#100700 - 2003-05-05 06:21 PM
1332 Event Log Errors
|
Anonymous
Anonymous
Unregistered
|
I've come to my wits end trying to deduce the reason for the 1332 Kixtart errors we've been seeing.
code:
1332 Kixtart
Event Type: Error
Event Source: KIXTART
Event Category: None
Event ID: 1332
Date: 4/29/2003
Time: 10:21:40 PM
User: N/A
Computer: <ComputerName>
Description:
The description for Event ID ( 1332 ) in Source ( KIXTART ) cannot be
found. The local computer may not have the necessary registry information
or message DLL files to display messages from a remote computer. The
following information is part of the event: [B]Failed to resolve SID(s) Error : No
mapping between account names and security IDs was done. (0x534/1332)[/B] .
These errors appear consistently in application logs on all NT/2k/XP PC's when processing logon scripts.
The problem is related to the use of the Ingroup command and Kix32 v4.20. If we comment out the Ingroup command, or use an older version of kix32, the errors are not produced. Yet all Ingroup calls appear to be using the correct syntax and are processed correctly.
We have installed and are running the v4.20 kxrpc service on all DCs to no avail. We've implemented the kixtart.ini in both the netlogon share or where kix32 is called from, the kxrpc registry key, set variable, etc. and have use the /r=lei etc. switches to direct the client to the kxrpc services but none of these changes eliminate the error.
I've seen some mention about the ability to suppress this error, but I have't been able to find any specifics on this. None of the other posts regarding 1332 errors really address the issue either.
The power in using Kixtart has always been its ability to process scripts based on group membership. Is this a unique situation or doesn't anyone else use the ingroup command???
Any assistance would be appreciated!
[ 05. May 2003, 18:23: Message edited by: chelget ]
|
|
Top
|
|
|
|
#100701 - 2003-05-05 06:28 PM
Re: 1332 Event Log Errors
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
for nt/2k/xp the rpc service is not necessary or needed.
about this error, I haven't seen that occur.
|
|
Top
|
|
|
|
|
#100703 - 2003-05-05 06:33 PM
Re: 1332 Event Log Errors
|
Anonymous
Anonymous
Unregistered
|
Unfortunately we still have some Win 9x clients that are still deployed so we still need to support the service. Eventually, we will be able to retire the service... but that doesn't explain the 1332 errors.
|
|
Top
|
|
|
|
|
#100704 - 2003-05-05 07:16 PM
Re: 1332 Event Log Errors
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
I think if we look at this message a little further, we get some insight..
quote:
The local computer may not have the necessary registry informationor message DLL files to display messages from a remote computer.
Do the 9x clients have access to -
kx16.dll
KX32.dll
KX95.dll
?
And.... Are these of the same version that came with the Distribution that you deployed with your install of KiXtart?
Thanks,
Kent
[ 05. May 2003, 19:17: Message edited by: kdyer ]
|
|
Top
|
|
|
|
|
#100708 - 2003-05-05 08:04 PM
Re: 1332 Event Log Errors
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
How many of these events are logged during a single execution of your script? How many times is INGROUP used in your script? Give us more detail of how you are using INGROUP.
What groups types do you check? What text is used to define the group; example: "domain\group" or "group" or "\\server\group" or other?
Can you isolate all of the INGROUP calls to a test script like:
code:
? "Group xyz result = " + INGROUP(your current group text)
substitute one group at a time to see if an event is recorded.
Give us ALL the details of a group where the event is generated.
I have experience this error before in my Perl programs but do not have a definite empirical cause.
[ 05. May 2003, 20:05: Message edited by: Howard Bullock ]
|
|
Top
|
|
|
|
|
#100709 - 2003-05-05 08:30 PM
Re: 1332 Event Log Errors
|
Anonymous
Anonymous
Unregistered
|
First of all, we aren't experiencing any of the related errors (1202, 1311, etc.) described at Troubleshooting Active Directory Replication Problems. We are running under Active Directory (Windows 2000 SP3 w/ hotfixes)and aren't experiencing any replication issues.
The 1332 Application log events appear to occur with any call to Ingroup. I've isolated each one, and just the simplest call to Ingroup("Group Name") or Ingroup("Group1", "Group2, 0) = 1 will generate the event. The groups we are checking are all Global Security Groups in a single domain.
Below is a sample clippet from one example (I've tried with and without the "=1"). In all cases, the code does what we want it to, but generates the 1332 application event.
code:
; Bypass Script for LowBandwidth Users users...
