gaz629
asked on
Cannot use profile on RDS 2016 Server - Event ID 1202 Source SceCli
HI,
TIA,
I have had a Server 2016 RDS server restored from an image backup (Datto).
originally it was a hardware server, I have had to recover it as a VM, both OS and DATA drive are accessible.
During the process the newly restored VM/server was removed from the domain and re-added.
All users (including domain admins) are having the same issue when logging in, in that they are not able to 'access' their roaming profile and are given a temp profile. This is whether the user is logging in locally to the server or using RDP.
Note here that I have removed the GPO to return to default profile location and added another GPO to change the location of roaming profile. Still no joy.
Other GPOs are working fine, eg redirected folders and printers
Errors in event viewer are:
Log Name: Application
Source: Group Policy Drive Maps
Date: 3/31/2019 11:44:21 AM
Event ID: 4098
Task Category: (2)
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: Server2-RDS.domain.interna
Description:
The user 'N:' preference item in the 'Default Domain Policy {31B2F340-016D-11D2-945F-0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Group Policy Drive Maps" />
<EventID Qualifiers="34305">4098</E
<Level>3</Level>
<Task>2</Task>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2019-03-31T17:
<EventRecordID>238661</Eve
<Channel>Application</Chan
<Computer>Server2-RDS.doma
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data>user</Data>
<Data>N:</Data>
<Data>Default Domain Policy {31B2F340-016D-11D2-945F-0
<Data>0x800708ca This network connection does not exist.</Data>
</EventData>
</Event>
Log Name: Application
Source: Group Policy Drive Maps
Date: 3/31/2019 11:44:21 AM
Event ID: 4098
Task Category: (2)
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: Server2-RDS.domain.interna
Description:
The user 'Z:' preference item in the 'Default Domain Policy {31B2F340-016D-11D2-945F-0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Group Policy Drive Maps" />
<EventID Qualifiers="34305">4098</E
<Level>3</Level>
<Task>2</Task>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2019-03-31T17:
<EventRecordID>238660</Eve
<Channel>Application</Chan
<Computer>Server2-RDS.doma
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data>user</Data>
<Data>Z:</Data>
<Data>Default Domain Policy {31B2F340-016D-11D2-945F-0
<Data>0x800708ca This network connection does not exist.</Data>
</EventData>
</Event>
Log Name: Application
Source: Group Policy Drive Maps
Date: 3/31/2019 11:44:21 AM
Event ID: 4098
Task Category: (2)
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: Server2-RDS.domain.interna
Description:
The user 'X:' preference item in the 'Default Domain Policy {31B2F340-016D-11D2-945F-0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Group Policy Drive Maps" />
<EventID Qualifiers="34305">4098</E
<Level>3</Level>
<Task>2</Task>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2019-03-31T17:
<EventRecordID>238659</Eve
<Channel>Application</Chan
<Computer>Server2-RDS.doma
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data>user</Data>
<Data>X:</Data>
<Data>Default Domain Policy {31B2F340-016D-11D2-945F-0
<Data>0x800708ca This network connection does not exist.</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 3/31/2019 11:44:13 AM
Event ID: 1511
Task Category: None
Level: Error
Keywords:
User: domain\burntorange
Computer: Server2-RDS.domain.interna
Description:
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Us
<EventID>1511</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2019-03-31T17:
<EventRecordID>238654</Eve
<Correlation />
<Execution ProcessID="1140" ThreadID="1640" />
<Channel>Application</Chan
<Computer>Server2-RDS.doma
<Security UserID="S-1-5-21-628027337
</System>
<EventData>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 3/31/2019 11:44:13 AM
Event ID: 1515
Task Category: None
Level: Error
Keywords:
User: domain\burntorange
Computer: Server2-RDS.domain.interna
Description:
Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Us
<EventID>1515</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2019-03-31T17:
<EventRecordID>238653</Eve
<Correlation />
<Execution ProcessID="1140" ThreadID="1640" />
<Channel>Application</Chan
<Computer>Server2-RDS.doma
<Security UserID="S-1-5-21-628027337
</System>
<EventData>
</EventData>
</Event>
Log Name: Application
Source: SceCli
Date: 3/31/2019 11:35:34 AM
Event ID: 1202
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: Server2-RDS.domain.interna
Description:
Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.
Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events".
