Announcement

Collapse
No announcement yet.

Event ID: 1202

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Event ID: 1202

    I'm getting the following error on my W2003 server:

    Event Type: Warning
    Event Source: SceCli
    Event Category: None
    Event ID: 1202
    Date: 10/06/2006
    Time: 1:23:57 AM
    User: N/A
    Computer: JLRX01
    Description:
    Security policies were propagated with warning. 0x4b8 : An extended error has occurred.

    Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events".

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    I checked the file C:\WINDOWS\security\logs\Winlogon.log and found the following text:


    Error 0 to send control flag 1 over to server.

    Make a local copy of \\jlrxmelb.net\sysvol\jlrxmelb.net\Policies\{31B2F 340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
    GPLinkDomain GPO_INFO_FLAG_BACKGROUND )

    Make a local copy of \\jlrxmelb.net\sysvol\jlrxmelb.net\Policies\{6AC17 86C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
    GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )

    Process GP template gpt00000.dom.

    This is not the last GPO.
    -------------------------------------------
    Saturday, 10 June 2006 12:53:35 AM
    Copy undo values to the merged policy.


    ----Un-initialize configuration engine...

    Process GP template gpt00001.inf.

    This is the last GPO : domain policy is ignored on DC.
    -------------------------------------------
    Saturday, 10 June 2006 12:53:35 AM


    ----Un-initialize configuration engine...
    -------------------------------------------
    Saturday, 10 June 2006 12:53:35 AM
    ----Configuration engine was initialized successfully.----

    ----Reading Configuration Template info...


    ----Configure User Rights...
    Configure S-1-5-20.
    Configure S-1-5-19.
    Configure S-1-5-21-5784412-489956907-6498272-1003.
    Configure S-1-5-21-5784412-489956907-6498272-2614.
    Configure S-1-5-32-544.
    Configure S-1-5-21-5784412-489956907-6498272-1005.
    Configure S-1-5-32-551.
    Configure S-1-5-32-549.
    Configure S-1-5-21-5784412-489956907-6498272-4107.
    Configure S-1-5-21-5784412-489956907-6498272-1211.
    Configure S-1-5-21-5784412-489956907-6498272-2613.
    Configure S-1-5-21-5784412-489956907-6498272-2610.
    Configure S-1-5-21-5784412-489956907-6498272-1032.
    Configure S-1-5-21-5784412-489956907-6498272-500.
    Configure S-1-5-21-5784412-489956907-6498272-1497.
    Configure S-1-5-21-5784412-489956907-6498272-1009.
    Configure S-1-5-21-5784412-489956907-6498272-1006.
    Configure S-1-5-21-5784412-489956907-6498272-1031.
    Configure S-1-5-21-5784412-489956907-6498272-4106.
    Configure S-1-5-21-5784412-489956907-6498272-2914.
    Configure S-1-5-32-554.
    Configure S-1-1-0.
    Configure S-1-5-21-5784412-489956907-6498272-4110.
    Configure S-1-5-32-550.
    Configure S-1-5-21-5784412-489956907-6498272-1026.
    Configure S-1-5-21-5784412-489956907-6498272-1486.
    Configure S-1-5-32-548.
    Configure S-1-5-9.
    Configure S-1-5-11.
    Configure S-1-5-21-5784412-489956907-6498272-513.
    Configure S-1-5-21-5784412-489956907-6498272-2107.
    Configure S-1-5-21-5784412-489956907-6498272-2937.
    Configure S-1-5-21-5784412-489956907-6498272-1030.
    Configure S-1-5-21-5784412-489956907-6498272-1007.
    Configure S-1-5-21-5784412-489956907-6498272-1004.
    Configure S-1-5-21-5784412-489956907-6498272-1002.

    User Rights configuration was completed successfully.


    ----Configure Security Policy...
    Configure password information.
    Error 1316: The specified user already exists.
    Error renaming administrator account.

    System Access configuration was completed with one or more errors.
    Configure log settings.

