Windows Server 2008 R2 domain controller: Fixing SceCli Event 1202

When running IIS, SQL Server, or SharePoint on a Windows Server 2008 R2 domain controller, you may encounter this error:

Application Event
Event ID: 1202
Source: SceCli
Security Policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.

I ran into this error when building a virtual machine to run a self contained SharePoint environment, which required that the VM also be a domain controller. This event will show up repeatedly every few minutes in the application event log. The error occurs because the domain controller doesn’t have a concept of “local” accounts and doesn’t know how to resolve some account names that are added by IIS and SQL Server to the domain controller security policy. Microsoft has released a hotfix 977695 to resolve the issue.

This KB article from Microsoft does a great job explaining the issue, so I won’t go into too much detail. After installing the hotfix, you must manually add the proper prefixes to the account names causing the issue in Group Policy. This fixes the problem and will stop the frequent warnings in the application event log.

Related posts:

Leave a Reply

Your email address will not be published. Required fields are marked *