Archived from groups: microsoft.public.win2000.advanced_server (
More info?)
Cameron,
Thanks for responding.
Yes, my process was:
Boot to safe mode.
Rename the files as Glenn stated, including secedit.sdb, then reboot to
normal
mode.
In my case the secedit.sdb file does not get recreated. I even attempted to
recreate it manually using either the Security Configuration and Analysis
console (which I described in my previous message), or the command: "Secedit
/configure /db secedit.sdb /cfg 'DC Security.inf' /overwrite /log dcsec.log"
I even tried copying my secedit.sdb from my Win2000 machine. I get the same
1202 event and either 0x428 or 0x4b8.
BTW. I put my Win2003 original back in place. Until 3:35 this morning, I
receive the 1202 error with a code of 0x428. After 3:35 AM it changes to
0x4b8 (at this time I start receiving the 'error deleting scp' in
Winlogon.log. I have pasted the log at this time period:
----------------------------------------------------------------------------------------------
*** This generates a 0x428 - An exception error occurred in the service when
handling the control request ***
-------------------------------------------
Friday, April 01, 2005 3:30:43 AM
Administrative privileged user logged on.
----Configuration engine was initialized successfully.----
----Reading Configuration Template info...
**************************
Error 0 to send control flag 1 over to server.
Make a local copy of
\\tclafayette1.local\sysvol\tclafayette1.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
Make a local copy of
\\tclafayette1.local\sysvol\tclafayette1.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
Process GP template gpt00000.dom.
This is not the last GPO.
-------------------------------------------
Friday, April 01, 2005 3:35:52 AM
Administrative privileged user logged on.
Parsing template C:\WINDOWS\security\templates\policies\gpt00000.dom.
Copy undo values to the merged policy.
----Un-initialize configuration engine...
Process GP template gpt00001.inf.
This is the last GPO : domain policy is ignored on DC.
-------------------------------------------
Friday, April 01, 2005 3:35:53 AM
Administrative privileged user logged on.
Parsing template C:\WINDOWS\security\templates\policies\gpt00001.inf.
----Un-initialize configuration engine...
-------------------------------------------
Friday, April 01, 2005 3:35:53 AM
Administrative privileged user logged on.
----Configuration engine was initialized successfully.----
----Reading Configuration Template info...
**************************
*** At this point the error code changes to 0x4b8 - An extended error has
occurred ***
Error 0 to send control flag 1 over to server.
Make a local copy of
\\tclafayette1.local\sysvol\tclafayette1.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
Make a local copy of
\\tclafayette1.local\sysvol\tclafayette1.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf.
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
Process GP template gpt00000.dom.
This is not the last GPO.
-------------------------------------------
Friday, April 01, 2005 3:41:02 AM
Administrative privileged user logged on.
Parsing template C:\WINDOWS\security\templates\policies\gpt00000.dom.
Error 1208: An extended error has occurred.
Error deleting SCP.
----Configuration engine was initialized with one or more errors.----
----Un-initialize configuration engine...
----------------------------------------------------------------------------------------------
If I try to view / edit my local security policy (secpol), I can access
certain parts with no error. When I attempt to access \Computer
Configuration\Windows Settings\Local Policies\User Rights Assignment or
...\Security Options, I recieve an error on secedit.sdb: An extended error has
occurred.
I believe its time to call MS, I can find no other info. There is a hotfix
for this error - KB 320099. Cameron, I wonder, do you already have the
patch, and maybe this is why you were able to resolve your issue?
My scesrv.dll version is: 5.2.3790.0, the hotfix version is: 5.2.3790.132
Thanks for listening
🙂
LThibx
"Cameron Dorrough" wrote:
> Hi. A quick question: Are you doing this in Safe Mode??
>
> My system has been fine ever since. Good luck
🙂
>
> Cameron
🙂
>
> "LThibx" <lthibx@discussions.microsoft.com> wrote in message
> news:FE3AF5D9-50BC-41EF-BEC1-7874AADD91A3@microsoft.com...
