none
Group Policy Error 7016 every 5 minutes in logs

    Question

  • Hi,

    I'm seeing Error with event ID 7016 every 5 mins in the log

      Microsoft-Windows-GroupPolicy/Operational

    Other info from general tab:

      Source: GroupPolicy

      Task Category: None

      User: System

      Computer: server...

      Says "Completed Security Extension Processing in 5710 milliseconds."

    On the details tab I have

    ErrorCode 1252
    CSEExtensionName Security
    CSEExtensionId {827D319E-6EAC-11D2-A4EA-00C04F79F83A}

    Running just one Server 2008 R2 standard with win 7 and xp clients. Thanks

    Been happening for last 48 hours and I'm not sure how to investigate further ?

    Wednesday, March 21, 2012 2:08 PM

Answers

All replies

  • Is it happening on the sever?

    The error code indicates "The group policy framework should call the extension even if there are no changes" (http://msdn.microsoft.com/en-us/library/ms681383(v=vs.85).aspx) which would indicate that the security extension is set to always apply settings even if they have not changed.  

    Is this happening on the sever? Security settings are applied every 5 mins, by default on a DC which could tie in with why your seeing something every 5 mins. If its on  the workstations then I would not expect to see it every 5 mins unless you have decreased the time GPOs are processed from default of 90mins. If its on the workstations it maybe could imply an issue in setting the settings, but I would expect to see another error.

    Ultimately this is not really an error as such, more of a configuration choice, but obviously can impact DCs more so.


    Regards qSilverx

    Wednesday, March 21, 2012 3:57 PM
  • Hi,

     

    As we can see from the article below, this Event 7016 can be related to CSE problem.

     

    (7016 - Error CSE processing end event: The processing of the described Group Policy client-side extension did not complete. )

     

    http://technet.microsoft.com/en-us/library/cc749336(v=ws.10).aspx

     

    I hope the article below can help us troubleshoot this issue:

     

    A test case for troubleshooting group policy application – Event ID 1085 and 7016

     

    http://blogs.technet.com/b/askds/archive/2008/08/21/a-test-case-for-troubleshooting-group-policy-application-event-id-1085-and-7016.aspx

     

    Regards

     

    Kevin

     

    Thursday, March 22, 2012 4:49 AM
  • Hi,

    Yes it's happening on the server and I'm not aware of changing anything recently on the server.

    I'm a bit confused though as "client side extension" seems to imply some processing on a client ?!

    I've only ever used group policy a few times, e.g. to deploy an msi and change a few settings like the IE home page etc

    I guess I really need a basic understanding of how Group Policy actually works under the hood ? Could anyone recommend

    some (light) reading which might help ?

    Thanks

    Thursday, March 22, 2012 8:24 AM
  • Here are a couple of links which might be useful.

    http://technet.microsoft.com/en-us/windowsserver/bb310732.aspx

    http://www.gpoguy.com/HomePage/tabid/36/Default.aspx

    In regards to the problem, look for the "Security policy processing" setting in "Computer Configuration\Administrative Templates\System\Group Policy" and see if any GPOs are configuring this. Also check the local group policy (gpedit.msc).

    If one is configuring this, try setting to "Not Configured" as see if the issue goes away. Otherwise it would look like the security extension is having problems.


    Regards qSilverx

    Thursday, March 22, 2012 3:39 PM

  • Hi,

    I understand you need a basic understanding of how Group Policy actually works.

    Other than the links provided by qSilverx, we can check the articles in the webpage below:

    Work with Group Policy Objects

    http://technet.microsoft.com/en-us/library/cc783340(v=ws.10).aspx

    Regards

    Kevin

    Friday, March 23, 2012 2:36 AM
  • Hi,

    I'm getting closer to fixing this:

    filtered on activity ID to see error occurs just after a 4016 event (Starting Security Extension Processing) on the server (5 min refresh)

    Then found the 7016 error is also logged in the application log as warning Event ID 1202: "

    Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.

    Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events".

    Some more digging using rsop and I think it's happening in default domain controllers policy (e.g. user rights assignment). Looking in winlogon.log I see errors but not sure how to progress from here ?

       28 March 2012 10:37:20
     Administrative privileged user logged on.
    ----Configuration engine was initialized successfully.----

    ----Reading Configuration Template info...


    ----Configure User Rights...
     Configure MSSQL$SIMS2008.
    Error 1332: No mapping between account names and security IDs was done.
      Cannot find MSSQL$SIMS2008.
     Configure MSSQL$SOPHOS.
    Error 1332: No mapping between account names and security IDs was done.
      Cannot find MSSQL$SOPHOS.                                                                                                                                                                                                                                                                                                                                                                                                                             

    Wednesday, March 28, 2012 2:21 PM
  •  
    >  Configure MSSQL$SIMS2008.
    >
    > Error 1332: No mapping between account names and security IDs was done.
    >   Cannot find MSSQL$SIMS2008.
    >  Configure MSSQL$SOPHOS.
    > Error 1332: No mapping between account names and security IDs was done.
    >   Cannot find MSSQL$SOPHOS.
    >
     
    You have one or more GPOs that try to configure Group Membership for
    these accounts (Restricted Groups). Find them (rsop.msc) and remove the
    accounts.
     
    sincerely, Martin
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    Thursday, March 29, 2012 11:22 AM