Problem with AD Win2000 Server: Error IDs 1000 & 1202
Security policies are propagated with warning. 0x534 : No mapping between account names and security IDs was done. Please look for more details in TroubleShooting section in Security Help. The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (1332).
Security policies are propagated with warning. 0x534 : No mapping between account names and security IDs was done.
Please look for more details in TroubleShooting section in Security Help.
The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (1332).
This is from winlogon.log which was generated after reading up on technet about the problem...
Configure IWAM_ALPHA-NEW.
Error 1332: No mapping between account names and security IDs was done.
Cannot find IWAM_ALPHA-NEW.
Configure IUSR_ALPHA-NEW.
Error 1332: No mapping between account names and security IDs was done.
Cannot find IUSR_ALPHA-NEW.
User account does not excist, and no folders/shares/group policy objects that we could see contain this object.
Brief history is our main DC is called "Alpha", however before we setup AD it was called "Alpha-New" as we still had the old servers (which used the same names) running (summer upgrade)
So any ideas how to stop it or where to look?
Did find that another server running iis had anon access configured to use iusr_alpha-new on another server but that rather strangely had iusr_alpha-new setup as a local account(?)...
Help!
Please look for more details in TroubleShooting section in Security Help.
The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (1332).
This is from winlogon.log which was generated after reading up on technet about the problem...
Configure IWAM_ALPHA-NEW.
Error 1332: No mapping between account names and security IDs was done.
Cannot find IWAM_ALPHA-NEW.
Configure IUSR_ALPHA-NEW.
Error 1332: No mapping between account names and security IDs was done.
Cannot find IUSR_ALPHA-NEW.
User account does not excist, and no folders/shares/group policy objects that we could see contain this object.
Brief history is our main DC is called "Alpha", however before we setup AD it was called "Alpha-New" as we still had the old servers (which used the same names) running (summer upgrade)
So any ideas how to stop it or where to look?
Did find that another server running iis had anon access configured to use iusr_alpha-new on another server but that rather strangely had iusr_alpha-new setup as a local account(?)...
Help!
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
Unfortunately, error 1000 is one of the most general errors there is and 1202 can be related to DBs, and therefore could simply mean that there was no data in the DB matching the request, a bad connection, or a failed/corrupt DB. I would recommend hitting the knowledgebase to try and filter out what it might be. Also, make sure to get all the DCs up to date on their patches and MDAC upgrades (for the DBs). With respect to the iusr account, you *want* that to be a local account on a member server that's hosting IIS. In other words, you should never host IIS on a domain controller, and since IIS would have to be on a member server then by default you would have a local account.
http://search.microsoft.com/advanced_search.asp?qu=&siteid=us/itresources
http://search.microsoft.com/advanced_search.asp?qu=&siteid=us/itresources