After applying January 2022 cumulative patch to our Window Server 2019. we started getting the following event log error (see below) every time group policies were being refreshed or when we run gpupdate /force from the AD servers. We were able to ID the GPO setting(s) that was creating the error (see below). Even though we get the error the settings are applied successfully. Were thinking there is a bug in the January patches. Note, when we run gpupdate /force, it is successful and the gpresult report also says there are were no errors.
Event Log
Log Name: System
Source: Microsoft-Windows-Eventlog
Date: 1/19/2022 9:49:46 AM
Event ID: 40
Task Category: None
Level: Error
Keywords: Service availability
User: LOCAL SERVICE
Computer: dontest0.richmond.edu
Description:
The event logging service encountered an error when attempting to apply one or more policy settings.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
<EventID>40</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000020000</Keywords>
<TimeCreated SystemTime="2022-01-19T14:49:46.419738600Z" />
<EventRecordID>21083</EventRecordID>
<Correlation />
<Execution ProcessID="1228" ThreadID="4940" />
<Channel>System</Channel>
<Computer>dontest0.richmond.edu</Computer>
<Security UserID="S-1-5-19" />
</System>
<UserData>
<ChannelPolicyApplicationError xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
<ErrorCode>5</ErrorCode>
<ChannelPath>Security</ChannelPath>
</ChannelPolicyApplicationError>
</UserData>
</Event>
GPO Setting(s)
Making any change to any of the GPO settings in the following folder, will generate the error after doing gpudate /force or during normal AD sync. When set back to "Not Configure", it would not generate the eventlog error. But would require running gpupdate/force twice before not getting it.
Computer Configuration > Windows Components > Event Log Service > Security > Any policy that is configured in this location will create the error. To stop the error, have to set all the policies to "Not Configured".
We don't see this issue with the other GPO log settings (Application, Setup and System)
-Don