警告事件 ID 1202 每隔 5 分钟 记录到事件日志 解决方法
2010-05-12 12:15
411 查看
[align=left] [/align]
在我的Windows Server 2003 EE的域控制器上每隔5分钟就出现一个事件ID 1202的警告事件(警告图片和描述附下),并且在域成员的计算机上也是如此。虽然这个警告不影响域的正常工作,但困扰了我好几个月之久。今天认认真真的把警告信息看完,终于让这个讨厌的警告在事件日志中完全消失。
警告截图:
描述信息:
[align=left]Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.[/align]
[align=left] [/align]
[align=left]Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events". [/align]
[align=left] [/align]
[align=left]Error 0x534 occurs when a user account in one or more Group Policy objects (GPOs) could not be resolved to a SID. This error is possibly caused by a mistyped or deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO. To resolve this event, contact an administrator in the domain to perform the following actions: [/align]
[align=left] [/align]
[align=left]1. Identify accounts that could not be resolved to a SID:[/align]
[align=left] [/align]
[align=left]From the command prompt, type: FIND /I "Cannot find" %SYSTEMROOT%\Security\Logs\winlogon.log[/align]
[align=left] [/align]
[align=left]The string following "Cannot find" in the FIND output identifies the problem account names.[/align]
[align=left] [/align]
[align=left]Example: Cannot find JohnDough.[/align]
[align=left] [/align]
[align=left]In this case, the SID for username "JohnDough" could not be determined. This most likely occurs because the account was deleted, renamed, or is spelled differently (e.g. "JohnDoe"). [/align]
[align=left] [/align]
[align=left]2. Use RSoP to identify the specific User Rights, Restricted Groups, and Source GPOs that contain the problem accounts:[/align]
[align=left] [/align]
[align=left]a. Start -> Run -> RSoP.msc[/align]
[align=left]b. Review the results for Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment and Computer Configuration\Windows Settings\Security Settings\Local Policies\Restricted Groups for any errors flagged with a red X.[/align]
[align=left]c. For any User Right or Restricted Group marked with a red X, the corresponding GPO that contains the problem policy setting is listed under the column entitled "Source GPO". Note the specific User Rights, Restricted Groups and containing Source GPOs that are generating errors. [/align]
[align=left] [/align]
[align=left]3. Remove unresolved accounts from Group Policy[/align]
[align=left] [/align]
[align=left]a. Start -> Run -> MMC.EXE[/align]
[align=left]b. From the File menu select "Add/Remove Snap-in..."[/align]
[align=left]c. From the "Add/Remove Snap-in" dialog box select "Add..."[/align]
[align=left]d. In the "Add Standalone Snap-in" dialog box select "Group Policy" and click "Add"[/align]
[align=left]e. In the "Select Group Policy Object" dialog box click the "Browse" button.[/align]
[align=left]f. On the "Browse for a Group Policy Object" dialog box choose the "All" tab[/align]
[align=left]g. For each source GPO identified in step 2, correct the specific User Rights or Restricted Groups that were flagged with a red X in step 2. These User Rights or Restricted Groups can be corrected by removing or correcting any references to the problem accounts that were identified in step 1.[/align]
[align=left] [/align]
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
解决方法参考日志的建议,操作过程如下:
1、 识别不能解析SID的 帐户,在日志中找不到这样的用户,所以判 断并不是这个原因引起的。
2、 检查工作不正常的域策略
A、开始--运—rsop.msc
B、查看“计算机配置\Windows 设置\安全设置\本地策略\用户权限分配”和“计算机配置\Windows 设置\安全设置\本地策略\受限制的组”的结果,查找用红色的 X 标记的。在对应位置里找到了有X标记的错误内容:
打开这个X标志的属性,选择第二个“优先权”查看,这个应用的策略位置为“默认的域策略”
C、在域控制器上,打开组策略编辑器,找到对应策略的应用位置,将这个错误的账号删除并添加正确的用户组或者选择不定义该策略即可。
我这里选择不定义,问题得到解决。
在我的Windows Server 2003 EE的域控制器上每隔5分钟就出现一个事件ID 1202的警告事件(警告图片和描述附下),并且在域成员的计算机上也是如此。虽然这个警告不影响域的正常工作,但困扰了我好几个月之久。今天认认真真的把警告信息看完,终于让这个讨厌的警告在事件日志中完全消失。
警告截图:
描述信息:
[align=left]Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.[/align]
[align=left] [/align]
[align=left]Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events". [/align]
[align=left] [/align]