> > Please excuse my first post. My first message was inadvertantly posted
> > before it was complete.
> >
> > Glenn,
> >
> > I have the same exact problem that Cameron Dorrough had reported. I am
> > attempting to bring a new Win2003 DC online which will eventually replace
> my
> > Win2000 DC (2 separate machines). I receive the same error on my Win2003
> > box. My Win2000 DC applies GP fine. I have attempted your solution, but
> > after restarting the Win2003 server, the secedit.sdb database does not get
> > rebuilt, thought the log and chk files do.
> >
> > I now receive different events the in Applicaiton log, due the non
> existence
> > of the secedit.sdb. I have found KB article 278316 which describes how to
> > recreate it, but when I attempt to import any .inf template. I receive
> > messages under two scenarios:
> > Using secedit.sdb as the database name to create, I receive 'Access is
> > denied.
> > Import Failed. Make sure that you have rith right permissions to this
> > object'.
> >
> > Using some other db name, such as test.sdb, I receive 'An extended
> error
> > has
> > occured. Import Failed'
> >
> > I receive the messages above regardless of the .inf I choose. I am logged
> > in as Admistrator.
> > Can you provide any insight?
> >
> >
> >
> > "LThibx" wrote:
> >
> > > Glenn,
> > >
> > > I have the same exact problem that Cameron Dorrough had reported. I am
> > > attempting to bring a new Win2003 DC online which will eventually
> replace my
> > > Win2000 DC (2 separate machines). I receive the same error on my
> Win2003
> > > box. My Win2000 DC applies GP fine. I have attempted your solution,
> but
> > > after restarting the Win2003 server, the secedit.sdb database does not
> get
> > > rebuilt, thought the log and chk files do. I know receive different
> events
> > > the in Applicaiton log, due the non existence of the secedit.sdb. I have
> > > found KB article 278316 which describes how to recreate it, but when I
> > > attempt to import any .inf template. I receive messages under two
> scenarios:
> > >
> > >
> > >
> > > I have been unsuccessful in recreating the secedit.sdb. I found KB
> > > articleCan you provide any insight?
> > >
> > > "Glenn L" wrote:
> > >
> > > > I have never seen "Error deleting SCP" and don't really know
> specifically
> > > > what SCP stands for.
> > > > I don't know of any increased logging short of attaching a debugger to
> > > > winlogon.exe to find out what scecli.dll is doing when it applies.
> > > > However, I suspect this can be fixed by simply blowing away the local
> > > > security database and have it recreated.
> > > >
> > > > The procedure is straight forward, however you need to prepare for it
> and
> > > > plan for a short outage in service.
> > > > This is just a member server right?
> > > > the database (local group policy) contains out of the box security
> settings.
> > > > If you have made any modifications to the local group policy under
> "computer
> > > > configuration\windows settings\security settings, you should inventory
> those
> > > > settings.
> > > > Once the settings are inventoried, do the following:
> > > >
> > > > browse to c:\windows\security\database & rename secedit.sdb
> > > > browse to c:\windows\security & rename edb.chk, edb.log, res1.log, &
> > > > res2.log
> > > > reboot the server. A new blank database, chkpoint, and logs will be
> > > > created.
> > > > All default out of the box security and local group policy settings
> are gone
> > > > at this point.
> > > > You need to reapply them to the server.
> > > > follow the procedure in
http://support.microsoft.com/?kbid=313222
> > > > This works on W2K and W2K3 server as well.
> > > > Then reapply local security settings you inventoried previously.
> > > > At this point you should be able to execute a gpupdate /force and get
> a
> > > > *happy* scecli 1704 event.
> > > >
> > > > Cheers!
> > > >
> > > > --
> > > > Glenn L
> > > > CCNA, MCSE 2000/2003 + Security
> > > >
> > > > "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in message
> > > > news:d00jf6$3f1$1@news-02.connect.com.au...
