none
Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.

    Question

  • When I try this:

    From the command prompt, type: FIND /I "Cannot find"  %SYSTEMROOT%\Security\Logs\winlogon.log

    It comes back with file not found, I do not have a winlogon.log file, I tried to change a registry setting to create the log, but still no log.How can I get this log file to help trouble shoot this error?

    What started me down this rabbit hole was our Sonic appliance (Firewall, WiFi, VPN ) suddenly can not authenticate through the RADIUS server, it comes back with Authentication Failed, or ERROR: E=691 R=0 V=3.

    I went in and ensured all the shared secrets are the same and matching, then I went to the RADIUS server to find any issues and this is when I found these certificate error.  Not sure if they are related.

    What can I do to get the WINLOGON.LOG created to help with troubleshooting?  How can I trouble shoot the RADIUS Authentication Issues?

    Thanks for any help.

    Curt Winter

    Systems Engineer

    Wednesday, January 21, 2015 9:02 PM

Answers

  • Ok I ended up getting rid of the error by manually going through all the group policy objects and removing any accounts that showed up as a SID instead of an account name, ie they where not resolving with a valid account.  Once those where removed from all the policies, I did a gpupdate again, now all the errors are gone from the event log.

    Now back to the RADIUS authentication issue, so much for these items fixing the original problem, just tested again and still getting this result:

    Radius Client Authentication Failed (MSCHAP error: E=691 R=0 V=3)

    Thursday, January 22, 2015 2:57 PM

All replies

  • >  From the command prompt, type: FIND /I "Cannot find"
    > %SYSTEMROOT%\Security\Logs\winlogon.log
     
    I never have seen a system that was joined to a domain, applied security
    policies and did NOT have this file?!?
     
     

    Martin

    Mal ein GUTES Buch über GPOs lesen?

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))
    Thursday, January 22, 2015 1:27 PM
  • Tried again this morning, still no file, that was even logged in as the root Administrator account.  Still getting the errors popping couple times an hour.  Double checked the Registry Entry at ExtensionDebugLevel still set at 2 as I was told would force the log creation.  So re-ran gpupdate /force to update, which was successful.  Checked again still no file.  This is actually the Server 2012 R2 DC which makes it even more frustrating.

    I think need to track down this certificate:

    Log Name:      Application

    Source:        Microsoft-Windows-CertificateServicesClient-AutoEnrollment

    Date:          1/22/2015 8:48:48 AM

    Event ID:      64

    Certificate for local system with Thumbprint 4a ae 56 c1 3d 83 2f c3 f7 d4 cd 65 4e f4 52 a5 e4 99 6b e6 is about to expire or already expired.

    Any thoughts?

    Curt

    Thursday, January 22, 2015 1:58 PM
  • Ok got the certificate issue correct using the following:

    On the computer generating the errors, open up the MMC by clicking the Start button and then either using the search box or Run command and typing "mmc".
    Click on File -> Add/Remove Snap-in, choose Certificates, click Add, choose Computer account, hit Next, leave Local Computer selected, click Finish and Click Ok.
    Expand Certificates and select Personal.
    On the Personal list of certificates, look for certificates that have just expired or that are about to expire and either renew them or delete them if you don't need them anymore.

    Now to find a different route to get info on this error since I still have no winlogon.log file to help guide me to the policy.

    Anyone know of a tool to check the GP that might flag these errors?

    Thursday, January 22, 2015 2:13 PM
  • Hi Curt,

    If you are asking about group policy, then run the below command and check the file.

    gpresult /h c:\gpresult.html

    Thanks,

    Umesh.S.K

    Thursday, January 22, 2015 2:22 PM
  • Ok I ended up getting rid of the error by manually going through all the group policy objects and removing any accounts that showed up as a SID instead of an account name, ie they where not resolving with a valid account.  Once those where removed from all the policies, I did a gpupdate again, now all the errors are gone from the event log.

    Now back to the RADIUS authentication issue, so much for these items fixing the original problem, just tested again and still getting this result:

    Radius Client Authentication Failed (MSCHAP error: E=691 R=0 V=3)

    Thursday, January 22, 2015 2:57 PM
  • Did you able to get winlogon.log file after you removed invalid SID accounts from GPO? Also, check the below link and see if it helps.

    http://support.microsoft.com/kb/2811487

    Thanks,

    Umesh.S.K

    Thursday, January 22, 2015 3:06 PM
  • Umesh,

    The errors stopped in the event log after I cleaned up the Group Policy.

    So we are good to go with this error.

    Thanks for your help.

    Curt Winter

    Thursday, February 19, 2015 3:26 PM