Share via

Windows server 2016 event SceCli 1202

Anonymous
2023-11-06T12:41:11+00:00

Hello all,

i have problem on one windows server 2016. When i open event log i see all notice for SceCli event id 1202

The security policy was distributed with a warning. 0xd : Invalid data. Detailed help on this issue can be found at http://support.microsoft.com. Search for this text: troubleshooting 1202 events.

the problem repeats every 5 minutes.

Can someone please advise me?

Thank you very much

  • <Event xmlns="**http://schemas.microsoft.com/win/2004/08/events/event**">
  • <System> <Provider Name="SceCli" /><EventID Qualifiers="32768">1202</EventID><Level>3</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime="2023-11-06T11:59:49.355044500Z" /><EventRecordID>11447</EventRecordID><Channel>Application</Channel>
Windows for business | Windows Server | Performance | Other

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-11-07T05:46:38+00:00

    Hello

    Thank you for posting in Microsoft Community forum.

    The SceCli 1202 event on your Windows Server 2016 indicates that the security policy was propagated with a warning. The error code 0xd suggests invalid data.

    Here are some steps to troubleshoot this issue:

    Determine the account causing the failure: Enable debug logging for the Security Configuration client-side extension. You can do this by editing the registry. Locate and select the following registry subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}. Add the following registry value: Value name: ExtensionDebugLevel, Data type: DWORD, Value data: 2.

    Refresh the policy settings to reproduce the failure: Type the following command at the command prompt, and then press ENTER: secedit /refreshpolicy machine_policy /enforce. This command creates a file named Winlogon.log in the %SYSTEMROOT%\Security\Logs folder.

    Find the problem account: Type the following command at the command prompt, and then press ENTER: find /i "cannot find" %SYSTEMROOT%\security\logs\winlogon.log. The Find output identifies the problem account names.

    Determine why this account can’t be resolved: To determine which setting contains the unresolved account, type the following command at the command prompt on the computer that’s producing the SCECLI 1202 event, and then press ENTER: c:\>find /i "account name" %SYSTEMROOT%\security\templates\policies\gpt*.*.

    Please note that modifying the registry can cause serious problems if not done correctly. It’s recommended to back up the registry before you modify it.

    Best Regards,

    Wesley Li

    0 comments
  2. Anonymous
    2023-11-07T09:32:18+00:00

    Problem solved by edit groups with limited membership. But i still one problem with gpo. maybe all the reasons are due to the inplace upgrade gradually from server 2008 to server 2016,this problem is only one server. Same package working on another server fine.

    Will restoring gpo and listing it with this command help?

    dcgpofix /ignoreschema /target:Domain

    When i create new gpo for distributing software via gpo, cannot add msi file

    Event id: 103

    The Software Installation snap-in failed to deploy the tightvnc-2.8.81-gpl-setup-64bit.msi package. The following error was encountered. Contact the application vendor to verify that this is the correct Windows Installer package.

    Event id: 107

    The software installation did not read the MSI tightvnc-2.8.81-gpl-setup-64bit.msi file. The following error was encountered. Contact the application vendor to verify that this is the correct Windows Installer package.

    0 comments
  3. Anonymous
    2023-11-08T06:22:51+00:00

    The errors you’re encountering (Event ID 103 and 107) suggest that the Group Policy Object (GPO) and software distribution are functioning correctly, but the installer itself is failing for some reason. It’s possible that the installer is not providing a reason for its failure back to the launching process.

    To troubleshoot this issue, you could check the log file of the installer (if it provides one) to determine the cause of the failure. Also, consider whether the installer depends on the user profile to be available for some reason. If it does, it could fail when the user profile is not loaded.

    https://superuser.com/questions/834719/software-wont-deploy-but-gpo-gets-applied-and-msi-is-installable-manually

    As for the dcgpofix /ignoreschema /target:Domain command, it recreates the default Group Policy Objects (GPOs) for a domain. This command could potentially help if there’s an issue with the default GPOs. However, please note that using this command will restore the Default Domain Policy GPO to its original state, and any changes you have made to this GPO will be lost.

    Dcgpofix command in Windows (tipsmake.com)

    0 comments
  4. Anonymous
    2023-11-08T10:07:46+00:00

    Hello, thank you for the information, but the problem is bigger, I can't add any file with .msi extension. It always throws me the same error. As if it's blocked somewhere, yet nothing is set in the policies.

    Still the same error

    operation failed, deployment information cannot be extracted from the package. Check if this is the correct package.

    used folder from DC

    \DC01\NETLOGON\GpoShare\VNC..... it looks like I don't have permissions on netlogon, I have it on other DCs as well and it works there

    and same problem when used \DC01\sysvol\my-domain\scripts\

    problem is any sysvol and netlogon permission

    0 comments
  5. Anonymous
    2023-11-10T03:28:01+00:00

    MSI Extraction Error: This error typically occurs when there’s an issue with the MSI package itself or the location it’s being run from.

    You could try the following steps to troubleshoot this:

    1.Ensure the MSI package is not corrupted. You can test this by trying to run it on a different machine.

    2.Check the permissions of the folder containing the MSI. The user or system account should have read and execute permissions.

    3.If the MSI is on a network share, try copying it to a local drive and running it from there.

    4.If you’re deploying the MSI via Group Policy, ensure that ‘Authenticated Users’ have read access to the network share.

    SYSVOL and NETLOGON Permissions: If you’re having trouble accessing the SYSVOL and NETLOGON shares, it could be due to incorrect permissions or replication issues.

    Here are some steps to troubleshoot:

    1.Verify that the appropriate permissions are set on the SYSVOL and NETLOGON shares.

    2.Check the replication of the Domain Controller. Issues with SYSVOL and NETLOGON often stem from replication problems.

    3.If all else fails, you might consider demoting and promoting the Domain Controller again.

    You can also use the following documentation to troubleshoot SCECLI 1202 events:

    Troubleshoot SCECLI 1202 events - Windows Server | Microsoft Learn

    0 comments