> > > > > Thanks Glenn, I'd already set the ExtensionDebugLevel to 0x2.. is
> there
> > > > > anything else I can do?
> > > > >
> > > > > The App Log is filling up every couple of days with the SceCli error
> and
> > > > > nothing else! If there were any other errors, this might have been
> fixed
> > > > > by
> > > > > now. I'll include the entire Winlogon.log file below. None of it
> means
> > > > > anything to me (or to Microsoft apparently):
> > > > >
> > > > > *************************
> > > > > Error 0 to send control flag 1 over to server.
> > > > > GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
> > > > > GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )
> > > > >
> > > > > [Mapping] gpt00000.dom = Default Domain Policy
> > > > > -------------------------------------------
> > > > > 03/01/2005 13:09:58
> > > > > Administrative privileged user logged on.
> > > > > Invoke Registry Value Delay Filter.
> > > > > Analyze machine\software\microsoft\windows
> > > > > nt\currentversion\setup\recoveryconsole\securitylevel.
> > > > > Analyze machine\software\microsoft\windows
> > > > > nt\currentversion\setup\recoveryconsole\setcommand.
> > > > > Analyze machine\software\microsoft\windows
> > > > > nt\currentversion\winlogon\allocatecdroms.
> > > > > Analyze machine\software\microsoft\windows
> > > > > nt\currentversion\winlogon\allocatedasd.
> > > > > Analyze machine\software\microsoft\windows
> > > > > nt\currentversion\winlogon\allocatefloppies.
> > > > > Analyze machine\software\microsoft\windows
> > > > > nt\currentversion\winlogon\cachedlogonscount.
> > > > > Analyze machine\software\microsoft\windows
> > > > > nt\currentversion\winlogon\passwordexpirywarning.
> > > > > Analyze machine\software\microsoft\windows
> > > > > nt\currentversion\winlogon\scremoveoption.
> > > > > Analyze
> > > > >
> machine\software\microsoft\windows\currentversion\policies\system\disablecad
> > > > > .
> > > > > Analyze
> > > > >
> machine\software\microsoft\windows\currentversion\policies\system\dontdispla
> > > > > ylastusername.
> > > > > Analyze
> > > > >
> machine\software\microsoft\windows\currentversion\policies\system\legalnotic
> > > > > ecaption.
> > > > > Analyze
> > > > >
> machine\software\microsoft\windows\currentversion\policies\system\legalnotic
> > > > > etext.
> > > > > Analyze
> > > > >
> machine\software\microsoft\windows\currentversion\policies\system\shutdownwi
> > > > > thoutlogon.
> > > > > Analyze
> machine\system\currentcontrolset\control\lsa\auditbaseobjects.
> > > > > Analyze
> machine\system\currentcontrolset\control\lsa\crashonauditfail.
> > > > > Analyze
> > > > > machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
> > > > > Analyze
> machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
> > > > > Analyze
> machine\system\currentcontrolset\control\lsa\restrictanonymous.
> > > > > Analyze
> machine\system\currentcontrolset\control\print\providers\lanman
> > > > > print services\servers\addprinterdrivers.
> > > > > Analyze machine\system\currentcontrolset\control\session
> manager\memory
> > > > > management\clearpagefileatshutdown.
> > > > > Analyze machine\system\currentcontrolset\control\session
> > > > > manager\protectionmode.
> > > > > Analyze
> > > > >
> machine\system\currentcontrolset\services\lanmanserver\parameters\autodiscon
> > > > > nect.
> > > > > Analyze
> > > > >
> machine\system\currentcontrolset\services\lanmanserver\parameters\enableforc
> > > > > edlogoff.
> > > > > Analyze
> > > > >
> machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecu
> > > > > ritysignature.
> > > > > Analyze
> > > > >
> machine\system\currentcontrolset\services\lanmanserver\parameters\requiresec
> > > > > uritysignature.