Error 0x534 occurs when a user account in one or more Group Policy objects (GPOs) could not be resolved to a SID. This error is possibly caused by a mistyped or deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO. To resolve this event, contact an administrator in the domain to perform the following actions:
1. Identify accounts that could not be resolved to a SID:
From the command prompt, type: FIND /I "Cannot find" %SYSTEMROOT%\Security\Logs
The string following "Cannot find" in the FIND output identifies the problem account names.
Example: Cannot find JohnDough.
In this case, the SID for username "JohnDough" could not be determined. This most likely occurs because the account was deleted, renamed, or is spelled differently (e.g. "JohnDoe").
2. Use RSoP to identify the specific User Rights, Restricted Groups, and Source GPOs that contain the problem accounts:
a. Start -> Run -> RSoP.msc
b. Review the results for Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment and Computer Configuration\Windows Settings\Security Settings\Local Policies\Restricted Groups for any errors flagged with a red X.
c. For any User Right or Restricted Group marked with a red X, the corresponding GPO that contains the problem policy setting is listed under the column entitled "Source GPO". Note the specific User Rights, Restricted Groups and containing Source GPOs that are generating errors.
3. Remove unresolved accounts from Group Policy
a. Start -> Run -> MMC.EXE
b. From the File menu select "Add/Remove Snap-in..."
c. From the "Add/Remove Snap-in" dialog box select "Add..."
d. In the "Add Standalone Snap-in" dialog box select "Group Policy" and click "Add"
e. In the "Select Group Policy Object" dialog box click the "Browse" button.
f. On the "Browse for a Group Policy Object" dialog box choose the "All" tab
g. For each source GPO identified in step 2, correct the specific User Rights or Restricted Groups that were flagged with a red X in step 2. These User Rights or Restricted Groups can be corrected by removing or correcting any references to the problem accounts that were identified in step 1.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="SceCli" />
<EventID Qualifiers="32768">1202</E
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2019-03-31T17:
<EventRecordID>238651</Eve
<Channel>Application</Chan
<Computer>Server2-RDS.doma
<Security />
</System>
<EventData>
<Data>0x534 : No mapping between account names and security IDs was done.
Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events".
Error 0x534 occurs when a user account in one or more Group Policy objects (GPOs) could not be resolved to a SID. This error is possibly caused by a mistyped or deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO. To resolve this event, contact an administrator in the domain to perform the following actions:
1. Identify accounts that could not be resolved to a SID:
From the command prompt, type: FIND /I "Cannot find" %SYSTEMROOT%\Security\Logs
The string following "Cannot find" in the FIND output identifies the problem account names.
Example: Cannot find JohnDough.
In this case, the SID for username "JohnDough" could not be determined. This most likely occurs because the account was deleted, renamed, or is spelled differently (e.g. "JohnDoe").
2. Use RSoP to identify the specific User Rights, Restricted Groups, and Source GPOs that contain the problem accounts:
a. Start -> Run -> RSoP.msc
b. Review the results for Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment and Computer Configuration\Windows Settings\Security Settings\Local Policies\Restricted Groups for any errors flagged with a red X.
c. For any User Right or Restricted Group marked with a red X, the corresponding GPO that contains the problem policy setting is listed under the column entitled "Source GPO". Note the specific User Rights, Restricted Groups and containing Source GPOs that are generating errors.
3. Remove unresolved accounts from Group Policy
a. Start -> Run -> MMC.EXE
b. From the File menu select "Add/Remove Snap-in..."
c. From the "Add/Remove Snap-in" dialog box select "Add..."
d. In the "Add Standalone Snap-in" dialog box select "Group Policy" and click "Add"
e. In the "Select Group Policy Object" dialog box click the "Browse" button.
f. On the "Browse for a Group Policy Object" dialog box choose the "All" tab
g. For each source GPO identified in step 2, correct the specific User Rights or Restricted Groups that were flagged with a red X in step 2. These User Rights or Restricted Groups can be corrected by removing or correcting any references to the problem accounts that were identified in step 1.</Data>
</EventData>
</Event>
Any help greatly appreciated,
Thanks
Gareth
TIA,
I have had a Server 2016 RDS server restored from an image backup (Datto).
originally it was a hardware server, I have had to recover it as a VM, both OS and DATA drive are accessible.
