Ich habe da ein Problem und hoffe jemand kann mir helfen.
Ich habe hier eine Win2000 Domäne mit 2 Win2000 Domänen-Controllern, und ganz wichtig: einer Englisch, einer deutsch beide SP4
Warum ? Kann ich nichts zu sagen, bin hier angestellt worden, da war das schon so.
Sooo, nun bekomme ich am englischen, der wohl als zweites aufgesetzt wurde immer folgende Meldung im Anwendungslog:
Quelle: SceCli
ID: 1202
Security policies are propagated with warning. 0x534 : No mapping between account names and security IDs was done.
For best results in resolving this event, log on with a non-administrative account and search
Microsoft Help and Support for "troubleshooting 1202 events".
A user account in one or more Group policy objects (GPOs) could not be resolved to a SID. This error is possibly caused by a mistyped nor deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO. To resolve this event, contact an administrator in the domain to perform the following actions:
1.Identify accounts that could not be resolved to a SID: From the command prompt, type: FIND /I "Cannot find" %SYSTEMROOT%\Security\Logs\winlogon.log
The string following "Cannot find" in the FIND output identifies the problem account names.
Example: Cannot find JohnDough.
In this case, the SID for username "JohnDough" could not be determined. This most likely occurs because the account was deleted, renamed, or is spelled differently (e.g. "JohnDoe").
2.Identify the GPOs that contain the unresolvable account name:
From the command prompt type FIND /I "JohnDough" %SYSTEMROOT%\Security\templates\policies\gpt*.*
The output of the FIND command will resemble the following:
---------- GPT00000.DOM
---------- GPT00001.DOM
SeRemoteShutdownPrivilege=JohnDough
This indicates that of all the GPO’s being applied to this machine, the unresolvable account exists only in one GPO. Specifically, the cached GPO named GPT00001.DOM.
Now we need to determine the friendly name of this GPO in the next step.
3. Locate the friendly names of each of the GPOs that contain an unresolvable account name. These GPOs were identified in the previous step.
From the command prompt, type: FIND /I "[Mapping]" %SYSTEMROOT%\Security\Logs\winlogon.log
The string following "[Mapping] gpt0000?.dom =" in the FIND output identifies the friendly names for all GPO’s being applied to this machine.
Example: [Mapping] gpt00001.dom = User Rights Policy
In this case, the GPO that contains the unresolvable account (gpt00001.dom) has a friendly name of "User Rights Policy".
4. Remove unresolved accounts from each GPO that contains an unresolvable account.
usw.
Bin also so vorgegangen und bekomme folgende Fehlermeldung in der winlogon.log:
.....
Configure S-1-5-21-1267235410-4745044-1657568248-6419.
Configure S-1-5-21-1267235410-4745044-1436646248-5020.
Configure Administratoren.
Error 1788: The trust relationship between the primary domain and the trusted domain failed.
Cannot find Administratoren.
Configure S-1-5-21-1267235410-4745044-1392534248-1315.
Es scheint also ein Problem zu sein das der englische Server mit "Administratoren" nichts anfangen kann.
Denke dass das logisch ist - im englischen heisst es ja "Administrators"
Wer kann mir helfen den Fehler aus den Logs zu entfernen....er kam übrigens erst vor 1 Monat obwohl die beiden Server schon länger nebeneinander laufen
) in die SID, indem Du "Browse" in den Optionen des Settings nutzt und die Gruppe auflösen läßt. Hierbei wird dann die SID in die Policy eingetragen.