> > > > > Analyze
> > > > >
> machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
> > > > > eplaintextpassword.
> > > > > Analyze
> > > > >
> machine\system\currentcontrolset\services\lanmanworkstation\parameters\enabl
> > > > > esecuritysignature.
> > > > > Analyze
> > > > >
> machine\system\currentcontrolset\services\lanmanworkstation\parameters\requi
> > > > > resecuritysignature.
> > > > > Analyze
> > > > >
> machine\system\currentcontrolset\services\netlogon\parameters\disablepasswor
> > > > > dchange.
> > > > > Analyze
> > > > >
> machine\system\currentcontrolset\services\netlogon\parameters\requiresignors
> > > > > eal.
> > > > > Analyze
> > > > >
> machine\system\currentcontrolset\services\netlogon\parameters\requirestrongk
> > > > > ey.
> > > > > Analyze
> > > > >
> machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechan
> > > > > nel.
> > > > > Analyze
> > > > >
> machine\system\currentcontrolset\services\netlogon\parameters\signsecurechan
> > > > > nel.
> > > > > Analyze MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl.
> > > > > Analyze MACHINE\Software\Microsoft\Non-Driver Signing\Policy.
> > > > > Analyze MACHINE\Software\Microsoft\Driver Signing\Policy.
> > > > > Parsing template C:\WINNT\security\templates\policies\gpt00000.dom.
> > > > > Error 1208: An extended error has occurred.
> > > > > Error deleting SCP.
> > > > > ----Configuration engine is initialized with error.----
> > > > >
> > > > > ----Un-initialize configuration engine...
> > > > >
> > > > > I am rather frustrated but I do appreciate your help.
> > > > >
> > > > > BTW, 'gpupdate' doesn't seem to work, but 'secedit' does and that's
> how I
> > > > > generated the above..
> > > > >
> > > > > Thanks again,
> > > > > Cameron
🙂
> > > > >
> > > > > "Glenn L" <the.only(delete)@gmail dot com> wrote in message
> > > > > news:edpIuIfHFHA.2924@TK2MSFTNGP15.phx.gbl...
> > > > >> I suggest you turn up winlogon logging to possibly get more detail
> on
> > > > > this.
> > > > >>
> > > > >>
> > > > >> Registry Location -
> > > > >>
> HKLM\Software\Microsoft\WindowsNT\CurrentVersion\WinLogon\GPExtensions\
> > > > >> {827D319E-6EAC-11D2-A4EA-00C04F79F83A
> > > > >>
> > > > >> Registry Setting - Add the REG_DWORD value
> "ExtensionDebugLevel"
> > > > >> and set it to 0x2
> > > > >>
> > > > >> Then execute a gpupdate /force
> > > > >> verify you get the 1202 event
> > > > >>
> > > > >> Then review and post the winlogon.log to this thread.
> > > > >>
> > > > >>
> > > > >> --
> > > > >> Glenn L
> > > > >> CCNA, MCSE 2000/2003 + Security
> > > > >>
> > > > >> "Cameron Dorrough" <cdorrough@nortonconsultants.com> wrote in
> message
> > > > >> news:cvgden$m3c$1@news-02.connect.com.au...
> > > > >> > Okay, maybe I should have been a bit more specific..
> > > > >> >
> > > > >> > The bottom part of my Winlogon.log shows:
> > > > >> >
> > > > >> > Parsing template
> C:\WINNT\security\templates\policies\gpt00000.dom.
> > > > >> > Error 1208: An extended error has occurred.
> > > > >> > Error deleting SCP.
> > > > >> > ----Configuration engine is initialized with error.----
> > > > >> >
> > > > >> > Does anyone know how I can fix this?
> > > > >> >
> > > > >> > Thanks,
> > > > >> > Cameron
🙂
> > > > >> >
> > > > >> > "Jerold Schulman" <Jerry@jsiinc.com> wrote in message
> > > > >> > news:qadm115lb06ipqm8njknttbrtumo6pdspk@4ax.com...