During the process the newly restored VM/server was removed from the domain and re-added.
All users (including domain admins) are having the same issue when logging in, in that they are not able to 'access' their roaming profile and are given a temp profile. This is whether the user is logging in locally to the server or using RDP.
Note here that I have removed the GPO to return to default profile location and added another GPO to change the location of roaming profile. Still no joy.
Other GPOs are working fine, eg redirected folders and printers
Errors in event viewer are:
Log Name: Application
Source: Group Policy Drive Maps
Date: 3/31/2019 11:44:21 AM
Event ID: 4098
Task Category: (2)
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: Server2-RDS.domain.interna
Description:
The user 'N:' preference item in the 'Default Domain Policy {31B2F340-016D-11D2-945F-0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Group Policy Drive Maps" />
<EventID Qualifiers="34305">4098</E
<Level>3</Level>
<Task>2</Task>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2019-03-31T17:
<EventRecordID>238661</Eve
<Channel>Application</Chan
<Computer>Server2-RDS.doma
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data>user</Data>
<Data>N:</Data>
<Data>Default Domain Policy {31B2F340-016D-11D2-945F-0
<Data>0x800708ca This network connection does not exist.</Data>
</EventData>
</Event>
Log Name: Application
Source: Group Policy Drive Maps
Date: 3/31/2019 11:44:21 AM
Event ID: 4098
Task Category: (2)
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: Server2-RDS.domain.interna
Description:
The user 'Z:' preference item in the 'Default Domain Policy {31B2F340-016D-11D2-945F-0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Group Policy Drive Maps" />
<EventID Qualifiers="34305">4098</E
<Level>3</Level>
<Task>2</Task>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2019-03-31T17:
<EventRecordID>238660</Eve
<Channel>Application</Chan
<Computer>Server2-RDS.doma
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data>user</Data>
<Data>Z:</Data>
<Data>Default Domain Policy {31B2F340-016D-11D2-945F-0
<Data>0x800708ca This network connection does not exist.</Data>
</EventData>
</Event>
Log Name: Application
Source: Group Policy Drive Maps
Date: 3/31/2019 11:44:21 AM
Event ID: 4098
Task Category: (2)
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: Server2-RDS.domain.interna
Description:
The user 'X:' preference item in the 'Default Domain Policy {31B2F340-016D-11D2-945F-0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Group Policy Drive Maps" />
<EventID Qualifiers="34305">4098</E
<Level>3</Level>
<Task>2</Task>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2019-03-31T17:
<EventRecordID>238659</Eve
<Channel>Application</Chan
<Computer>Server2-RDS.doma
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data>user</Data>
<Data>X:</Data>
<Data>Default Domain Policy {31B2F340-016D-11D2-945F-0
<Data>0x800708ca This network connection does not exist.</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 3/31/2019 11:44:13 AM
Event ID: 1511
Task Category: None
Level: Error
Keywords:
User: domain\burntorange
Computer: Server2-RDS.domain.interna
Description:
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Us
<EventID>1511</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2019-03-31T17:
<EventRecordID>238654</Eve
<Correlation />
<Execution ProcessID="1140" ThreadID="1640" />
<Channel>Application</Chan
<Computer>Server2-RDS.doma
<Security UserID="S-1-5-21-628027337
</System>
<EventData>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 3/31/2019 11:44:13 AM
Event ID: 1515
Task Category: None
Level: Error
Keywords:
User: domain\burntorange
Computer: Server2-RDS.domain.interna
Description:
Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Us
<EventID>1515</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2019-03-31T17:
<EventRecordID>238653</Eve
<Correlation />
<Execution ProcessID="1140" ThreadID="1640" />
<Channel>Application</Chan
<Computer>Server2-RDS.doma
<Security UserID="S-1-5-21-628027337
</System>
<EventData>
</EventData>
</Event>
Log Name: Application
Source: SceCli
Date: 3/31/2019 11:35:34 AM
Event ID: 1202
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: Server2-RDS.domain.interna
Description:
Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.
Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events".
Error 0x534 occurs when a user account in one or more Group Policy objects (GPOs) could not be resolved to a SID. This error is possibly caused by a mistyped or deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO. To resolve this event, contact an administrator in the domain to perform the following actions:
1. Identify accounts that could not be resolved to a SID:
From the command prompt, type: FIND /I "Cannot find" %SYSTEMROOT%\Security\Logs
The string following "Cannot find" in the FIND output identifies the problem account names.
