?
Solved

Security policies were propagated with warning 0x4b8 An extended error has occurred

Posted on 2009-07-06
4
Medium Priority
?
1,618 Views
Last Modified: 2012-05-07
in the primary DC I am always getting this message  every 5 minutes:
 event id 1202
"Security policies were propagated with warning 0x4b8 An extended error has occurred"

Also in winlogon.log (windows directory->security->logs) I found this:
Error 0 to send control flag 1 over to server.
Make a local copy of
\\sjc.sjcako\sysvol\sjc.sjcako\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
Process GP template gpt00000.inf.
This is the last GPO : domain policy is ignored on DC.
-------------------------------------------
Monday, July 06, 2009 1:40:12 AM
      Copy undo values to the merged policy.
----Un-initialize configuration engine...
-------------------------------------------
Monday, July 06, 2009 1:40:13 AM
----Configuration engine was initialized successfully.----
----Reading Configuration Template info...
----Configure User Rights...
      Configure S-1-5-21-352796754-1676766066-617630493-1058.
      Configure S-1-5-19.
      Configure S-1-5-20.
      Configure S-1-5-21-352796754-1676766066-617630493-1180.
      Configure S-1-5-21-352796754-1676766066-617630493-512.
      Configure S-1-5-32-544.
      Configure S-1-5-21-352796754-1676766066-617630493-1002.
      Configure S-1-5-21-352796754-1676766066-617630493-500.
      Configure S-1-5-32-549.
      Configure S-1-5-32-551.
      Configure S-1-5-21-3178157872-2455633818-3154385386-1141.
      Configure S-1-5-21-352796754-1676766066-617630493-1001.
      Configure S-1-5-21-352796754-1676766066-617630493-2247.
      Configure S-1-1-0.
      Configure S-1-5-32-554.
      Configure S-1-5-21-352796754-1676766066-617630493-1329.
      Configure S-1-5-21-352796754-1676766066-617630493-1678.
      Configure S-1-5-21-352796754-1676766066-617630493-1902.
      Configure S-1-5-21-3178157872-2455633818-3154385386-1120.
      Configure S-1-5-21-3178157872-2455633818-3154385386-1121.
      Configure S-1-5-32-550.
      Configure S-1-5-11.
      Configure S-1-5-9.
      Configure S-1-5-21-352796754-1676766066-617630493-1055.
      Configure S-1-5-21-352796754-1676766066-617630493-2854.
      Configure S-1-5-21-352796754-1676766066-617630493-1176.
      Configure S-1-5-21-352796754-1676766066-617630493-1229.
      Configure S-1-5-21-352796754-1676766066-617630493-1262.
      Configure S-1-5-21-352796754-1676766066-617630493-1324.
      Configure S-1-5-21-378266076-1484631615-2365174702-500.
      Configure S-1-5-21-352796754-1676766066-617630493-2943.
      User Rights configuration was completed successfully.
----Configure Security Policy...
      Configure password information.
      System Access configuration was completed successfully.
      Audit/Log configuration was completed successfully.
      Kerberos Policy configuration was completed successfully.
      Configure machine\software\microsoft\driver signing\policy.
            Undo value for the undefined group policy setting <machine\software\microsoft\driver signing\policy> wasn't reset successfully (1627).  Undo value was not removed.
Error 1627: Function failed during execution.
       Error configuring machine\software\microsoft\driver signing\policy.
      Configure machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
      Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
      Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
      Configure machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.
      Configure machine\system\currentcontrolset\services\ntds\parameters\ldapserverintegrity.
      Configuration of Registry Values was completed with one or more errors.
----Configure available attachment engines...
      Configuration of attachment engines was completed successfully.
----Un-initialize configuration engine...

+++++++++++++++++++++++++
windows sever 2003 ,xp pro,2 DCs

Thanks
0
Comment
Question by:osho929
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 200 total points
ID: 24783525
Have you looked at these TechNet articles:
 
Event ID 1000 and 1202 Messages May Occur Every Five Minutes on the Domain Controller
http://support.microsoft.com/default.aspx?scid=kb;en-us;279432

Troubleshooting SCECLI 1202 Events
http://support.microsoft.com/default.aspx?scid=kb;en-us;324383
Thanks
Mike
 
0
 
LVL 1

Assisted Solution

by:_Fred
_Fred earned 200 total points
ID: 24783731
0
 

Accepted Solution

by:
Rignes earned 600 total points
ID: 24784643
I just had this error on a workstation a couple of weeks ago.  I eventually resolved it by secedt.sdb database file.

I used the steps here at http://technet.microsoft.com/en-us/library/cc783523(WS.10).aspx - Scecli.dll errors occur when opening Account Policies or Local Policies

I'm not sure if this is the exact solution for your case but hopefully it will, at the very least, get you going in the right direction. ;)
0
 

Author Comment

by:osho929
ID: 24834475
any other soluation?
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question