A
aacable
We have 2 Domain controller (windows fully updated)
in Event Viewer on both DC's, I am receiving lots of 1202 errors
Text
Event 2012 SECLI
Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.
When I run find command on domain controller,
Text
FIND /I "Cannot find" %SYSTEMROOT%\Security\Logs\winlogon.log
I get following result
Text
Cannot find administrator@vsphere.local.
Cannot find admin.
Cannot find dbServiceOQS.
Cannot find daaadm.
Cannot find Local Administrators.
Cannot find opradm.
Cannot find Oqsadm.
Cannot find dbServiceDAA.
Cannot find dbServiceODV.
Cannot find dbServiceOPR.
Cannot find XXXdbdev\dbServiceDAA.
Cannot find XXXdbdev\dbServiceODV.
Cannot find semwebsrv.
Cannot find semsrv.
Cannot find semapisrv.
Cannot find dbServiceR3Q.
Cannot find dbServiceR3D.
Cannot find S-1-5-80-948765316-811284391-187558744-2005173589-387111393.
Cannot find S-1-5-80-3958276243-2739099675-334681800-2039304502-2384811254.
Cannot find S-1-5-80-3784820641-2391269600-1434288029-1177689286-1786581930.
Cannot find S-1-5-80-1625573271-3360770164-1808504902-59951099-39959922.
Cannot find administrator@vsphere.local.
all of above accounts are not part of DOMAIN, they are created in different application servers like SAP, SQL, etc some are local application servers specific accounts which are responsible to start stop various services like in SAP servers or perform other tasks in local application system.
When I run RSoP.msc on domain or client , I get this
how can I settle this? If I remove these accounts then many services on various application servers will not work as they require rights in order to perform.
Can I ignore these messages?
Continue reading...
- dc01 - Windows 2008 R2
- dc02 - Windows 2012 R2 > added recently
in Event Viewer on both DC's, I am receiving lots of 1202 errors
Text
Event 2012 SECLI
Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.
When I run find command on domain controller,
Text
FIND /I "Cannot find" %SYSTEMROOT%\Security\Logs\winlogon.log
I get following result
Text
Cannot find administrator@vsphere.local.
Cannot find admin.
Cannot find dbServiceOQS.
Cannot find daaadm.
Cannot find Local Administrators.
Cannot find opradm.
Cannot find Oqsadm.
Cannot find dbServiceDAA.
Cannot find dbServiceODV.
Cannot find dbServiceOPR.
Cannot find XXXdbdev\dbServiceDAA.
Cannot find XXXdbdev\dbServiceODV.
Cannot find semwebsrv.
Cannot find semsrv.
Cannot find semapisrv.
Cannot find dbServiceR3Q.
Cannot find dbServiceR3D.
Cannot find S-1-5-80-948765316-811284391-187558744-2005173589-387111393.
Cannot find S-1-5-80-3958276243-2739099675-334681800-2039304502-2384811254.
Cannot find S-1-5-80-3784820641-2391269600-1434288029-1177689286-1786581930.
Cannot find S-1-5-80-1625573271-3360770164-1808504902-59951099-39959922.
Cannot find administrator@vsphere.local.
all of above accounts are not part of DOMAIN, they are created in different application servers like SAP, SQL, etc some are local application servers specific accounts which are responsible to start stop various services like in SAP servers or perform other tasks in local application system.
When I run RSoP.msc on domain or client , I get this
how can I settle this? If I remove these accounts then many services on various application servers will not work as they require rights in order to perform.
Can I ignore these messages?
Continue reading...