HELP! Event error ID 1202 & 1000 appearing in the server logs every 5 minutes.

From: Jason Ede (j.d.ede@sheffield.ac.uk)
Date: 08/28/02

• Next message: M O J O: "Help!! :o( ..... Event ID 675 (Account logon)."
• Previous message: Rob Rump: "change password/screensaver"
• Next in thread: A. Tolga KILINĒ: "Re: HELP! Event error ID 1202 & 1000 appearing in the server logs every 5 minutes."
• Reply: A. Tolga KILINĒ: "Re: HELP! Event error ID 1202 & 1000 appearing in the server logs every 5 minutes."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Jason Ede" <j.d.ede@sheffield.ac.uk>
Date: Wed, 28 Aug 2002 09:39:28 +0100

I've posted this before, but not got very far apart from working out what it
is not. The following errors are appearing in the application log on the
server every 5 minutes and on workstations about every 20mins.

Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 22/08/2002
Time: 11:39:27
User: N/A
Computer: any machine on our network
Description:
Security policies are propagated with warning. 0x5 : Access is denied.
Please look for more details in TroubleShooting section in Security Help.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 22/08/2002
Time: 11:39:27
User: NT AUTHORITY\SYSTEM
Computer: any machine on our network
Description:
The Group Policy client-side extension Security was passed flags (17) and
returned a failure status code of (5).

In response to a few replies. I've searched all I can find on the microsoft
web site, and it has nothing for the status code of 5 (Access denied) but
plenty for a range of other access codes. I then tried stopping all policies
from being applied by unticking the apply box, but the error still
persisted. Below is a list of further information that I managed to obtain,
but have been unable to get anywhere with.

I think that the access rights somewhere have got messed up. There is
nothing I can find that looks out of place though. One question is do all
users and computers need access to read all policies even if they aren't
applied to them? Could this be a problem?

Jason

With debug enabled I then get this error in the userenv.log file...

USERENV(d8.41c) 12:28:18:222 ProcessGPOs: Extension Security
ProcessGroupPolicy failed, status 0x5.

And then on running the security configuration and analysis monitor...

----Analyze General Service Settings...

General Service analysis completed with error.

----Analyze available attachment engines...
Load attachment LanManServer.
LanManServer: Query configuration information

Attachment engines analysis completed successfully.

----Reading Configuration info...

----Analyze Security Policy...
Not Configured - MinimumPasswordLength.
Not Configured - PasswordHistorySize.
Not Configured - MaximumPasswordAge.
Not Configured - MinimumPasswordAge.
Not Configured - PasswordComplexity.
Not Configured - RequireLogonToChangePassword.
Not Configured - ClearTextPassword.
Analyze password information.
Not Configured - LockoutBadCount.
Not Configured - ResetLockoutCount.
Not Configured - LockoutDuration.
Analyze account lockout information.
Not Configured - ForceLogOffWhenHourExpire.
Analyze account force logoff information.
Not Configured - NewAdministratorName.
Warning 5: Access is denied.
Error analyzing guest account.
Not Available - SecureSystemPartition.

System Access analysis completed with error.
....
....

Registry values analysis completed successfully.

----Analyze available attachment engines...

Attachment engines analysis completed successfully.

----Un-initialize analysis engine...
Warning 5: Access is denied.
Error occurs.

• Next message: M O J O: "Help!! :o( ..... Event ID 675 (Account logon)."
• Previous message: Rob Rump: "change password/screensaver"
• Next in thread: A. Tolga KILINĒ: "Re: HELP! Event error ID 1202 & 1000 appearing in the server logs every 5 minutes."
• Reply: A. Tolga KILINĒ: "Re: HELP! Event error ID 1202 & 1000 appearing in the server logs every 5 minutes."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: HELP! Event error ID 1202 & 1000 appearing in the server logs every 5 minutes. ... > Security policies are propagated with warning. ... > Please look for more details in TroubleShooting section in Security Help. ... > And then on running the security configuration and analysis monitor... ... > Analyze account force logoff information. ... (microsoft.public.win2000.security) [UNIX] PHP fopen() Warning Cross-Site Scripting Vulnerability ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... PHP's fopenfunction warning output has been found to inadequately ... PHP's default configuration is to display error output in the browser. ... If your system is running a default PHP configuration, this script will ... (Securiteam) Re: Problem when adding a component in Target Designer ... > when I try to add the component to my configuration in the Target Designer, ... > Warning 1121: Can not find file resource paths for 'IntelGraphics ... The estimated configuration size may not be accurate. ... (microsoft.public.windowsxp.embedded) Error encrypting identity element in web.config ... Using information that I got from this MSDN article: ... into problems when I try to encrypt the identity element. ... The command prompt says ""Encrypting configuration section...", ... Warning 1 The 'configProtectionProvider' attribute is not declared. ... (microsoft.public.dotnet.framework.aspnet.security) Problem when adding a component in Target Designer ... graphics chipset component), using the component designer. ... when I try to add the component to my configuration in the Target Designer, ... Warning 1121: Can not find file resource paths for 'IntelGraphics ... (microsoft.public.windowsxp.embedded)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint