USERENV 1000 Events

Admin Tip #123: USERENV 1000 Events

Hits: Failed to execute CGI : Win32 Error Code = 3

Group Policy problems generate Event ID: 1000 error messages in the event log. The following message is a typical:



Event Type: Error 
Event Source: Userenv 
Event Category: None 
Event ID: 1000 
Date: date 
Time: time 
User: NT AUTHORITY\SYSTEM 
Computer: computer name 

Description: The Group Policy client-side extension Security was 
passed flags (17) and returned a failure status code of (1332).

The flags that are passed are a decimal representation of flags that are defined in the Userenv.h Windows 2000-based computers do not use codes that are greater than 0x100 while Windows XP-based computers use the entire range. Excerpt from Userenv.h:


#define GPO_INFO_FLAG_MACHINE 0x00000001 // 
Apply machine policy rather than user policy 
#define GPO_INFO_FLAG_BACKGROUND 0x00000010 // 
Background refresh of policy (ok to do slow stuff) 
#define GPO_INFO_FLAG_SLOWLINK 0x00000020 // 
Policy is being applied across a slow link 
#define GPO_INFO_FLAG_VERBOSE 0x00000040 // 
Verbose output to the eventlog 
#define GPO_INFO_FLAG_NOCHANGES 0x00000080 // 
No changes were detected to the Group Policy Objects 
#define GPO_INFO_FLAG_LINKTRANSITION 0x00000100 // 
A change in link speed was detected between previous policy application and current policy application 
#define GPO_INFO_FLAG_LOGRSOP_TRANSITION 0x00000200 // 
A Change in Rsop Logging was detected between previous policy application and current policy application, (new intf only) 
#define GPO_INFO_FLAG_FORCED_REFRESH 0x00000400 // 
Forced Refresh is being applied. redo policies. 
#define GPO_INFO_FLAG_SAFEMODE_BOOT 0x00000800 // 
windows safe mode boot flag

Convert decimal flag value that is specified in the event message (17) to hexadecimal: 0x00000011. From the excerpt: both the GPO_INFO_FLAG_MACHINE and GPO_INFO_FLAG_BACKGROUND flags are set. The failure status code in the event is a Win32 error code. You can translate the error message to a more readable message by using the net helpmsg command. For example, if you type net helpmsg 1332 at a command prompt and then press ENTER, you receive a "No mapping between account names and security IDs was done" message. This error is caused (in this case) by a policy that is assigning a user right to an SID for a deleted user.

Related tips:

Most all the samples in the book are shown using VBScript, in addition to VB and C++. Chapter 10, "Active Directory Administration using Windows Script" has many examples of administration tasks. It also provides information on how to use WSH to automatically load the ActiveDS type library, and thus avoid having to do a bunch of CONST statements in VBScript.