Event ID 1000 and 1202 Messages May Occur Every Five Minutes on the Domain Controller (279432)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
This article was previously published under Q279432

SYMPTOMS

After you modify Group Policy in a Windows 2000 domain, the following error messages may be logged in the Application event log of the domain controller every five minutes:
Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
User: N/A
Computer: ComputerName
Description:
Security policies are propagated with warning. 0x6fc : The trust relationship between the primary domain and the trusted domain failed. Please look for more details in TroubleShooting section in Security Help.

-and-

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
User: NT AUTHORITY\SYSTEM
Computer: SLDN220IN
Description:
The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (1332).
You may also receive the following error messages in the Application event log:
Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
User: N/A
Computer: ComputerName
Description:
Security policies are propagated with warning. 0x534 : No mapping between account names and security IDs was done. Please look for more details in TroubleShooting section in Security Help.

-and-

Event Type: Error
Event Source: Userenv
Event Category: None
Time: 17:31
User: NT AUTHORITY\SYSTEM
Computer: SLDN220IN
Description:
The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (1332).

CAUSE

This issue can occur if the link from the Default Domain Controllers policy to the Domain Controllers organizational unit has been broken.

RESOLUTION

To resolve this issue, add a Group Policy object link for the Default Domain Controller policy to the Domain Controllers organizational unit:
  1. Start the Active Directory Users and Computers snap-in.
  2. Right-click the Domain Controllers organizational unit and click Properties.
  3. Click the Group Policy tab, and then click Add.
  4. Click the All tab, click Default Domain Controllers policy and then click OK.
  5. Quit the Active Directory Users and Computers snap-in.

MORE INFORMATION

These error messages can also occur if you move the domain controller account from the Domain Controllers organizational unit to another organizational unit, and you do not link the Default Domain Controllers policy to the new organizational unit.
Modification Type:MajorLast Reviewed:9/22/2003
Keywords:kbenv kberrmsg kbprb KB279432
©2003 Microsoft Corporation. All rights reserved.