Security policies were propagated with warning 0x4b8 An extended error has occurred

in the primary DC I am always getting this message  every 5 minutes:
 event id 1202
"Security policies were propagated with warning 0x4b8 An extended error has occurred"

Also in winlogon.log (windows directory->security->logs) I found this:
Error 0 to send control flag 1 over to server.
Make a local copy of
\\sjc.sjcako\sysvol\sjc.sjcako\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
Process GP template gpt00000.inf.
This is the last GPO : domain policy is ignored on DC.
Monday, July 06, 2009 1:40:12 AM
      Copy undo values to the merged policy.
----Un-initialize configuration engine...
Monday, July 06, 2009 1:40:13 AM
----Configuration engine was initialized successfully.----
----Reading Configuration Template info...
----Configure User Rights...
      Configure S-1-5-21-352796754-1676766066-617630493-1058.
      Configure S-1-5-19.
      Configure S-1-5-20.
      Configure S-1-5-21-352796754-1676766066-617630493-1180.
      Configure S-1-5-21-352796754-1676766066-617630493-512.
      Configure S-1-5-32-544.
      Configure S-1-5-21-352796754-1676766066-617630493-1002.
      Configure S-1-5-21-352796754-1676766066-617630493-500.
      Configure S-1-5-32-549.
      Configure S-1-5-32-551.
      Configure S-1-5-21-3178157872-2455633818-3154385386-1141.
      Configure S-1-5-21-352796754-1676766066-617630493-1001.
      Configure S-1-5-21-352796754-1676766066-617630493-2247.
      Configure S-1-1-0.
      Configure S-1-5-32-554.
      Configure S-1-5-21-352796754-1676766066-617630493-1329.
      Configure S-1-5-21-352796754-1676766066-617630493-1678.
      Configure S-1-5-21-352796754-1676766066-617630493-1902.
      Configure S-1-5-21-3178157872-2455633818-3154385386-1120.
      Configure S-1-5-21-3178157872-2455633818-3154385386-1121.
      Configure S-1-5-32-550.
      Configure S-1-5-11.
      Configure S-1-5-9.
      Configure S-1-5-21-352796754-1676766066-617630493-1055.
      Configure S-1-5-21-352796754-1676766066-617630493-2854.
      Configure S-1-5-21-352796754-1676766066-617630493-1176.
      Configure S-1-5-21-352796754-1676766066-617630493-1229.
      Configure S-1-5-21-352796754-1676766066-617630493-1262.
      Configure S-1-5-21-352796754-1676766066-617630493-1324.
      Configure S-1-5-21-378266076-1484631615-2365174702-500.
      Configure S-1-5-21-352796754-1676766066-617630493-2943.
      User Rights configuration was completed successfully.
----Configure Security Policy...
      Configure password information.
      System Access configuration was completed successfully.
      Audit/Log configuration was completed successfully.
      Kerberos Policy configuration was completed successfully.
      Configure machine\software\microsoft\driver signing\policy.
            Undo value for the undefined group policy setting <machine\software\microsoft\driver signing\policy> wasn't reset successfully (1627).  Undo value was not removed.
Error 1627: Function failed during execution.
       Error configuring machine\software\microsoft\driver signing\policy.
      Configure machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
      Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
      Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
      Configure machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.
      Configure machine\system\currentcontrolset\services\ntds\parameters\ldapserverintegrity.
      Configuration of Registry Values was completed with one or more errors.
----Configure available attachment engines...
      Configuration of attachment engines was completed successfully.
----Un-initialize configuration engine...

windows sever 2003 ,xp pro,2 DCs

Who is Participating?
RignesConnect With a Mentor Commented:
I just had this error on a workstation a couple of weeks ago.  I eventually resolved it by secedt.sdb database file.

I used the steps here at - Scecli.dll errors occur when opening Account Policies or Local Policies

I'm not sure if this is the exact solution for your case but hopefully it will, at the very least, get you going in the right direction. ;)
Mike KlineConnect With a Mentor Commented:
Have you looked at these TechNet articles:
Event ID 1000 and 1202 Messages May Occur Every Five Minutes on the Domain Controller;en-us;279432

Troubleshooting SCECLI 1202 Events;en-us;324383
osho929Author Commented:
any other soluation?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.