Troubleshooting Event ID: 1202 SceCli

On a recent service Call I found myself looking at an event log full of errors consisting of:

Event ID: 1202
Source: SceCli

Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.

Advanced help for this problem is available on http://support.microsoft.com. Query for “troubleshooting 1202 events”.

I was able to resolve this particular error by the following steps:

Run the following command from the command line:
Find /I “Cannot find” %SYSTEMROOT%\Security\Logs\winlogon.log

In my case this resulted in:

Cannot find Remote Desktop.
Cannot find Remote Desktop.
Cannot find Remote Desktop.

Goto Start, Run, and type “rsop.msc” to launch the “Resultant Set of Policy” mmc.

Notice a Red X over either Computer Configuration or Windows configuration.

Expand the folders under the appropriate category until you see a policy with a red X over it containing the user or group noted in the above error. In a column on the right it will show shich Group policy this is configured in. Most likely the policy is referencing a user or group that was deleted or has become corrupt. Adjusting the effected policy to remove the group corrects this issue.

Comments