Solved

Security policies were propagated with warning 0x4b8 An extended error has occurred

Posted on 2009-07-06
4
1,546 Views
Last Modified: 2012-05-07
in the primary DC I am always getting this message  every 5 minutes:
 event id 1202
"Security policies were propagated with warning 0x4b8 An extended error has occurred"

Also in winlogon.log (windows directory->security->logs) I found this:
Error 0 to send control flag 1 over to server.
Make a local copy of
\\sjc.sjcako\sysvol\sjc.sjcako\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
Process GP template gpt00000.inf.
This is the last GPO : domain policy is ignored on DC.
-------------------------------------------
Monday, July 06, 2009 1:40:12 AM
      Copy undo values to the merged policy.
----Un-initialize configuration engine...
-------------------------------------------
Monday, July 06, 2009 1:40:13 AM
----Configuration engine was initialized successfully.----
----Reading Configuration Template info...
----Configure User Rights...
      Configure S-1-5-21-352796754-1676766066-617630493-1058.
      Configure S-1-5-19.
      Configure S-1-5-20.
      Configure S-1-5-21-352796754-1676766066-617630493-1180.
      Configure S-1-5-21-352796754-1676766066-617630493-512.
      Configure S-1-5-32-544.
      Configure S-1-5-21-352796754-1676766066-617630493-1002.
      Configure S-1-5-21-352796754-1676766066-617630493-500.
      Configure S-1-5-32-549.
      Configure S-1-5-32-551.
      Configure S-1-5-21-3178157872-2455633818-3154385386-1141.
      Configure S-1-5-21-352796754-1676766066-617630493-1001.
      Configure S-1-5-21-352796754-1676766066-617630493-2247.
      Configure S-1-1-0.
      Configure S-1-5-32-554.
      Configure S-1-5-21-352796754-1676766066-617630493-1329.
      Configure S-1-5-21-352796754-1676766066-617630493-1678.
      Configure S-1-5-21-352796754-1676766066-617630493-1902.
      Configure S-1-5-21-3178157872-2455633818-3154385386-1120.
      Configure S-1-5-21-3178157872-2455633818-3154385386-1121.
      Configure S-1-5-32-550.
      Configure S-1-5-11.
      Configure S-1-5-9.
      Configure S-1-5-21-352796754-1676766066-617630493-1055.
      Configure S-1-5-21-352796754-1676766066-617630493-2854.
      Configure S-1-5-21-352796754-1676766066-617630493-1176.
      Configure S-1-5-21-352796754-1676766066-617630493-1229.
      Configure S-1-5-21-352796754-1676766066-617630493-1262.
      Configure S-1-5-21-352796754-1676766066-617630493-1324.
      Configure S-1-5-21-378266076-1484631615-2365174702-500.
      Configure S-1-5-21-352796754-1676766066-617630493-2943.
      User Rights configuration was completed successfully.
----Configure Security Policy...
      Configure password information.
      System Access configuration was completed successfully.
      Audit/Log configuration was completed successfully.
      Kerberos Policy configuration was completed successfully.
      Configure machine\software\microsoft\driver signing\policy.
            Undo value for the undefined group policy setting <machine\software\microsoft\driver signing\policy> wasn't reset successfully (1627).  Undo value was not removed.
Error 1627: Function failed during execution.
       Error configuring machine\software\microsoft\driver signing\policy.
      Configure machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
      Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
      Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
      Configure machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.
      Configure machine\system\currentcontrolset\services\ntds\parameters\ldapserverintegrity.
      Configuration of Registry Values was completed with one or more errors.
----Configure available attachment engines...
      Configuration of attachment engines was completed successfully.
----Un-initialize configuration engine...

+++++++++++++++++++++++++
windows sever 2003 ,xp pro,2 DCs

Thanks
0
Comment
Question by:osho929
4 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 100 total points
ID: 24783525
Have you looked at these TechNet articles:
 
Event ID 1000 and 1202 Messages May Occur Every Five Minutes on the Domain Controller
http://support.microsoft.com/default.aspx?scid=kb;en-us;279432

Troubleshooting SCECLI 1202 Events
http://support.microsoft.com/default.aspx?scid=kb;en-us;324383
Thanks
Mike
 
0
 
LVL 1

Assisted Solution

by:_Fred
_Fred earned 100 total points
ID: 24783731
0
 

Accepted Solution

by:
Rignes earned 300 total points
ID: 24784643
I just had this error on a workstation a couple of weeks ago.  I eventually resolved it by secedt.sdb database file.

I used the steps here at http://technet.microsoft.com/en-us/library/cc783523(WS.10).aspx - Scecli.dll errors occur when opening Account Policies or Local Policies

I'm not sure if this is the exact solution for your case but hopefully it will, at the very least, get you going in the right direction. ;)
0
 

Author Comment

by:osho929
ID: 24834475
any other soluation?
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Three simple tips to quickly and efficiently back up and protect the contents of your PC and Mac®.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now