none
An Extended Error has occurred. Failed to save local policy database

    Question

  • I am trying to add a user to the Log on as a service propery in the Local Security Policy of my DC. When I do this I get this error "An Extended Error has occurred. Failed to save local policy database".

    If I click OK to the error everything looks OK, but when I go back into the property, the IIS AppPool\Classic .NET AppPool user and any other AppPool users are gone and I am unable to add them back in. I have tested this on two test networks with the same result.

    I tried to do this with a GPO, but have now lost the NT Service\All Services user too.

    I have checked the database and it is not corrupted.

    Any ideas on how to get the AppPool users and the NT Service\All Services user back in would be appreciated.

    Thanks

    Simon

    Wednesday, March 21, 2012 11:41 AM

Answers

  • Hi,

    Thanks for your post.

    Is your server running Windows Server 2008 R2? If so, please apply the following hotfix to fix the IIS AppPool\Classic .NET AppPool disappearing issue.

    "An external error has occurred" error when you change the user rights of an account in Local Security Policy in Windows Server 2008 R2
    http://support.microsoft.com/kb/2411938

    If you want to restore the database back to its original state, please refer to the following KB article to reset the security database.

    How do I restore security settings to a known working state?
    http://support.microsoft.com/kb/313222


    Best Regards,
    Aiden


    Aiden Cao

    TechNet Community Support

    • Marked as answer by SRA66 Thursday, March 22, 2012 9:02 AM
    Thursday, March 22, 2012 5:31 AM

All replies

  • Hi,

    Thanks for your post.

    Is your server running Windows Server 2008 R2? If so, please apply the following hotfix to fix the IIS AppPool\Classic .NET AppPool disappearing issue.

    "An external error has occurred" error when you change the user rights of an account in Local Security Policy in Windows Server 2008 R2
    http://support.microsoft.com/kb/2411938

    If you want to restore the database back to its original state, please refer to the following KB article to reset the security database.

    How do I restore security settings to a known working state?
    http://support.microsoft.com/kb/313222


    Best Regards,
    Aiden


    Aiden Cao

    TechNet Community Support

    • Marked as answer by SRA66 Thursday, March 22, 2012 9:02 AM
    Thursday, March 22, 2012 5:31 AM
  • Thanks for your quick reply, this resolved my problem.

    Regards

    Si

    Thursday, March 22, 2012 9:04 AM
  • does this hotfix apply to server 2008? we are seeing the same exact issue and are not running R2 yet. I have tried creating a local group and adding in the app pool accounts, but this is still against our compliance templates.  I can't think of any other options.

    Thanks.

    -TJ

    Friday, December 14, 2012 10:21 PM