R
RTSysAdmin
We are upgrading our Windows Server 2008 R2 SP1 machines to Server 2019. Microsoft's upgrade documentation instructs that we must first upgrade to 2012 and then 2016 before we can install 2019.
As the first step, we're upgrading a test server on a test Active Directory network to 2012 R2. During Setup, we tell it to get the available updates. However, after the upgrade is completed, but before the login prompt appears, startup displays "Please wait for the Local Session Manager" for half-a-minute or so and then the machine reboots.
We are able to log in through Safe Mode only. The Event Log shows only two faults after startup and before the reboot:
Log Name: Application
Source: SceCli
Date: 9/25/2019 4:45:27 PM
Event ID: 1202
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: orion.rte.local
Description:
Security policies were propagated with warning. 0x4b8 : An extended error has occurred.
Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events".
Log Name: Application
Source: Application Error
Date: 9/25/2019 4:45:25 PM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: orion.rte.local
Description:
Faulting application name: services.exe, version: 6.3.9600.16384, time stamp: 0x5215f8dd
Faulting module name: scesrv.dll, version: 6.3.9600.16384, time stamp: 0x5215dffc
Exception code: 0xc0000409
Fault offset: 0x0000000000036ff4
Faulting process id: 0x1dc
Faulting application start time: 0x01d573f2ced01f2b
Faulting application path: C:\Windows\system32\services.exe
Faulting module path: C:\Windows\SYSTEM32\scesrv.dll
Report Id: 299fa813-dfe6-11e9-80cc-d4ae52cd478c
Faulting package full name:
Faulting package-relative application ID:
This problem appears to be the one described in KB4075212:
We do have the policy "Obtain an impersonation token for another user in the same session" privilege defined in
Computer Configuration\Policies\Security Settings\Local Policies\User Rights
for one user. Attempting to resolve the problem without reconfiguring Group Policy for the entire domain, I put the test server in its own OU and defined the policy with no users, but that didn't work.
Unfortunately, updates cannot be installed in Safe Mode, so we can't install the update that is supposed to resolve the problem. I've tried the Microsoft recommended procedures for troubleshooting 1202 events as recommended in KB324383, but the steps give for error 0x4b8 don't apply to Server 2012. The same is true for the suggestted supplementary articles KB260715 "Event ID 1000 and 1202 After Configuring Policies" and KB278316 "ESENT Event IDs 1000, 1202, 412, and 454 Are Logged Repeatedly in the Application Event Log".
I have no idea where to go from here except to abandon the effort to upgrade and, instead, migrate to fresh OS installations, which would lengthen our upgrade time immensely. I'll be VERY grateful if someone can offer some suggestions.
[UPDATE] After extensive experimentation, it appears that Windows Server 2008 R2, when joined to a domain, cannot be upgraded to Windows Server 2012 R2. Therefore, although the problem is not solved, I am marking this issue as closed.
Continue reading...
As the first step, we're upgrading a test server on a test Active Directory network to 2012 R2. During Setup, we tell it to get the available updates. However, after the upgrade is completed, but before the login prompt appears, startup displays "Please wait for the Local Session Manager" for half-a-minute or so and then the machine reboots.
We are able to log in through Safe Mode only. The Event Log shows only two faults after startup and before the reboot:
Log Name: Application
Source: SceCli
Date: 9/25/2019 4:45:27 PM
Event ID: 1202
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: orion.rte.local
Description:
Security policies were propagated with warning. 0x4b8 : An extended error has occurred.
Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events".
Log Name: Application
Source: Application Error
Date: 9/25/2019 4:45:25 PM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: orion.rte.local
Description:
Faulting application name: services.exe, version: 6.3.9600.16384, time stamp: 0x5215f8dd
Faulting module name: scesrv.dll, version: 6.3.9600.16384, time stamp: 0x5215dffc
Exception code: 0xc0000409
Fault offset: 0x0000000000036ff4
Faulting process id: 0x1dc
Faulting application start time: 0x01d573f2ced01f2b
Faulting application path: C:\Windows\system32\services.exe
Faulting module path: C:\Windows\SYSTEM32\scesrv.dll
Report Id: 299fa813-dfe6-11e9-80cc-d4ae52cd478c
Faulting package full name:
Faulting package-relative application ID:
This problem appears to be the one described in KB4075212:
Addresses issue that causes services.exe to stop working after applying the "Obtain an impersonation token for another user in the same session” privilege to Windows Server 2012 R2 computers. These computers then enter a restart loop. The system may report the SceCli event ID 1202 with error 0x4b8. It may also report the Application Error event ID 1000 with the faulting module name scesrv.dll and the exception code 0xc0000409. This privilege was first introduced in Windows Server 2016.
We do have the policy "Obtain an impersonation token for another user in the same session" privilege defined in
Computer Configuration\Policies\Security Settings\Local Policies\User Rights
for one user. Attempting to resolve the problem without reconfiguring Group Policy for the entire domain, I put the test server in its own OU and defined the policy with no users, but that didn't work.
Unfortunately, updates cannot be installed in Safe Mode, so we can't install the update that is supposed to resolve the problem. I've tried the Microsoft recommended procedures for troubleshooting 1202 events as recommended in KB324383, but the steps give for error 0x4b8 don't apply to Server 2012. The same is true for the suggestted supplementary articles KB260715 "Event ID 1000 and 1202 After Configuring Policies" and KB278316 "ESENT Event IDs 1000, 1202, 412, and 454 Are Logged Repeatedly in the Application Event Log".
I have no idea where to go from here except to abandon the effort to upgrade and, instead, migrate to fresh OS installations, which would lengthen our upgrade time immensely. I'll be VERY grateful if someone can offer some suggestions.
[UPDATE] After extensive experimentation, it appears that Windows Server 2008 R2, when joined to a domain, cannot be upgraded to Windows Server 2012 R2. Therefore, although the problem is not solved, I am marking this issue as closed.
Continue reading...