Home / Articles / Windows / Resolution for Event ID 1202

Resolution for Event ID 1202

Sharing resolution steps for below group policy issue

 

Issue Description : The Application log on Windows Server contains Event ID 1202 with status code “0x534 : No mapping between account names and security IDs was done” every time security policy is applied.

 

Functional Loss : Group policy fails because of this

 

Steps performed to resolve this issue :

 

  • Checked AD replication,found it working fine
  • Checked SYSVOL status on DC and it was good
  • Checked AD and SYSVOL version for the GPO along with the settings and found it to be enabled
  • Since this is being applied at the domain level so went ahead and took access of server named
  • Checked RSOP.msc on the same
  • Found that policy is taking place but still not seeing the desired results
  • Checked detailed rsop mode
  • Found that security policy propagated with errors
  • This is the error code Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.
  • Event Id 1202 seen in application logs on the machine
  • Also seen red X in rsop for this setting
  • Did some research and followed these steps
  • Located and then click the following registry subkey:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F7 9F83A}

On the Edit menu, Changed value of below parameter

Value name: ExtensionDebugLevel

 

Changed its value to 2

This creates a file that is named Winlogon.log in the %SYSTEMROOT%\Security\Logs folder

Found the problem account. To do this, type the following at the command prompt, and then press ENTER:

find /i “cannot find” %SYSTEMROOT%\security\logs\winlogon.log

 

Got below result

 

C:\>find /i “cannot find” %SYSTEMROOT%\security\logs\winlogon.log

 

———- C:\WINDOWS\SECURITY\LOGS\WINLOGON.LOG

Cannot find Adminstrators.

Cannot find Adminstrators.

 

  • This way figured out administrators is not the correct security principal which was added in the GPO
  • Corrected GPO and removed this security principal
  • Added correct one
  • Ran this command gpupdate/force on server now
  • Command executed successfully
  • Now seen successful event 1704 which says security policy processed without any errors
  • Now checked local users and groups management console
  • Found that now administrators group has local admin as a member in it
  • Achieved desired results

 

Reference Article :- https://support.microsoft.com/en-in/help/324383/troubleshooting-scecli-1202-events

 

Share


Comment on Resolution for Event ID 1202

Leave a Reply






Contact Us