Resolution for Event ID 1202
Sharing resolution steps for below group policy issue
Issue Description : The Application log on Windows Server contains Event ID 1202 with status code “0x534 : No mapping between account names and security IDs was done” every time security policy is applied.
Functional Loss : Group policy fails because of this
Steps performed to resolve this issue :
- Checked AD replication,found it working fine
- Checked SYSVOL status on DC and it was good
- Checked AD and SYSVOL version for the GPO along with the settings and found it to be enabled
- Since this is being applied at the domain level so went ahead and took access of server named
- Checked RSOP.msc on the same
- Found that policy is taking place but still not seeing the desired results
- Checked detailed rsop mode
- Found that security policy propagated with errors
- This is the error code Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.
- Event Id 1202 seen in application logs on the machine
- Also seen red X in rsop for this setting
- Did some research and followed these steps
- Located and then click the following registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F7 9F83A}
On the Edit menu, Changed value of below parameter
Value name: ExtensionDebugLevel
Changed its value to 2
This creates a file that is named Winlogon.log in the %SYSTEMROOT%\Security\Logs folder
Found the problem account. To do this, type the following at the command prompt, and then press ENTER:
find /i “cannot find” %SYSTEMROOT%\security\logs\winlogon.log
Got below result
C:\>find /i “cannot find” %SYSTEMROOT%\security\logs\winlogon.log
———- C:\WINDOWS\SECURITY\LOGS\WINLOGON.LOG
Cannot find Adminstrators.
Cannot find Adminstrators.
- This way figured out administrators is not the correct security principal which was added in the GPO
- Corrected GPO and removed this security principal
- Added correct one
- Ran this command gpupdate/force on server now
- Command executed successfully
- Now seen successful event 1704 which says security policy processed without any errors
- Now checked local users and groups management console
- Found that now administrators group has local admin as a member in it
- Achieved desired results
Reference Article :- https://support.microsoft.com/en-in/help/324383/troubleshooting-scecli-1202-events
Share
Comment on Resolution for Event ID 1202
Leave a Reply