Microsoft KB Archive/284461

= Event ID1000 and Event ID 1202 Messages Are Reported When You Set Security on the File Replication Service by Using Group Policy =

Article ID: 284461

Article Last Modified on 3/1/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q284461



IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SYMPTOMS
If you configure the Startup mode and security settings on the File Replication service (FRS) through Group Policy, the following error messages may be logged in the Application event log in Event Viewer:

Event Type: Warning

Event Source: SceCli

Event Category: None

Event ID: 1202

Date: 1/4/2001

Time: 1:01:30 PM

User: N/A

Computer: Server

Description:

Security policies are propagated with warning. 0x5 : Access is denied. Please look for more details in Troubleshooting section in Security Help.

-and-

Event Type: Error

Event Source: Userenv

Event Category: None

Event ID: 1000

Date: 1/4/2001

Time: 1:01:30 PM

User: NT AUTHORITY\SYSTEM

Computer: Server

Description:

The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (5).

If you enable Security Configuration Client logging (which produces the Winlogon.log file), the following error message is logged in Winlogon.log:

Configure NtFrs.

Warning 5: Access is denied.

Error opening NtFrs.

General Service configuration completed with error.



CAUSE
This issue occurs because of the locked-down security that was originally set on the FRS through Group Policy. When you attempt to configure the FRS through Group Policy, the policy engine no longer has the permission to set security on the FRS and does not attempt to take ownership of the FRS.



RESOLUTION
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To reset security on the FRS:  Navigate to the following policy in the Group Policy object (GPO) where security has been set on the FRS:

Computer Configuration\Windows Settings\Security Settings\System Services

 Right-click File Replication Service and click Security. Give the System and Administrators groups Full Control permissions. Verify that the edited policy has been replicated to all domain controllers. Start Registry Editor (Regedt32.exe). Locate and click the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTFRS

</li> Delete the Security subkey.</li> Restart the computer.</li></ol>

To confirm that the security policy has been successfully applied, check for consecutive &quot;Event ID 1704&quot; messages in the Application event log.

<div class="moreinformation_section">

MORE INFORMATION
This issue may also occur when you attempt to configure other computer services.

Additional query words: FRS NTFRS Winlogon log GP

Keywords: kbenv kberrmsg kbprb kbsecurity KB284461

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.