m1975Michael Posted September 8, 2012 Posted September 8, 2012 Hello, I have Windows Server 2008 R2. I am receiving Event 1202, SceCli: Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done. I get this error: Cannot find IIS AppPool\Classic .NET AppPool. I reviewed this article http://support.microsoft.com/kb/977695. I found that I do have the "IIS AppPool\" prefix in front of my Classic .NET AppPool. The hotfix when run says it is not applicable for this computer. I am at a loss how to resolve this issue. Any assistance would be greatly appreciated. MichaelDefault Domain Controllers Policy.htm
allen2 Posted September 8, 2012 Posted September 8, 2012 If the hotfix doesn't install it could be that you didn't select the right architecture. Are you sure you downloaded the X64 one ?
m1975Michael Posted September 8, 2012 Author Posted September 8, 2012 If the hotfix doesn't install it could be that you didn't select the right architecture. Are you sure you downloaded the X64 one ?I rechecked to be sure but it is the x64 version. Microsoft sends you a link to download it, when you extract the files both are 64 bit, both give the same message when executed.
allen2 Posted September 8, 2012 Posted September 8, 2012 (edited) Is the Windows 2008 R2 the Service Pack 1 installed ?If yes, it is already included in it (see the xls spreadsheet in the following link). Edited September 8, 2012 by allen2
m1975Michael Posted September 9, 2012 Author Posted September 9, 2012 Is the Windows 2008 R2 the Service Pack 1 installed ?If yes, it is already included in it (see the xls spreadsheet in the following link).The Windows 2008 R2 SP1 is installed. I'm not sure why I'm still getting all these messages. Thank you kindly for replying.
allen2 Posted September 9, 2012 Posted September 9, 2012 As i understood the MS KB, you have to have the Hotfix and re-apply the gpo ( perhaps by disabling it on this server and re-enabling it after checking it doesn't apply anymore) which is setting those specific rights.
m1975Michael Posted September 10, 2012 Author Posted September 10, 2012 As i understood the MS KB, you have to have the Hotfix and re-apply the gpo ( perhaps by disabling it on this server and re-enabling it after checking it doesn't apply anymore) which is setting those specific rights.The GPO is the Default Domain Controllers Policy. Is safe to unlink it and run gpupdate /force and then relink li? This server is in production.
allen2 Posted September 10, 2012 Posted September 10, 2012 Not safe at all !!!You should modify the GPO twice (removing only the problematic user in the right assignment part that is causing the problem then wait for it to apply then re-add the user you removed). You sh(/c)ould make a backup of the gpo (and also a report) to be on the safer side but don't use the backup to re-add the user.
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now