[align=left]Error 0x534 occurs when a user account in one or more Group Policy objects (GPOs) could not be resolved to a SID. This error is possibly caused by a mistyped or deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO. To resolve this event, contact an administrator in the domain to perform the following actions: [/align]
[align=left] [/align]
[align=left]1. Identify accounts that could not be resolved to a SID:[/align]
[align=left] [/align]
[align=left]From the command prompt, type: FIND /I "Cannot find" %SYSTEMROOT%\Security\Logs\winlogon.log[/align]
[align=left] [/align]
[align=left]The string following "Cannot find" in the FIND output identifies the problem account names.[/align]
[align=left] [/align]
[align=left]Example: Cannot find JohnDough.[/align]
[align=left] [/align]
[align=left]In this case, the SID for username "JohnDough" could not be determined. This most likely occurs because the account was deleted, renamed, or is spelled differently (e.g. "JohnDoe"). [/align]
[align=left] [/align]
[align=left]2. Use RSoP to identify the specific User Rights, Restricted Groups, and Source GPOs that contain the problem accounts:[/align]
[align=left] [/align]
[align=left]a. Start -> Run -> RSoP.msc[/align]
[align=left]b. Review the results for Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment and Computer Configuration\Windows Settings\Security Settings\Local Policies\Restricted Groups for any errors flagged with a red X.[/align]
[align=left]c. For any User Right or Restricted Group marked with a red X, the corresponding GPO that contains the problem policy setting is listed under the column entitled "Source GPO". Note the specific User Rights, Restricted Groups and containing Source GPOs that are generating errors. [/align]
[align=left] [/align]
[align=left]3. Remove unresolved accounts from Group Policy[/align]
[align=left] [/align]
[align=left]a. Start -> Run -> MMC.EXE[/align]
[align=left]b. From the File menu select "Add/Remove Snap-in..."[/align]
[align=left]c. From the "Add/Remove Snap-in" dialog box select "Add..."[/align]
[align=left]d. In the "Add Standalone Snap-in" dialog box select "Group Policy" and click "Add"[/align]
[align=left]e. In the "Select Group Policy Object" dialog box click the "Browse" button.[/align]
[align=left]f. On the "Browse for a Group Policy Object" dialog box choose the "All" tab[/align]
[align=left]g. For each source GPO identified in step 2, correct the specific User Rights or Restricted Groups that were flagged with a red X in step 2. These User Rights or Restricted Groups can be corrected by removing or correcting any references to the problem accounts that were identified in step 1.[/align]
[align=left] [/align]
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
解决方法参考日志的建议,操作过程如下:
1、 识别不能解析SID的 帐户,在日志中找不到这样的用户,所以判 断并不是这个原因引起的。
2、 检查工作不正常的域策略
A、开始--运—rsop.msc
B、查看“计算机配置\Windows 设置\安全设置\本地策略\用户权限分配”和“计算机配置\Windows 设置\安全设置\本地策略\受限制的组”的结果,查找用红色的 X 标记的。在对应位置里找到了有X标记的错误内容:
打开这个X标志的属性,选择第二个“优先权”查看,这个应用的策略位置为“默认的域策略”
C、在域控制器上,打开组策略编辑器,找到对应策略的应用位置,将这个错误的账号删除并添加正确的用户组或者选择不定义该策略即可。
我这里选择不定义,问题得到解决。
相关文章推荐
- 在应用程序日志中重复记录 ESENT 事件 ID 1000、1202、412 和 454
- dc应用程序日志 事件id1030 1058 每五分钟出现一次的解决方法
- Windows Server 2003系统日志大量出现ID为333的事件的解决方法
- 解决在Windows和Windows Server的应用程序日志中记录了”事件ID 4107”或”事件ID 11”错误问题
- 在应用程序日志中重复记录 ESENT 事件 ID 1000、1202、412 和 454
- 解决在Windows和Windows Server的应用程序日志中记录了”事件ID 4107”或”事件ID 11”错误问题
- 【日常一篇】服务器事件ID1111日志错误(即打印机驱动问题)解决方法
- 警告: 程序集绑定日志记录被关闭。解决方法
- 事件 ID: 3001错误的解决方法
- 在workflow中,无法为实例 ID“...”传递接口类型“...”上的事件“...” 问题的解决方法。
- 电脑突然死机,系统日志记录事件ID=6008
- 集成支付宝的UTDID警告解决方法
- 在cron启动定时任务后总是会启动一个[sendmail] 进程的解决方法, 并且每次cron任务之后msmtp.log总是记录一条发送失败的日志
- .NET中获取Access新增记录Id怪现象解决方法
- 应用程序无法启动,因为应用程序的并行配置不正确。有关详细信息,请参阅应用程序事件日志,或使用命令行sxstrace.exe工具。解决方法
- Header V3 DSA signature: NOKEY, key ID 警告 原因以及解决方法
- 事件 ID: 3001错误的解决方法
- windows2003事件日志中出现错误代码1000008e 解决方法
- 基于Windows Server 2003/2008 域控制器Event ID 5807的事件解决方法 推荐
- 錯誤事件ID:7026(“下列引导或系统启动驱动程序无法加载: cdrom”)的解决方法