Re: secedit.sdb problem
- From: Matthew Clark <MD-Clark@xxxxxxxxxxxxxx>
- Date: Tue, 07 Feb 2006 07:59:50 -0600
Do you know why this only seems to occur on newer machines and not our older ones? Does the Secedit.sdb file get re-created during sysprep, or would a possible fix be to delete the file on our master image and let it re-create itself when it joins the domain?
Thanks!
Kenxl Zou (MSFT) wrote:
Hello Matthew,.
Thank you for posting.
From your post, my understanding on this issue is: You want to know why your newer gateway machines will got secedit.sdb corrupted. If I'm off base, please feel free to let me know.
Based on my research, your problem may be caused by sysprep. The resolution is to Apply the following hotfix to the XP clients:
http://support.microsoft.com/?id=884018
Under some circumstances, the security database is dirty, and the database log files must be used to reconcile the database state after the computer is restarted.This process occurs during the Sysprep process and may be experienced during other restarts. After the next restart, Security Templates deletes these log files.
This hotfix alters the logic in Security Templates so that these log files are not deleted until the database has been restored to a good state. When the database becomes corrupted, the following log files are not available in the C:\Windows\Security folder:
- Edb.log
- Res1.log
- Res2.log
Please let me know if you have any other concerns, or need anything else.
Sincerely,
Kenxl Zou
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue. =====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------Date: Mon, 06 Feb 2006 11:31:21 -0600microsoft.public.windows.server.active_directory:63007
From: Matthew Clark <MD-Clark@xxxxxxxxxxxxxx>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
Subject: secedit.sdb problem
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Message-ID: <eY33nM0KGHA.2040@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.windows.server.active_directory
NNTP-Posting-Host: matt.wiu.edu 143.43.192.31
Lines: 1 Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
Xref: TK2MSFTNGXA02.phx.gblX-Tomcat-NG: microsoft.public.windows.server.active_directory
We are having a problem in our labs, where our newer gateway machines are not getting security permissions pushed out in Group policies, but older machines are. We get the error
"Security policies were propagated with warning.
0x4b8 : An extended error has occurred.
For best results in resolving this event, log on with a non-administrative account and search http://support.microsoft.com for "Troubleshooting Event 1202's".
"
In doing reading, I deleted the Secedit.sdb file and rebooted and it fixed the problem. My question is why is this occuring on ALL our newer gateway machines, and not others? I should clarify that use Ghost and do a sysprep on the master image before deploying it to the machines. Is there something I can do policy wise to try and fix this or keep it from happening in the future?
Thanks,
Matthew
- Follow-Ups:
- Re: secedit.sdb problem
- From: Kenxl Zou (MSFT)
- Re: secedit.sdb problem
- References:
- secedit.sdb problem
- From: Matthew Clark
- RE: secedit.sdb problem
- From: Kenxl Zou (MSFT)
- secedit.sdb problem
- Prev by Date: Re: Migration of NT 4 Policies to Windows Server 2003 Group Policy
- Next by Date: Re: alia name mapped to domain name
- Previous by thread: RE: secedit.sdb problem
- Next by thread: Re: secedit.sdb problem
- Index(es):
Relevant Pages
|
