Event ID 1202

KB ID 0000124 Dtd 10/11/09

Problem

Security policies were propagated with warning. 0x4b8 : An extended error has occurred.

Solution

In my case, driver signing policies.

Enable Logging

1. Enable debug logging for the Security Configuration client-side extension. To do this: a. Start Registry Editor.

b. Locate and then click the following registry subway:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonGPExtensions{827D319E-6EAC-11D2-A4EA-00C04F7 9F83A}

c. On the Edit menu, click Add Value, and then add the following registry value:

Value name: ExtensionDebugLevel
Data type: DWORD
Value data: 2

d. Quit Registry Editor.

2. Refresh the policy settings to reproduce the failure. To refresh the policy settings, type the following at the command prompt, and then press ENTER:

secedit /refreshpolicy machine_policy /enforce (Or gpupdate /force)

This creates a file that is named Winlogon.log in the %SYSTEMROOT%SecurityLogs folder.

Look at the log (Go to the bottom of the log and work upwards!)

Error from Log

—-Configure Security Policy…
Configure password information.
Configure account force logoff information.

System Access configuration was completed successfully.

Audit/Log configuration was completed successfully.

Kerberos Policy configuration was completed successfully.

Configure machinesoftwaremicrosoftdriver signingpolicy. Undo value for the undefined group policy setting <machinesoftwaremicrosoftdriver signingpolicy> wasn’t reset successfully (1627). Undo value was not removed. Error 1627: Function failed during execution. Error configuring machinesoftwaremicrosoftdriver signingpolicy. Configure machinesystemcurrentcontrolsetcontrollsalmcompatibilitylevel. There is already an undo value for group policy setting <machinesystemcurrentcontrolsetcontrollsalmcompatibilitylevel>. Configure machinesystemcurrentcontrolsetserviceslanmanserverparametersenablesecuritysignature. There is already an undo value for group policy setting <machinesystemcurrentcontrolsetserviceslanmanserverparametersenablesecuritysignature>. Configure machinesystemcurrentcontrolsetserviceslanmanserverparametersrequiresecuritysignature. There is already an undo value for group policy setting <machinesystemcurrentcontrolsetserviceslanmanserverparametersrequiresecuritysignature>. Configure machinesystemcurrentcontrolsetservicesnetlogonparametersrequiresignorseal. There is already an undo value for group policy setting <machinesystemcurrentcontrolsetservicesnetlogonparametersrequiresignorseal>. Configure machinesystemcurrentcontrolsetservicesntdsparametersldapserverintegrity. There is already an undo value for group policy setting <machinesystemcurrentcontrolsetservicesntdsparametersldapserverintegrity>.

Configuration of Registry Values was completed with one or more errors.

Changed all policies

PolicyComputer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity OptionsDevices: Unsigned driver installation behavior

to “Warn but allow”

Ran gpupdate /force on the domain controller you should see Event ID 1707 “Security policy in the group policy objects has been applied successfully”

Related Articles, References, Credits, or External Links

NA

Author: Migrated

Share This Post On