SCECLI 1202 error win 2k WS
superrob5
Member Posts: 20 ■□□□□□□□□□
We have active directory and we are getting this in one of our locations only on Win 2k ws and can't figure out why
Security policies are propagated with warning. 0x4b8 : An extended error has occurred.
I got the winlogon.log below but not sure why I do see errors but what do they mean?
*************************
GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
[Mapping] gpt00000.dom = Default Domain Policy
03/13/2008 17:48:46
Administrative privileged user logged on.
Invoke Registry Value Delay Filter.
Analyze machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\securitylevel.
Analyze machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\setcommand.
Analyze machine\software\microsoft\windows nt\currentversion\winlogon\allocatecdroms.
Analyze machine\software\microsoft\windows nt\currentversion\winlogon\allocatedasd.
Analyze machine\software\microsoft\windows nt\currentversion\winlogon\allocatefloppies.
Analyze machine\software\microsoft\windows nt\currentversion\winlogon\cachedlogonscount.
Analyze machine\software\microsoft\windows nt\currentversion\winlogon\passwordexpirywarning.
Analyze machine\software\microsoft\windows nt\currentversion\winlogon\scremoveoption.
Analyze machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
Analyze machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption.
Analyze machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext.
Analyze machine\software\microsoft\windows\currentversion\policies\system\shutdownwithoutlogon.
Analyze machine\system\currentcontrolset\control\lsa\auditbaseobjects.
Analyze machine\system\currentcontrolset\control\lsa\crashonauditfail.
Analyze machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
Analyze machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
Analyze machine\system\currentcontrolset\control\lsa\restrictanonymous.
Analyze machine\system\currentcontrolset\control\print\providers\lanman print services\servers\addprinterdrivers.
Analyze machine\system\currentcontrolset\control\session manager\memory management\clearpagefileatshutdown.
Analyze machine\system\currentcontrolset\control\session manager\protectionmode.
Analyze machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect.
Analyze machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff.
Analyze machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
Analyze machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
Analyze machine\system\currentcontrolset\services\lanmanworkstation\parameters\enableplaintextpassword.
Analyze machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature.
Analyze machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuritysignature.
Analyze machine\system\currentcontrolset\services\netlogon\parameters\disablepasswordchange.
Analyze machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.
Analyze machine\system\currentcontrolset\services\netlogon\parameters\requirestrongkey.
Analyze machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechannel.
Analyze machine\system\currentcontrolset\services\netlogon\parameters\signsecurechannel.
Analyze MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl.
Analyze MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD.
Analyze MACHINE\Software\Microsoft\Non-Driver Signing\Policy.
Analyze MACHINE\Software\Microsoft\Driver Signing\Policy.
Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
Copy local policy.
----Configuration engine is initialized successfully.----
----Reading Configuration template info...
----Configure User Rights...
Configure S-1-5-21-1872253117-1709060310-738207213-501.
remove SeInteractiveLogonRight.
Warning 2: The system cannot find the file specified.
Error configuring S-1-5-21-1872253117-1709060310-738207213-501.
Configure S-1-5-32-544.
Configure S-1-5-32-551.
Configure S-1-5-32-547.
Configure S-1-5-32-545.
Configure S-1-1-0.
Configure S-1-5-6.
Configure S-1-5-21-839522115-854245398-725345543-501.
Error 1317: The specified user does not exist.
Error enumerating info for LsaEnumerateAccountRights.
Error 1317: The specified user does not exist.
Error configuring S-1-5-21-839522115-854245398-725345543-501.
User Rights configuration completed with error.
----Configure Group Membership...
Group Membership configuration completed successfully.
----Configure Security Policy...
Configure password information.
Configure account force logoff information.
System Access configuration completed successfully.
Configure event audit settings.
Audit/Log configuration completed successfully.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\securitylevel.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\setcommand.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatecdroms.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatedasd.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatefloppies.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\cachedlogonscount.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\passwordexpirywarning.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\scremoveoption.
Configure machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption.
Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext.
Configure machine\software\microsoft\windows\currentversion\policies\system\shutdownwithoutlogon.
Configure machine\system\currentcontrolset\control\lsa\auditbaseobjects.
Configure machine\system\currentcontrolset\control\lsa\crashonauditfail.
Configure machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
Configure machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
Configure machine\system\currentcontrolset\control\lsa\restrictanonymous.
Configure machine\system\currentcontrolset\control\print\providers\lanman print services\servers\addprinterdrivers.
Configure machine\system\currentcontrolset\control\session manager\memory management\clearpagefileatshutdown.
Configure machine\system\currentcontrolset\control\session manager\protectionmode.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enableplaintextpassword.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuritysignature.
Configure machine\system\currentcontrolset\services\netlogon\parameters\disablepasswordchange.
Configure machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.
Configure machine\system\currentcontrolset\services\netlogon\parameters\requirestrongkey.
Configure machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechannel.
Configure machine\system\currentcontrolset\services\netlogon\parameters\signsecurechannel.
Registry values configuration completed successfully.
----Configure available attachment engines...
Attachment engines configuration completed successfully.
----Un-initialize configuration engine...
Security policies are propagated with warning. 0x4b8 : An extended error has occurred.
I got the winlogon.log below but not sure why I do see errors but what do they mean?
*************************
GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
[Mapping] gpt00000.dom = Default Domain Policy
03/13/2008 17:48:46
Administrative privileged user logged on.
Invoke Registry Value Delay Filter.
Analyze machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\securitylevel.
Analyze machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\setcommand.
