Solved

Security policies were propagated with warning 0x4b8 An extended error has occurred

Posted on 2009-07-06
4
1,537 Views
Last Modified: 2012-05-07
in the primary DC I am always getting this message  every 5 minutes:
 event id 1202
"Security policies were propagated with warning 0x4b8 An extended error has occurred"

Also in winlogon.log (windows directory->security->logs) I found this:
Error 0 to send control flag 1 over to server.
Make a local copy of
\\sjc.sjcako\sysvol\sjc.sjcako\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
Process GP template gpt00000.inf.
This is the last GPO : domain policy is ignored on DC.
-------------------------------------------
Monday, July 06, 2009 1:40:12 AM
      Copy undo values to the merged policy.
----Un-initialize configuration engine...
-------------------------------------------
Monday, July 06, 2009 1:40:13 AM
----Configuration engine was initialized successfully.----
----Reading Configuration Template info...
----Configure User Rights...
      Configure S-1-5-21-352796754-1676766066-617630493-1058.
      Configure S-1-5-19.
      Configure S-1-5-20.
      Configure S-1-5-21-352796754-1676766066-617630493-1180.
      Configure S-1-5-21-352796754-1676766066-617630493-512.
      Configure S-1-5-32-544.
      Configure S-1-5-21-352796754-1676766066-617630493-1002.
      Configure S-1-5-21-352796754-1676766066-617630493-500.
      Configure S-1-5-32-549.
      Configure S-1-5-32-551.
      Configure S-1-5-21-3178157872-2455633818-3154385386-1141.
      Configure S-1-5-21-352796754-1676766066-617630493-1001.
      Configure S-1-5-21-352796754-1676766066-617630493-2247.
      Configure S-1-1-0.
      Configure S-1-5-32-554.
      Configure S-1-5-21-352796754-1676766066-617630493-1329.
      Configure S-1-5-21-352796754-1676766066-617630493-1678.
      Configure S-1-5-21-352796754-1676766066-617630493-1902.
      Configure S-1-5-21-3178157872-2455633818-3154385386-1120.
      Configure S-1-5-21-3178157872-2455633818-3154385386-1121.
      Configure S-1-5-32-550.
      Configure S-1-5-11.
      Configure S-1-5-9.
      Configure S-1-5-21-352796754-1676766066-617630493-1055.
      Configure S-1-5-21-352796754-1676766066-617630493-2854.
      Configure S-1-5-21-352796754-1676766066-617630493-1176.
      Configure S-1-5-21-352796754-1676766066-617630493-1229.
      Configure S-1-5-21-352796754-1676766066-617630493-1262.
      Configure S-1-5-21-352796754-1676766066-617630493-1324.
      Configure S-1-5-21-378266076-1484631615-2365174702-500.
      Configure S-1-5-21-352796754-1676766066-617630493-2943.
      User Rights configuration was completed successfully.
----Configure Security Policy...
      Configure password information.
      System Access configuration was completed successfully.
      Audit/Log configuration was completed successfully.
      Kerberos Policy configuration was completed successfully.
      Configure machine\software\microsoft\driver signing\policy.
            Undo value for the undefined group policy setting <machine\software\microsoft\driver signing\policy> wasn't reset successfully (1627).  Undo value was not removed.
Error 1627: Function failed during execution.
       Error configuring machine\software\microsoft\driver signing\policy.
      Configure machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
      Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
      Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
      Configure machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.
      Configure machine\system\currentcontrolset\services\ntds\parameters\ldapserverintegrity.
      Configuration of Registry Values was completed with one or more errors.
----Configure available attachment engines...
      Configuration of attachment engines was completed successfully.
----Un-initialize configuration engine...

+++++++++++++++++++++++++
windows sever 2003 ,xp pro,2 DCs

Thanks
0
Comment
Question by:osho929
4 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 100 total points
ID: 24783525
Have you looked at these TechNet articles:
 
Event ID 1000 and 1202 Messages May Occur Every Five Minutes on the Domain Controller
http://support.microsoft.com/default.aspx?scid=kb;en-us;279432

Troubleshooting SCECLI 1202 Events
http://support.microsoft.com/default.aspx?scid=kb;en-us;324383
Thanks
Mike
 
0
 
LVL 1

Assisted Solution

by:_Fred
_Fred earned 100 total points
ID: 24783731
0
 

Accepted Solution

by:
Rignes earned 300 total points
ID: 24784643
I just had this error on a workstation a couple of weeks ago.  I eventually resolved it by secedt.sdb database file.

I used the steps here at http://technet.microsoft.com/en-us/library/cc783523(WS.10).aspx - Scecli.dll errors occur when opening Account Policies or Local Policies

I'm not sure if this is the exact solution for your case but hopefully it will, at the very least, get you going in the right direction. ;)
0
 

Author Comment

by:osho929
ID: 24834475
any other soluation?
0

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now