Error 1202 - 0x534 : No mapping between account names and security IDs was done

Zach
Zach used Ask the Experts™
on
So recently upgraded added a Windows 2012 R2 server to my existing Windows 2003 network. The purpose is to remove the 2003 server from the environment. The add went fine but now in Event viewer on the new 2012 R2 server I am getting SceCLI Event IF 1202 about 0x534 : No mapping between account names and security IDs was done. I found a pretty good article (below) that helps me find the accounts that are not syncing and they are "besadmin" and "exmerge". But when I go into RSoP it shows me the accounts are in the "Allow log on locally" and "log on as a service". I have searched AD and found that both of these accounts have been removed. BESADMIN was for my Blackberry server, no longer in use and not sure what exmerge is but I'm sure it's with Exchange which is no off-site with Office 365. I would like to remove these two accounts from "Allow log on locally" and "log on as a service" but when I go in through RSoP everything is greyed out. How can I remove those entries so I stop getting the error 1202?RSoP

http://www.rebeladmin.com/2016/01/how-to-fix-error-no-mapping-between-account-names-and-security-ids-in-active-directory/
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Architect
Distinguished Expert 2018
Commented:
In rsop output check which gpo has that settings configured
Logon to dc, open gpmc, locate that specific gpo and remove those accounts from gpo

Rsop output is read only and cannot be changed
Rsop intended to simply provides you information
ZachIT Manager

Author

Commented:
That worked thank you

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial