dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
713
share rss forum feed


PToN
Premium
join:2001-10-04
Houston, TX

Security policies were propagated with warning. 0x534

WTF?

Ok, all of the sudden today a user calls with "not being able to open Word" (That's what she calls it when she cant access a mapped drive). I go to check it out and in fact, she cannot access any of the drives. Ok. Reboot. Computer logs in, this time none of the maps were set. Event viewer said it just couldnt process the GPO... WTF.

So i check the server event logs and nothing on the file server, but this is escalating, getting more and more calls.. Go into the AD and i see the "Warning" from SceCli (which, it should be more like a critical error given everything that can happen). Following the log's instructions, i found that 4 security policies have been marked with an X as per RSoP.

I also find that:
"DefaultAppPool"
"Classic .NET AppPool"
"WdiServiceHost"

could not be found...

In fact, i still cannot see those accounts anywhere in my AD, nor as local accounts. So i went with this KB »support.microsoft.com/kb/2000705 and i was able to get the clients to be able to reconnect and access network resources that rely on SID resolutions. But my ADs are still reporting the warning.

After i did what the KB mentioned, i saw the number of security policies marked with an X go from 4 to 3.

I dont mess around with the Default policies, nor i apply GPOs to the AD containers so they pretty much are just out of the box.

I am almost sure that if i go into those 3 policies and remove the entries for the references to DefaultAppPool and Classic .NET AppPool, the RSoP will stop reporting errors in them, but i dont know if this will affect anything else...

Any ideas on what else i can do to ping point the root of the problem?

Thanks.


exocet_cm
Free at last, free at last
Premium
join:2003-03-23
New Orleans, LA
kudos:3
Standard questions: any new updates applied recently? What changes were recently made?


PToN
Premium
join:2001-10-04
Houston, TX
No updates.

The only thing i did recently was to create a GPO that enables and configures WinRM with CredSSP and another one that added the Google Chrome ADMX. However, these were only applied to the "workstations" OU and not to the Domain Controllers or Servers OU.

The 2 controllers were the only ones reporting the errors/warnings..