Example: Cannot find JohnDough.
In this case, the SID for username "JohnDough" could not be determined. This most likely occurs because the account was deleted, renamed, or is spelled differently (e.g. "JohnDoe").
2. Use RSoP to identify the specific User Rights, Restricted Groups, and Source GPOs that contain the problem accounts:
a. Start -> Run -> RSoP.msc
b. Review the results for Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment and Computer Configuration\Windows Settings\Security Settings\Local Policies\Restricted Groups for any errors flagged with a red X.
c. For any User Right or Restricted Group marked with a red X, the corresponding GPO that contains the problem policy setting is listed under the column entitled "Source GPO". Note the specific User Rights, Restricted Groups and containing Source GPOs that are generating errors.
3. Remove unresolved accounts from Group Policy
a. Start -> Run -> MMC.EXE
b. From the File menu select "Add/Remove Snap-in..."
c. From the "Add/Remove Snap-in" dialog box select "Add..."
d. In the "Add Standalone Snap-in" dialog box select "Group Policy" and click "Add"
e. In the "Select Group Policy Object" dialog box click the "Browse" button.
f. On the "Browse for a Group Policy Object" dialog box choose the "All" tab
g. For each source GPO identified in step 2, correct the specific User Rights or Restricted Groups that were flagged with a red X in step 2. These User Rights or Restricted Groups can be corrected by removing or correcting any references to the problem accounts that were identified in step 1.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="SceCli" />
<EventID Qualifiers="32768">1202</E
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2019-03-31T17:
<EventRecordID>238651</Eve
<Channel>Application</Chan
<Computer>Server2-RDS.doma
<Security />
</System>
<EventData>
<Data>0x534 : No mapping between account names and security IDs was done.
Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events".
Error 0x534 occurs when a user account in one or more Group Policy objects (GPOs) could not be resolved to a SID. This error is possibly caused by a mistyped or deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO. To resolve this event, contact an administrator in the domain to perform the following actions:
1. Identify accounts that could not be resolved to a SID:
From the command prompt, type: FIND /I "Cannot find" %SYSTEMROOT%\Security\Logs
The string following "Cannot find" in the FIND output identifies the problem account names.
Example: Cannot find JohnDough.
In this case, the SID for username "JohnDough" could not be determined. This most likely occurs because the account was deleted, renamed, or is spelled differently (e.g. "JohnDoe").
2. Use RSoP to identify the specific User Rights, Restricted Groups, and Source GPOs that contain the problem accounts:
a. Start -> Run -> RSoP.msc
b. Review the results for Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment and Computer Configuration\Windows Settings\Security Settings\Local Policies\Restricted Groups for any errors flagged with a red X.
c. For any User Right or Restricted Group marked with a red X, the corresponding GPO that contains the problem policy setting is listed under the column entitled "Source GPO". Note the specific User Rights, Restricted Groups and containing Source GPOs that are generating errors.
3. Remove unresolved accounts from Group Policy
a. Start -> Run -> MMC.EXE
b. From the File menu select "Add/Remove Snap-in..."
c. From the "Add/Remove Snap-in" dialog box select "Add..."
d. In the "Add Standalone Snap-in" dialog box select "Group Policy" and click "Add"
e. In the "Select Group Policy Object" dialog box click the "Browse" button.
f. On the "Browse for a Group Policy Object" dialog box choose the "All" tab
g. For each source GPO identified in step 2, correct the specific User Rights or Restricted Groups that were flagged with a red X in step 2. These User Rights or Restricted Groups can be corrected by removing or correcting any references to the problem accounts that were identified in step 1.</Data>
</EventData>
</Event>
Any help greatly appreciated,
Thanks
Gareth
A conversion like this should not affect profiles. Do you still have the physical machine? And can you attempt converting again to a VM?
ASKER
Hi John,
unfortunately we dont have time. Need to be up by 8am in the morning and it took nearly 48hrs to import image to VM.
G
unfortunately we dont have time. Need to be up by 8am in the morning and it took nearly 48hrs to import image to VM.
G
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
DC is Server 2008 R2 Standard
RDS Server is 2016 Server
Errors are on the 2016 Server.
ty
G