8 An extended error has occurred

Posted on 2009-07-06
4
1,557 Views
Last Modified: 2012-05-07
in the primary DC I am always getting this message  every 5 minutes:
 event id 1202
"Security policies were propagated with warning 0x4b8 An extended error has occurred"

Also in winlogon.log (windows directory->security->logs) I found this:
Error 0 to send control flag 1 over to server.
Make a local copy of
\\sjc.sjcako\sysvol\sjc.sjcako\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
Process GP template gpt00000.inf.
This is the last GPO : domain policy is ignored on DC.
-------------------------------------------
Monday, July 06, 2009 1:40:12 AM
      Copy undo values to the merged policy.
----Un-initialize configuration engine...
-------------------------------------------
Monday, July 06, 2009 1:40:13 AM
----Configuration engine was initialized successfully.----
----Reading Configuration Template info...
----Configure User Rights...
      Configure S-1-5-21-352796754-1676766066-617630493-1058.
      Configure S-1-5-19.
      Configure S-1-5-20.
      Configure S-1-5-21-352796754-1676766066-617630493-1180.
      Configure S-1-5-21-352796754-1676766066-617630493-512.
      Configure S-1-5-32-544.
      Configure S-1-5-21-352796754-1676766066-617630493-1002.
      Configure S-1-5-21-352796754-1676766066-617630493-500.
      Configure S-1-5-32-549.
      Configure S-1-5-32-551.
      Configure S-1-5-21-3178157872-2455633818-3154385386-1141.
      Configure S-1-5-21-352796754-1676766066-617630493-1001.
      Configure S-1-5-21-352796754-1676766066-617630493-2247.
      Configure S-1-1-0.
      Configure S-1-5-32-554.
      Configure S-1-5-21-352796754-1676766066-617630493-1329.
      Configure S-1-5-21-352796754-1676766066-617630493-1678.
      Configure S-1-5-21-352796754-1676766066-617630493-1902.
      Configure S-1-5-21-3178157872-2455633818-3154385386-1120.
      Configure S-1-5-21-3178157872-2455633818-3154385386-1121.
      Configure S-1-5-32-550.
      Configure S-1-5-11.
      Configure S-1-5-9.
      Configure S-1-5-21-352796754-1676766066-617630493-1055.
      Configure S-1-5-21-352796754-1676766066-617630493-2854.
      Configure S-1-5-21-352796754-1676766066-617630493-1176.
      Configure S-1-5-21-352796754-1676766066-617630493-1229.
      Configure S-1-5-21-352796754-1676766066-617630493-1262.
      Configure S-1-5-21-352796754-1676766066-617630493-1324.
      Configure S-1-5-21-378266076-1484631615-2365174702-500.
      Configure S-1-5-21-352796754-1676766066-617630493-2943.
      User Rights configuration was completed successfully.
----Configure Security Policy...
      Configure password information.
      System Access configuration was completed successfully.
      Audit/Log configuration was completed successfully.
      Kerberos Policy configuration was completed successfully.
      Configure machine\software\microsoft\driver signing\policy.
            Undo value for the undefined group policy setting <machine\software\microsoft\driver signing\policy> wasn't reset successfully (1627).  Undo value was not removed.
Error 1627: Function failed during execution.
       Error configuring machine\software\microsoft\driver signing\policy.
      Configure machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
      Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
      Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
      Configure machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.
      Configure machine\system\currentcontrolset\services\ntds\parameters\ldapserverintegrity.
      Configuration of Registry Values was completed with one or more errors.
----Configure available attachment engines...
      Configuration of attachment engines was completed successfully.
----Un-initialize configuration engine...

+++++++++++++++++++++++++
windows sever 2003 ,xp pro,2 DCs

Thanks
0
Comment
Question by:osho929
4 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 100 total points
ID: 24783525
Have you looked at these TechNet articles:
 
Event ID 1000 and 1202 Messages May Occur Every Five Minutes on the Domain Controller
http://support.microsoft.com/default.aspx?scid=kb;en-us;279432

Troubleshooting SCECLI 1202 Events
http://support.microsoft.com/default.aspx?scid=kb;en-us;324383
Thanks
Mike
 
0
 
LVL 1

Assisted Solution

by:_Fred
_Fred earned 100 total points
ID: 24783731
0
 

Accepted Solution

by:
Rignes earned 300 total points
ID: 24784643
I just had this error on a workstation a couple of weeks ago.  I eventually resolved it by secedt.sdb database file.

I used the steps here at http://technet.microsoft.com/en-us/library/cc783523(WS.10).aspx - Scecli.dll errors occur when opening Account Policies or Local Policies

I'm not sure if this is the exact solution for your case but hopefully it will, at the very least, get you going in the right direction. ;)
0
 

Author Comment

by:osho929
ID: 24834475
any other soluation?
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The 21st century solution to antiquated pagers.
Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question