KB ID 0000124
Problem
Security policies were propagated with warning. 0x4b8 : An extended error has occurred.
Solution
In my case, driver signing policies.
Enable Logging
1. Enable debug logging for the Security Configuration client-side extension. To do this: a. Start Registry Editor.
b. Locate and then click the following registry subway:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonGPExtensions{827D319E-6EAC-11D2-A4EA-00C04F7 9F83A}
c. On the Edit menu, click Add Value, and then add the following registry value:
Value name: ExtensionDebugLevel Data type: DWORD Value data: 2
d. Quit Registry Editor.
2. Refresh the policy settings to reproduce the failure. To refresh the policy settings, type the following at the command prompt, and then press ENTER:
secedit /refreshpolicy machine_policy /enforce (Or gpupdate /force)
This creates a file that is named Winlogon.log in the %SYSTEMROOT%SecurityLogs folder.
Look at the log (Go to the bottom of the log and work upwards!)
Error from Log
—-Configure Security Policy… Configure password information. Configure account force logoff information.
System Access configuration was completed successfully.
Audit/Log configuration was completed successfully.
Kerberos Policy configuration was completed successfully.
Configure machinesoftwaremicrosoftdriver signingpolicy. Undo value for the undefined group policy setting <machinesoftwaremicrosoftdriver signingpolicy> wasn’t reset successfully (1627). Undo value was not removed. Error 1627: Function failed during execution. Error configuring machinesoftwaremicrosoftdriver signingpolicy. Configure machinesystemcurrentcontrolsetcontrollsalmcompatibilitylevel. There is already an undo value for group policy setting <machinesystemcurrentcontrolsetcontrollsalmcompatibilitylevel>. Configure machinesystemcurrentcontrolsetserviceslanmanserverparametersenablesecuritysignature. There is already an undo value for group policy setting <machinesystemcurrentcontrolsetserviceslanmanserverparametersenablesecuritysignature>. Configure machinesystemcurrentcontrolsetserviceslanmanserverparametersrequiresecuritysignature. There is already an undo value for group policy setting <machinesystemcurrentcontrolsetserviceslanmanserverparametersrequiresecuritysignature>. Configure machinesystemcurrentcontrolsetservicesnetlogonparametersrequiresignorseal. There is already an undo value for group policy setting <machinesystemcurrentcontrolsetservicesnetlogonparametersrequiresignorseal>. Configure machinesystemcurrentcontrolsetservicesntdsparametersldapserverintegrity. There is already an undo value for group policy setting <machinesystemcurrentcontrolsetservicesntdsparametersldapserverintegrity>.
Configuration of Registry Values was completed with one or more errors.
Changed all policies
PolicyComputer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity OptionsDevices: Unsigned driver installation behavior
to “Warn but allow”
Ran gpupdate /force on the domain controller you should see Event ID 1707 “Security policy in the group policy objects has been applied successfully”
Related Articles, References, Credits, or External Links
NA