If InGroup ("CorpLowBandwidth Users") = 1
At ($Row,4) Chr(254) + " Bypassing Logon Script for users in LowBandwidth Users group " + Chr(254)
Goto Notice
ENDIF
Note that we are only seeing these 1332 errors in the local event logs Window NT, 2k and XP systems when the logon script is processed. These have occurred ever since we have used the current versions of Kix32. Earlier versions don't seem to generate this error.
|
|
Top
|
|
|
|
|
#100710 - 2003-05-05 08:40 PM
Re: 1332 Event Log Errors
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
Does this occur with group names under 20 character in length?
|
|
Top
|
|
|
|
|
#100711 - 2003-05-05 09:12 PM
Re: 1332 Event Log Errors
|
Anonymous
Anonymous
Unregistered
|
Interesting, but yes we do see 1332 errors for shorter group names as is the case in the following snippet:
code:
If InGroup ("CorpExchangeUsers") = 1
Call $Netlogon + "ProfMod.exe >nul"
$Status = " OK "
Else
$Status = " N/A "
EndIf
|
|
Top
|
|
|
|
|
#100712 - 2003-05-05 09:26 PM
Re: 1332 Event Log Errors
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
I will try to repro this later this evening.
Until then try this and let me know the results:
Examine the KiXtart TokenCache. Do the group names appear correctly? The cache can be found at: HKEY_CURRENT_USER\Software\KiXtart\TokenCache.
Try the test code below substituting your SIDs and verify that the proper group name are returned.
code:
? "Group name = " + sidtoname("S-1-5-21-24129212-1035812195-1543859470-53966")
Does this generate and eventlog error?
[ 05. May 2003, 21:28: Message edited by: Howard Bullock ]
|
|
Top
|
|
|
|
|
#100713 - 2003-05-05 11:39 PM
Re: 1332 Event Log Errors
|
Anonymous
Anonymous
Unregistered
|
Thanks, now we are getting somewhere:
The TokenCache looks correct, except I also see some residual group names for a domain we migrated awhile back (>30 days). I thought this information would have been flushed when SID History was removed.
Shouldn't this cache be updated after 30 days? I'm going to test flushing the cache and seeing if the old group names repopulate.
Otherwise the SIDs appear correct and resolve correctly with the sidtoname function and no 1332 errors are generated.
Thanks
[ 05. May 2003, 23:42: Message edited by: chelget ]
|
|
Top
|
|
|
|
|
#100714 - 2003-05-05 11:43 PM
Re: 1332 Event Log Errors
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
When you migrated, did you rely on SID history?
|
|
Top
|
|
|
|
|
#100715 - 2003-05-05 11:54 PM
Re: 1332 Event Log Errors
|
Anonymous
Anonymous
Unregistered
|
Yes we used SID history during the migration. However, we paid particular attention to removing it after the migration because we wanted to avoid residual issues like this.
After flushing the group cache with the /f option, the residual group names have disappeared from the tokencache list. What is left appear to be valid group names.
Is there a maximum number of groups that can be cached? I am seeing approximately 46 groups (including local, interactive, everyone, etc.).
After flushing the cache, unfortunately the 1332 errors still occur.
[ 06. May 2003, 00:00: Message edited by: chelget ]
|
|
Top
|
|
|
|
|
#100716 - 2003-05-06 12:05 AM
Re: 1332 Event Log Errors
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
I have tried to repro your issue in our environment without success. Most of the similar issues I had with my Perl programs related to looking up SIDs out of context where the old domain did not exist.
Create a new user account in the domain. This will ensure there is no SID history associated with it. Add the new account to a group and then use a test script with a single INGROUP to check membership. Does the error still get logged?
If not, look for a program called LDP.exe. Use it to review all the properties and attributes rtelated to a user's account SID history to see if anything is left over.
[ 06. May 2003, 00:05: Message edited by: Howard Bullock ]
|
|
Top
|
|
|
|
|
#100717 - 2003-05-06 12:33 AM
Re: 1332 Event Log Errors
|
Anonymous
Anonymous
Unregistered
|
I believe we have isolated the issue to the number of groups or some nesting thereof.
The brand new account did NOT generate the issue. However, if I added the new account to all the same groups as a known "problem" account, then the issue was able to be reproduced.
I'll try to narrow down the group threshold or which groups appear to cause the issue.
Thanks for your assistance with this!
|
|
Top
|
|
|
|
|
#100718 - 2003-05-06 01:44 AM
Re: 1332 Event Log Errors
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
Please keep posting the results of your testing so that we all can benefit from experiences. If this turns out to be a KiXtart issue we will see that Ruud is informed.
|
|
Top
|
|
|
|
|
#100719 - 2003-05-06 03:26 PM
Re: 1332 Event Log Errors
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
How deeply have you nested the groups?
|
|
Top
|
|
|
|
Moderator: Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart
|
0 registered
and 837 anonymous users online.
|
|
|
