Domain Controller SceCli event 1202

Domain Controller SceCli event 1202
Rate this post

Greetings Humans!

It is Sunday morning and I had to work very early to do some testing after a migration. There is also a lot of waiting involved so i resolved to run some checks on the health of our domain controllers. We had a lot of SceCli event 1202 warnings on every single DC.

SceCli1202_1

Those errors are potentially caused by an account that was deleted or not replicated correctly. That account is also part of the User Rights Assignment policy, most commonly on the “Logon as a service” settings.

To figure out the account that is causing the error browse to:
%SYSTEMROOT%\Security\Logs\winlogon.log
SceCli1202_2

Search for “Cannot find”

In my case I found the following:
Error 1332: No mapping between account names and security IDs was done.
Cannot find postgres_eip.

That means that the account postgres_eip does not match the SID Active Directory expects it to have. (as it no longer exists!)
To resolve the issue, find the policy that contains the User Rights Assignment, find that account and remove it.
SceCli1202_3

Enjoy the rest of your Sunday!

David

%d bloggers like this: