Getting warning events in application logs on all the servers.

Hi,

We are getting warning events in application logs on all the servers

Log Name :- Application
Source :- SceCli
Event Id :- 1202
Level :- Warning

General :-
Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.

Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events".

Error 0x534 occurs when a user account in one or more Group Policy objects (GPOs) could not be resolved to a SID.  This error is possibly caused by a mistyped or deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO.  To resolve this event, contact an administrator in the domain to perform the following actions:

1.      Identify accounts that could not be resolved to a SID:

From the command prompt, type: FIND /I "Cannot find"  %SYSTEMROOT%\Security\Logs\winlogon.log

The string following "Cannot find" in the FIND output identifies the problem account names.

Example: Cannot find JohnDough.

In this case, the SID for username "JohnDough" could not be determined. This most likely occurs because the account was deleted, renamed, or is spelled differently (e.g. "JohnDoe").

2.      Use RSoP to identify the specific User Rights, Restricted Groups, and Source GPOs that contain the problem accounts:

a.      Start -> Run -> RSoP.msc
b.      Review the results for Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment and Computer Configuration\Windows Settings\Security Settings\Local Policies\Restricted Groups for any errors flagged with a red X.
c.      For any User Right or Restricted Group marked with a red X, the corresponding GPO that contains the problem policy setting is listed under the column entitled "Source GPO". Note the specific User Rights, Restricted Groups and containing Source GPOs that are generating errors.

3.      Remove unresolved accounts from Group Policy

a.      Start -> Run -> MMC.EXE
b.      From the File menu select "Add/Remove Snap-in..."
c.      From the "Add/Remove Snap-in" dialog box select "Add..."
d.      In the "Add Standalone Snap-in" dialog box select "Group Policy" and click "Add"
e.      In the "Select Group Policy Object" dialog box click the "Browse" button.
f.      On the "Browse for a Group Policy Object" dialog box choose the "All" tab
g.      For each source GPO identified in step 2, correct the specific User Rights or Restricted Groups that were flagged with a red X in step 2. These User Rights or Restricted Groups can be corrected by removing or correcting any references to the problem accounts that were identified in step 1.


Please suggest
Swaroop KatargundeSr. Executive - Network EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

joinaunionCommented:
Have you tried the fix here, http://support.microsoft.com/kb/2000705
0
v_2abhis2Commented:
Hello,

Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.

These error codes mean that there was a failure to resolve a security account to a security identifier (SID). This typically occurs either because an account name was mistyped or because the account was deleted after it was added to the security policy setting. This typically occurs in the User Rights section or the Restricted Groups section of the security policy setting. It may also occur if the account exists across a trust and then the trust relationship is broken.

To troubleshoot please follow the below kb article
http://support.microsoft.com/kb/324383

Follow the simple  steps 1 to 6 for error code mentioned below in the above article.

0x534: No mapping between account names and security IDs was done.
-or-
0x6fc: The trust relationship between the primary domain and the trusted domain failed.
0
Swaroop KatargundeSr. Executive - Network EngineerAuthor Commented:
Below command does not work

secedit /refreshpolicy machine_policy /enforce
find /i "cannot find" %SYSTEMROOT%\security\logs\winlogon.log
c:\>find /i “account name” %SYSTEMROOT%\security\templates\policies\gpt*.*
0
v_2abhis2Commented:
The secedit command is for windows 2000 use

Gpupdate /force

To refresh group policy.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.