T0MAS
07-10-2005, 03:04 AM
I have solved same problem with crashing services.exe.
User on bussiness trip removed his notebook from domain.
He reports problem with error message :
Title of window : Services and Controller app
in error message: Error signature szAppName: Services.exe .....
in event log was event 1000 Faulting application services.exe, version
5.1.2600.2180, faulting module esent.dll, version 5.1.2600.2180, fault
address 0x0002334c.
After clicking on Close button apears automatic shutdown counter and in
30 seconds system was restarted.
This same behaviour repeated several times.
In evet log I found misc. events with probably related with this
problem:
The Group Policy client-side extension Security failed to execute
(event 1085)
Faulting application services.exe
Security policies were propagated with warning. 0x428 (event 1202)
in winlogon.log (I have enabled debug for that purpose) I found:
----Configure Group Membership...
Configure Administrators.
Error 1332: No mapping between account names and security IDs was
done.
Error occurred during lookup of all accounts.
It was seems that some domain policy that contains Restricted group
feature remains on notebook and periodically in moment when policy was
refreshed caused error with services.exe. I knew that when notebook was
removed from domain then domain policy cannot applied to non-member
computer.
I made several actions : I again joined notebook to domain(then
restart) and again I removed it and problem occured again and again. I
disabled background policy refresh, I set refresh interval to max value
45 days and nothing helps. When automatic shutdown apears I stoped it
every time by command shutdown /a.
Every time I found in winlogon.log that some policy tryed manage
membership in groups and ends with error because probably did not have
access to domain (notebook was removed from domain).
I have tryed to check consistency od secedit.sdb by esentutl /g
%windir%\Security\Database\Secedit.sdb and all was OK.
Excuse my english.
After that i crossed my mind that it may not caused by deffective
remained domain policy but it may caused by local group policy which
contain domain accounts (SIDs). Thats my deduction.
After that I moved c:\WINDOWS\security\Database\secedit.sdb and
c:\WINDOWS\security\*edb* and c:\WINDOWS\security\*.log to backup
folder and after restart local group policy was reseted and after that
user confirmed that error never apears and all works fine.
In my case (case of one of my users) problem with crashing services.exe
and periodical restarts was solved by reseting local group policy (by
removing database and related files).
When I begin solving of this problem I spent to much time with
searching similar problem on Internet but I din't found equal. This
page was not usefull exactly in my cause but everytime when I searching
on Inet by using misc. search engines I everytime get this page
therefore I decided to write my solution here.
I have writed in this my article too much informations because each
user searching this problem on Internet with miscelaneous with keywords
and therefore I writed so much (for search engines too).
I hope that same case may happen to someone and my story may helps
him.
Admin from Slovak Republic (Slovakia not Slovenia)
--
T0MASPosted from http://www.pcreview.co.uk/ newsgroup access
User on bussiness trip removed his notebook from domain.
He reports problem with error message :
Title of window : Services and Controller app
in error message: Error signature szAppName: Services.exe .....
in event log was event 1000 Faulting application services.exe, version
5.1.2600.2180, faulting module esent.dll, version 5.1.2600.2180, fault
address 0x0002334c.
After clicking on Close button apears automatic shutdown counter and in
30 seconds system was restarted.
This same behaviour repeated several times.
In evet log I found misc. events with probably related with this
problem:
The Group Policy client-side extension Security failed to execute
(event 1085)
Faulting application services.exe
Security policies were propagated with warning. 0x428 (event 1202)
in winlogon.log (I have enabled debug for that purpose) I found:
----Configure Group Membership...
Configure Administrators.
Error 1332: No mapping between account names and security IDs was
done.
Error occurred during lookup of all accounts.
It was seems that some domain policy that contains Restricted group
feature remains on notebook and periodically in moment when policy was
refreshed caused error with services.exe. I knew that when notebook was
removed from domain then domain policy cannot applied to non-member
computer.
I made several actions : I again joined notebook to domain(then
restart) and again I removed it and problem occured again and again. I
disabled background policy refresh, I set refresh interval to max value
45 days and nothing helps. When automatic shutdown apears I stoped it
every time by command shutdown /a.
Every time I found in winlogon.log that some policy tryed manage
membership in groups and ends with error because probably did not have
access to domain (notebook was removed from domain).
I have tryed to check consistency od secedit.sdb by esentutl /g
%windir%\Security\Database\Secedit.sdb and all was OK.
Excuse my english.
After that i crossed my mind that it may not caused by deffective
remained domain policy but it may caused by local group policy which
contain domain accounts (SIDs). Thats my deduction.
After that I moved c:\WINDOWS\security\Database\secedit.sdb and
c:\WINDOWS\security\*edb* and c:\WINDOWS\security\*.log to backup
folder and after restart local group policy was reseted and after that
user confirmed that error never apears and all works fine.
In my case (case of one of my users) problem with crashing services.exe
and periodical restarts was solved by reseting local group policy (by
removing database and related files).
When I begin solving of this problem I spent to much time with
searching similar problem on Internet but I din't found equal. This
page was not usefull exactly in my cause but everytime when I searching
on Inet by using misc. search engines I everytime get this page
therefore I decided to write my solution here.
I have writed in this my article too much informations because each
user searching this problem on Internet with miscelaneous with keywords
and therefore I writed so much (for search engines too).
I hope that same case may happen to someone and my story may helps
him.
Admin from Slovak Republic (Slovakia not Slovenia)
--
T0MASPosted from http://www.pcreview.co.uk/ newsgroup access