This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 0%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBD%3C/text%3E%3C/svg%3E)
After applying January 2022 cumulative patch to our Window Server 2019. we started getting the following event log error (see below) every time group policies were being refreshed or when we run gpupdate /force from the AD servers. We were able to ID the GPO setting(s) that was creating the error (see below). Even though we get the error the settings are applied successfully. Were thinking there is a bug in the January patches. Note, when we run gpupdate /force, it is successful and the gpresult report also says there are were no errors.
Event Log
Log Name: System
Source: Microsoft-Windows-Eventlog
Date: 1/19/2022 9:49:46 AM
Event ID: 40
Task Category: None
Level: Error
Keywords: Service availability
User: LOCAL SERVICE
Computer: dontest0.richmond.edu
Description:
The event logging service encountered an error when attempting to apply one or more policy settings.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
<EventID>40</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000020000</Keywords>
<TimeCreated SystemTime="2022-01-19T14:49:46.419738600Z" />
<EventRecordID>21083</EventRecordID>
<Correlation />
<Execution ProcessID="1228" ThreadID="4940" />
<Channel>System</Channel>
<Computer>dontest0.richmond.edu</Computer>
<Security UserID="S-1-5-19" />
</System>
<UserData>
<ChannelPolicyApplicationError xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
<ErrorCode>5</ErrorCode>
<ChannelPath>Security</ChannelPath>
</ChannelPolicyApplicationError>
</UserData>
</Event>
GPO Setting(s)
Making any change to any of the GPO settings in the following folder, will generate the error after doing gpudate /force or during normal AD sync. When set back to "Not Configure", it would not generate the eventlog error. But would require running gpupdate/force twice before not getting it.
Computer Configuration > Windows Components > Event Log Service > Security > Any policy that is configured in this location will create the error. To stop the error, have to set all the policies to "Not Configured".
We don't see this issue with the other GPO log settings (Application, Setup and System)
-Don
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 45%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWX%3C/text%3E%3C/svg%3E)
Hi,
We are seeing this error from some of our servers expecially DCs as well. Has there been a solution for this?
Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 20%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELB%3C/text%3E%3C/svg%3E)
We are seeing this as well. We have been hardening our servers disabling services. I thought maybe it was related until I saw your thread. This has been such a waste of my time researching.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
appears to be a false alarm created by January updates
Ok, well at this point it appears to be unknown by microsoft. Anyone can call microsoft support… whether they have a pre-paid support contract or not. And all cases closed as bugs are refunded.
https://support.serviceshub.microsoft.com/supportforbusiness
--please don't forget to upvote and Accept as answer if the reply is helpful--
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
We are still having the error 40, but all seems to be working as expected. The out-of-band patch KB5010791 didn't fix it and the KB article was unrelated.
Sorry, I missed your last post to contact support. I haven't done that yet and I will give them a call.
Sounds good, you're welcome.
--please don't forget to upvote and Accept as answer if the reply is helpful--
There is an out of band to fix the problems created by the Jan 11th update.
https://support.microsoft.com/en-gb/topic/january-18-2022-kb5010791-os-build-17763-2458-out-of-band-43697313-d8e0-4918-b6df-7f64d4d9a8cd
--please don't forget to upvote and Accept as answer if the reply is helpful--
Thank you for the quick update! I applied KB5010791 and did a reboot. But it did not fix the issue. I'm still receiving the eventlog error 40.
-Don
Yes, that appears to be totally unrelated.
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc774920(v=ws.10)?redirectedfrom=MSDN
--please don't forget to upvote and Accept as answer if the reply is helpful--
Thank you for the link. It is the same error 40, but the cause of the error isn't related to what were experiencing. I reviewed additional log entries, but both computer and user policies were applied successfully, even though it spawn the error 40 message as well. It appears to be a false alarm created by January updates.
The Group Policy settings for the user were processed successfully. New settings from 2 Group Policy objects were detected and applied.
The Group Policy settings for the computer were processed successfully. New settings from 9 Group Policy objects were detected and applied.