Source:SceCli  Event: 1202

ahmad1467
ahmad1467 used Ask the Experts™
on
I had two Windows 2003 domain controllers but I only have one now, lately I have been getting the same error message about every 5 minutes. I get this error Source:SceCli  Event: 1202
The description read
[Security policies were propagated with warning. 0x4b8 : An extended error has occurred.

Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.] is there something I can do about this
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooter

Commented:
You now only have one domain controller, but once had two.  Was the DC which isn't now running removed cleanly, or did it crash and disappear forever?  Where there any FSMOs on the missing DC?  (If you run 'netdom query fsmo' from a machine in the domain, does the missing DC show up?)  Does the missing DC still appear in the Domain Controllers OU in ADUC? etc

Author

Commented:
Yes the DC was removed cleanly it also had Exchange server on it so I followed the steps for First and last Exchange, then I uninstalled DNS, demoted the server, took it out of the domain then shut it off.
I ran netdom query fsmo from my domain controller and this is what I got
C:\>netdom query fsmo
Schema owner               DC-1.abc.ad

Domain role owner        DC-1.abc.ad

PDC role                        DC-1.abc.ad

RID pool manager          DC-1.abc.ad

Infrastructure owner      DC-1.abc.ad

The command completed successfully.
------------------------------------------------------------------------
DC-1 is the name of my domain controller and abc.ad is the name of my domain
I don’t see the name of the old server, also under AD users and computers I only see one server under domain controllers I only see one server.
Professional Troublemaker^h^h^h^h^hshooter
Commented:
That all sounds great.
I don't know this specific error.. I'm sure you already suspect something out there that still references the old domain controller.  Following the MS documentation on tracking down the source of the problem: http://support.microsoft.com/kb/324383
The 0x4b8 error is generic and can be caused by a number of different problems. To troubleshoot these errors, follow these steps:

    Enable debug logging for the Security Configuration client-side extension. To do this:
        Start Registry Editor.
        Locate and then click the following registry subkey:
        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F7 9F83A}
        On the Edit menu, click Add Value, and then add the following registry value:
        Value name: ExtensionDebugLevel
        Data type: DWORD
        Value data: 2
        Quit Registry Editor.
    Refresh the policy settings to reproduce the failure. To refresh the policy settings, type the following at the command prompt, and then press ENTER:
    secedit /refreshpolicy machine_policy /enforce
    This creates a file that is named Winlogon.log in the %SYSTEMROOT%\Security\Logs folder.
    See the following Microsoft Knowledge Base articles. These articles describe known issues that cause the 0x4b8 error. Click the following article numbers to view the articles in the Microsoft Knowledge Base:
    260715  Event ID 1000 and 1202 After Configuring Policies
    278316  ESENT Event IDs 1000, 1202, 412, and 454 Are Logged Repeatedly in the Application Event Log

I apologize that I can't do that remotely for you, but hopefully this is useful information.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial