CliffordNg
asked on
cleaning DCDIAG - for SBS2011 migration
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... OCEANSRV failed test frsevent
I found out that there are two errors that are persisting, got it after reboot, i think. One is the frsevent followed by the systemlog event.
Ran RSoP and Found out that it's something to do with a user called 'admin' - which I have deleted or did not 'properly' delete.
I just don't know how to go into Group Policy stuff to remove that RSoP error.
Please assist. Thanks a lot, Clifford
Doc1.docx
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... OCEANSRV failed test frsevent
I found out that there are two errors that are persisting, got it after reboot, i think. One is the frsevent followed by the systemlog event.
Ran RSoP and Found out that it's something to do with a user called 'admin' - which I have deleted or did not 'properly' delete.
I just don't know how to go into Group Policy stuff to remove that RSoP error.
Please assist. Thanks a lot, Clifford
Doc1.docx
ASKER
Sorry, I'm quite confused with your answer.
it's OceanVillas.local which is the correct one.
I ran it on the migrating server, itself. The TERMINAL server is already dead, disconnected. To recall, the domain was removed successfully last week with your valuable help.
it's OceanVillas.local which is the correct one.
I ran it on the migrating server, itself. The TERMINAL server is already dead, disconnected. To recall, the domain was removed successfully last week with your valuable help.
ASKER
And if you double click on OceanVillas.local what happens?
ASKER
I have three directories:
DO_NOT_REMOVE_NTFS_PREINST
Policies ---> 11 subdirectories
Scripts ----> one batch file
DO_NOT_REMOVE_NTFS_PREINST
Policies ---> 11 subdirectories
Scripts ----> one batch file
Oh wait, sorry, I am misreading the errors.
This is just saying you have an error in the system event log that has been there in the last 24 hours.
If you clear the log these will go. Your SYSVOL looks as it should as far as I can see.
This is just saying you have an error in the system event log that has been there in the last 24 hours.
If you clear the log these will go. Your SYSVOL looks as it should as far as I can see.
ASKER
the event viewer shows several Warning errors, I just cannot do / don't know how to do Step 3 as per below advice from Event Viewer.
Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 1/9/2012
Time: 2:44:43 PM
User: N/A
Computer: OCEANSRV
Description:
Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.
Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events".
Error 0x534 occurs when a user account in one or more Group Policy objects (GPOs) could not be resolved to a SID. This error is possibly caused by a mistyped or deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO. To resolve this event, contact an administrator in the domain to perform the following actions:
1. Identify accounts that could not be resolved to a SID:
From the command prompt, type: FIND /I "Cannot find" %SYSTEMROOT%\Security\Logs
The string following "Cannot find" in the FIND output identifies the problem account names.
Example: Cannot find JohnDough.
In this case, the SID for username "JohnDough" could not be determined. This most likely occurs because the account was deleted, renamed, or is spelled differently (e.g. "JohnDoe").
2. Use RSoP to identify the specific User Rights, Restricted Groups, and Source GPOs that contain the problem accounts:
a. Start -> Run -> RSoP.msc
b. Review the results for Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment and Computer Configuration\Windows Settings\Security Settings\Local Policies\Restricted Groups for any errors flagged with a red X.
c. For any User Right or Restricted Group marked with a red X, the corresponding GPO that contains the problem policy setting is listed under the column entitled "Source GPO". Note the specific User Rights, Restricted Groups and containing Source GPOs that are generating errors.
3. Remove unresolved accounts from Group Policy
a. Start -> Run -> MMC.EXE
b. From the File menu select "Add/Remove Snap-in..."
c. From the "Add/Remove Snap-in" dialog box select "Add..."
d. In the "Add Standalone Snap-in" dialog box select "Group Policy" and click "Add"
e. In the "Select Group Policy Object" dialog box click the "Browse" button.
f. On the "Browse for a Group Policy Object" dialog box choose the "All" tab
g. For each source GPO identified in step 2, correct the specific User Rights or Restricted Groups that were flagged with a red X in step 2. These User Rights or Restricted Groups can be corrected by removing or correcting any references to the problem accounts that were identified in step 1.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 1/9/2012
Time: 2:44:43 PM
User: N/A
Computer: OCEANSRV
Description:
Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.
Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events".
Error 0x534 occurs when a user account in one or more Group Policy objects (GPOs) could not be resolved to a SID. This error is possibly caused by a mistyped or deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO. To resolve this event, contact an administrator in the domain to perform the following actions:
1. Identify accounts that could not be resolved to a SID:
From the command prompt, type: FIND /I "Cannot find" %SYSTEMROOT%\Security\Logs
The string following "Cannot find" in the FIND output identifies the problem account names.
Example: Cannot find JohnDough.
In this case, the SID for username "JohnDough" could not be determined. This most likely occurs because the account was deleted, renamed, or is spelled differently (e.g. "JohnDoe").
2. Use RSoP to identify the specific User Rights, Restricted Groups, and Source GPOs that contain the problem accounts:
a. Start -> Run -> RSoP.msc
b. Review the results for Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment and Computer Configuration\Windows Settings\Security Settings\Local Policies\Restricted Groups for any errors flagged with a red X.
c. For any User Right or Restricted Group marked with a red X, the corresponding GPO that contains the problem policy setting is listed under the column entitled "Source GPO". Note the specific User Rights, Restricted Groups and containing Source GPOs that are generating errors.
3. Remove unresolved accounts from Group Policy
a. Start -> Run -> MMC.EXE
b. From the File menu select "Add/Remove Snap-in..."
c. From the "Add/Remove Snap-in" dialog box select "Add..."
d. In the "Add Standalone Snap-in" dialog box select "Group Policy" and click "Add"
e. In the "Select Group Policy Object" dialog box click the "Browse" button.
f. On the "Browse for a Group Policy Object" dialog box choose the "All" tab
g. For each source GPO identified in step 2, correct the specific User Rights or Restricted Groups that were flagged with a red X in step 2. These User Rights or Restricted Groups can be corrected by removing or correcting any references to the problem accounts that were identified in step 1.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
ASKER
going down to 3g is fine. Now, I am seeing the Default Domain Controllers Policy which is supposed to be the Group Policy to look at, as per the RSOP red cross error.
now stuck ...... dunno what / how to do
now stuck ...... dunno what / how to do
can you post a screen capture from the policy without the dialog box in front?
ASKER
I don't know which one, so, I've printed a few screenshots for you. Hope this helps, let me know if you require other ones.
ASKER
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
demazter, i think i've fixed it. removed the 'unnecessary' user. RSoP does not show any errors, nor does the DCDIAG (except reporting System log during past 24 hours).
I will reboot and check again, before taking the 'plunge' .... (and without the SBS2003 SP1 ! )
Thanks and will keep you posted, Clifford
I will reboot and check again, before taking the 'plunge' .... (and without the SBS2003 SP1 ! )
Thanks and will keep you posted, Clifford
Where servername is the name of the server you are running it on.
What do you get?