Re: secedit.sdb problem
- From: v-haozou@xxxxxxxxxxxxxxxxxxxx (Kenxl Zou (MSFT))
- Date: Thu, 09 Feb 2006 10:16:57 GMT
Hello Matthew,
Thank you for your reply.
Yes, the secedit.sdb does get re-created during sysprep. So we may get a
corrupted secedit.sdb.
Now the workaround to this issue is to apply the following hotfix to the XP
clients:
http://support.microsoft.com/?id=884018
Please let me know if you have any other concerns, or need anything else.
Sincerely,
Kenxl Zou
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Date: Tue, 07 Feb 2006 07:59:50 -0600<oD##0T9KGHA.3680@xxxxxxxxxxxxxxxxxxxxx>
From: Matthew Clark <MD-Clark@xxxxxxxxxxxxxx>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
Subject: Re: secedit.sdb problem
References: <eY33nM0KGHA.2040@xxxxxxxxxxxxxxxxxxxx>
In-Reply-To: <oD##0T9KGHA.3680@xxxxxxxxxxxxxxxxxxxxx>microsoft.public.windows.server.active_directory:63137
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Message-ID: <OlqmB7#KGHA.3052@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.windows.server.active_directory
NNTP-Posting-Host: matt.wiu.edu 143.43.192.31
Lines: 1
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl
X-Tomcat-NG: microsoft.public.windows.server.active_directorydatabase
Do you know why this only seems to occur on newer machines and not our
older ones? Does the Secedit.sdb file get re-created during sysprep, or
would a possible fix be to delete the file on our master image and let
it re-create itself when it joins the domain?
Thanks!
Kenxl Zou (MSFT) wrote:
Hello Matthew,
Thank you for posting.
From your post, my understanding on this issue is: You want to know why
your newer gateway machines will got secedit.sdb corrupted. If I'm off
base, please feel free to let me know.
Based on my research, your problem may be caused by sysprep. The
resolution is to Apply the following hotfix to the XP clients:
http://support.microsoft.com/?id=884018
Under some circumstances, the security database is dirty, and the
computerlog files must be used to reconcile the database state after the
filesis restarted.This process occurs during the Sysprep process and may be
experienced during other restarts. After the next restart, Security
Templates deletes these log files.
This hotfix alters the logic in Security Templates so that these log
Whenare not deleted until the database has been restored to a good state.
availablethe database becomes corrupted, the following log files are not
rights.in the C:\Windows\Security folder:
- Edb.log
- Res1.log
- Res2.log
Please let me know if you have any other concerns, or need anything else.
Sincerely,
Kenxl Zou
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no
newer
--------------------
Date: Mon, 06 Feb 2006 11:31:21 -0600microsoft.public.windows.server.active_directory:63007
From: Matthew Clark <MD-Clark@xxxxxxxxxxxxxx>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
Subject: secedit.sdb problem
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Message-ID: <eY33nM0KGHA.2040@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.windows.server.active_directory
NNTP-Posting-Host: matt.wiu.edu 143.43.192.31
Lines: 1
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl
X-Tomcat-NG: microsoft.public.windows.server.active_directory
We are having a problem in our labs, where our newer gateway machines
are not getting security permissions pushed out in Group policies, but
older machines are. We get the error
"Security policies were propagated with warning.
0x4b8 : An extended error has occurred.
For best results in resolving this event, log on with a
non-administrative account and search http://support.microsoft.com for
"Troubleshooting Event 1202's".
"
In doing reading, I deleted the Secedit.sdb file and rebooted and it
fixed the problem. My question is why is this occuring on ALL our
gateway machines, and not others? I should clarify that use Ghost and
do a sysprep on the master image before deploying it to the machines.
Is there something I can do policy wise to try and fix this or keep it
from happening in the future?
Thanks,
Matthew
.
- References:
- secedit.sdb problem
- From: Matthew Clark
- RE: secedit.sdb problem
- From: Kenxl Zou (MSFT)
- Re: secedit.sdb problem
- From: Matthew Clark
- secedit.sdb problem
- Prev by Date: User Login Time on windows 2000 profesional on Domain
- Next by Date: Re: ADAM Replication - 1 instance off issue
- Previous by thread: Re: secedit.sdb problem
- Next by thread: Problem with User Logon script
- Index(es):
Relevant Pages
|
Loading