Analyze machine\software\microsoft\windows nt\currentversion\winlogon\allocatecdroms.
Analyze machine\software\microsoft\windows nt\currentversion\winlogon\allocatedasd.
Analyze machine\software\microsoft\windows nt\currentversion\winlogon\allocatefloppies.
Analyze machine\software\microsoft\windows nt\currentversion\winlogon\cachedlogonscount.
Analyze machine\software\microsoft\windows nt\currentversion\winlogon\passwordexpirywarning.
Analyze machine\software\microsoft\windows nt\currentversion\winlogon\scremoveoption.
Analyze machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
Analyze machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption.
Analyze machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext.
Analyze machine\software\microsoft\windows\currentversion\policies\system\shutdownwithoutlogon.
Analyze machine\system\currentcontrolset\control\lsa\auditbaseobjects.
Analyze machine\system\currentcontrolset\control\lsa\crashonauditfail.
Analyze machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
Analyze machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
Analyze machine\system\currentcontrolset\control\lsa\restrictanonymous.
Analyze machine\system\currentcontrolset\control\print\providers\lanman print services\servers\addprinterdrivers.
Analyze machine\system\currentcontrolset\control\session manager\memory management\clearpagefileatshutdown.
Analyze machine\system\currentcontrolset\control\session manager\protectionmode.
Analyze machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect.
Analyze machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff.
Analyze machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
Analyze machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
Analyze machine\system\currentcontrolset\services\lanmanworkstation\parameters\enableplaintextpassword.
Analyze machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature.
Analyze machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuritysignature.
Analyze machine\system\currentcontrolset\services\netlogon\parameters\disablepasswordchange.
Analyze machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.
Analyze machine\system\currentcontrolset\services\netlogon\parameters\requirestrongkey.
Analyze machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechannel.
Analyze machine\system\currentcontrolset\services\netlogon\parameters\signsecurechannel.
Analyze MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl.
Analyze MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD.
Analyze MACHINE\Software\Microsoft\Non-Driver Signing\Policy.
Analyze MACHINE\Software\Microsoft\Driver Signing\Policy.
Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
Copy local policy.
----Configuration engine is initialized successfully.----
----Reading Configuration template info...
----Configure User Rights...
Configure S-1-5-21-1872253117-1709060310-738207213-501.
remove SeInteractiveLogonRight.
Warning 2: The system cannot find the file specified.
Error configuring S-1-5-21-1872253117-1709060310-738207213-501.
Configure S-1-5-32-544.
Configure S-1-5-32-551.
Configure S-1-5-32-547.
Configure S-1-5-32-545.
Configure S-1-1-0.
Configure S-1-5-6.
Configure S-1-5-21-839522115-854245398-725345543-501.
Error 1317: The specified user does not exist.
Error enumerating info for LsaEnumerateAccountRights.
Error 1317: The specified user does not exist.
Error configuring S-1-5-21-839522115-854245398-725345543-501.
User Rights configuration completed with error.
----Configure Group Membership...
Group Membership configuration completed successfully.
----Configure Security Policy...
Configure password information.
Configure account force logoff information.
System Access configuration completed successfully.
Configure event audit settings.
Audit/Log configuration completed successfully.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\securitylevel.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\setcommand.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatecdroms.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatedasd.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatefloppies.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\cachedlogonscount.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\passwordexpirywarning.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\scremoveoption.
Configure machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption.
Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext.
Configure machine\software\microsoft\windows\currentversion\policies\system\shutdownwithoutlogon.
Configure machine\system\currentcontrolset\control\lsa\auditbaseobjects.
Configure machine\system\currentcontrolset\control\lsa\crashonauditfail.
Configure machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
Configure machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
Configure machine\system\currentcontrolset\control\lsa\restrictanonymous.
Configure machine\system\currentcontrolset\control\print\providers\lanman print services\servers\addprinterdrivers.
Configure machine\system\currentcontrolset\control\session manager\memory management\clearpagefileatshutdown.
Configure machine\system\currentcontrolset\control\session manager\protectionmode.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enableplaintextpassword.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuritysignature.
Configure machine\system\currentcontrolset\services\netlogon\parameters\disablepasswordchange.
Configure machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.
Configure machine\system\currentcontrolset\services\netlogon\parameters\requirestrongkey.
Configure machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechannel.
Configure machine\system\currentcontrolset\services\netlogon\parameters\signsecurechannel.
Registry values configuration completed successfully.
----Configure available attachment engines...
Attachment engines configuration completed successfully.
----Un-initialize configuration engine...
Comments
-
Claymoore
Member Posts: 1,637
Have you deleted any user accounts recently? It looks like the machine is trying to assign rights to a user account that doesn't exist any more. I don't know why that would happen, but it's the only guess I have right now. -
superrob5
Member Posts: 20 ■□□□□□□□□□
The way the pc is setup they join to the domain.
Yes but they are all domain users that get deleted.
Could it be something linked to a gpo that is assigned to a user? -
superrob5
Member Posts: 20 ■□□□□□□□□□
any ideas. I have 2 pc's in the same subnet 1 has the problem 1 does not.
I am confused.
RD -
undomiel
Member Posts: 2,818
S-1-5-21-1872253117-1709060310-738207213-501
S-1-5-21-839522115-854245398-725345543-501
I would check-up on who those SIDs map to and if the user for them even exists anymore. Was a user deleted and recreated and may possibly be logging in with cached credentials?Jumping on the IT blogging band wagon -- http://www.jefferyland.com/