    Audit/Log configuration was completed successfully.

    Kerberos Policy configuration was completed successfully.
    Configure machine\system\currentcontrolset\control\lsa\lmcom patibilitylevel.
    Configure machine\system\currentcontrolset\services\lanmanse rver\parameters\enablesecuritysignature.
    Configure machine\system\currentcontrolset\services\lanmanse rver\parameters\requiresecuritysignature.
    Configure machine\system\currentcontrolset\services\netlogon \parameters\requiresignorseal.
    Configure machine\system\currentcontrolset\services\ntds\par ameters\ldapserverintegrity.

    Configuration of Registry Values was completed successfully.


    ----Configure available attachment engines...

    Configuration of attachment engines was completed successfully.


    ----Un-initialize configuration engine...
    **************************
    I think it might have something to do with renaming the administrator account, which we have done (It's now called AdminXYZ). I checked the Local Security Policy, which has the following policy:

    Local Policies\Security Options\Accounts: Rename Administrator account

    ....set to the new name above, but I can't change it because when I open it, the textbox is greyed out.

    What do I do now?
    |
    +-- JDMils
    |
    +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
    |

  • #2
    Re: Event ID: 1202

    Did you check out this MS article?
    http://support.microsoft.com/?id=324383#
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: Event ID: 1202

      Oooo, this one might be more helpful
      http://support.microsoft.com/?scid=h...715%2fen-us%2f
      Regards,
      Jeremy

      Network Consultant/Engineer
      Baltimore - Washington area and beyond
      www.gma-cpa.com

      Comment


      • #4
        Re: Event ID: 1202

        Oh, am I to believe that the Default Domain Policy applies to ALL computers in the domain including the controllers?

        Looking at the Domain Controllers subfolder which shows the policies defined for those servers, I have the following:
        1. Default Domain Controllers Policy
        2. Kernal Mode Printers
        3. WSUS Policy


        None of these have the "Rename Administrator Account" policy defined.

        I did a GP Model on our Domain Controller and found that the Default Domain Policy was applied.....is this the correct action??
        |
        +-- JDMils
        |
        +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
        |

        Comment


        • #5
          Re: Event ID: 1202

          One more question. With respect to the "Rename Administrator Account" policy, do I leave the Administrator username on all computers as "Administrator" so when the poilicy is applied, it is the policy which renames the account?

          What I have done is manually renamed the "Administrator" account in Users & Computers, so I presume it is this action which has caused the 1202 error?
          |
          +-- JDMils
          |
          +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
          |

          Comment


          • #6
            Re: Event ID: 1202

            Have you had a look here

            http://eventid.net/display.asp?event...SceCli&phase=1

            Comment


            • #7
              Re: Event ID: 1202

              Hi JDMils,

              if i'm not mistaking you manually renamed the Administratsor account on all computer to something, then you applied GP at domain level wiith "Renamed Administrator account".

              From your logs is seems that is conflicting with a username that you already have.

              Error 1316: The specified user already exists.
              Error renaming administrator account.

              If you defined a GP to rename the Administrator account then you should not rename it manually.

              You can see which polices are applied to a computer/user in domain using the RSoP from Group policy management console or by using gpupdate or secedit command line depending onyour OS.

              Default domain policy applies to DC too.

              Hope this will help you.

              Regards,
              Calin Irimies
              Regards,
              Calin Irimies

              Comment


              • #8
                Re: Event ID: 1202

                Calinx,

                You are correct in all cases. I manually renamed the Administrator account then applied the GPO. I subsequently found that the Default Domain GPO is applied to all computers and DCs even if it is not specifically assigned to these items.

                I have renamed the Administrator account back to Administrator and thus allowed the GPO to rename it. Now, when I log in as the Renamed account name, it logs in as Administrator (It says Administrator on the Start Menu).

                I think I'm set now.
                |
                +-- JDMils
                |
                +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
                |

                Comment

                Working...
                X