> > > > >> >>
> > > > >> >> The folowing articels were returned from the KB with a boolean
> search
> > > > >> > (scecli and 1202 and (1208 or 0x4b8)):
> > > > >> >>
http://support.microsoft.com?kbid=260715 "Event ID 1000 and 1202
> After
> > > > >> > Configuring Policies "
> > > > >> >>
http://support.microsoft.com?kbid=278316 "ESENT event IDs 1000
> 1202
> > > > >> >> 412
> > > > >> > and 454 are logged repeatedly in the Application log "
> > > > >> >>
http://support.microsoft.com?kbid=285903 "At Startup Error 1332
> Occurs
> > > > >> > Message Reports Lack of Mapping Between Account Names and
> Security IDs
> > > > >> > Inability to Find Power Users "
> > > > >> >>
http://support.microsoft.com?kbid=296854 "Restricted Groups Are
> > > > >> >> Limited
> > > > >> >> to
> > > > >> > Local Domain Members Only "
> > > > >> >>
http://support.microsoft.com?kbid=324383 "Troubleshooting SCECLI
> 1202
> > > > >> > Events "
> > > > >> >>
http://support.microsoft.com?kbid=827012 "#34Windows Cannot Read
> > > > > Template
> > > > >> > Information#34 Error Message When You Try to View a Windows
> XP-based
> > > > >> > Template in a Windows 2000 Domain "
> > > > >> >>
http://support.microsoft.com?kbid=835901 "A Restricted Groups
> policy
> > > > >> > setting may not remove security identifiers in Windows 2000
> Server "
> > > > >> >>
> > > > >> >>
> > > > >> >>
> > > > >> >> On Tue, 22 Feb 2005 15:12:30 +1100, "Cameron Dorrough"
> > > > >> > <cdorrough@nortonconsultants.com> wrote:
> > > > >> >>
> > > > >> >> >Since yesterday we are getting the following error on our main
> file
> > > > >> > server
> > > > >> >> >every 5 minutes. There are no other errors and, up until now,
> the
> > > > >> >> >box
> > > > >> >> >hasn't been touched for over a month and Group Policys haven't
> been
> > > > >> > touched.
> > > > >> >> >Our other DC's are reporting that "Security policy has been
> applied
> > > > >> >> >successfully".
> > > > >> >> >
> > > > >> >> >Event Type: Warning
> > > > >> >> >Event Source: SceCli
> > > > >> >> >Event Category: None
> > > > >> >> >Event ID: 1202
> > > > >> >> >Description:
> > > > >> >> >Security policies are propagated with warning. 0x4b8 : An
> extended
> > > > > error
> > > > >> > has
> > > > >> >> >occurred.
> > > > >> >> >
> > > > >> >> >I've read through the JSI and Microsoft articles I can find on
> this,
> > > > > but
> > > > >> > all
> > > > >> >> >seem to rely on associated error messages to find the fault.
> FWIW,
> > > > > the
> > > > >> >> >Winlogon.log file shows:
> > > > >> >> >
> > > > >> >> >Error 1208: An extended error has occurred.
> > > > >> >> > Error deleting SCP.
> > > > >> >> >
> > > > >> >> >Help! What is going on??
> > > > >> >> >
> > > > >> >> >Thanks,
> > > > >> >> >Cameron
🙂
> > > > >> >> >
> > > > >> >> >
> > > > >> >>
> > > > >> >>
> > > > >> >> Jerold Schulman
> > > > >> >> Windows Server MVP
> > > > >> >> JSI, Inc.
> > > > >> >>
http://www.jsiinc.com
> > > > >> >
> > > > >> >
> > > > >>
> > > > >>
> > > > >
> > > > >
> > > >
> > > >
> > > >
>
>
>
Facebook
Twitter
Instagram