I am stumped. This is related to a client computer running Windows 7 Enterprise 64bit.
I have a computer lab of 90+ machines. All units are in Active Directory under the same OU with the same policy applied to all of them. I have one unit that will not log into any non-admin account. When attempting to log in as a general user you get
the message:
«You cannot log on because the logon method you are using is not allowed on this
computer. Please see your network administrator for more details.»
I can log into the unit using my limited domain admin credentials which is what I used for further troubleshooting.
I look at the RSOP and I see that under «windows settings/security settings/local policies/user rights assignment» «Allow log on Locally» has a red X. The error states: «The Policy (policy that is applied
to all 90+ units) resulted in the following error. No mapping between account names and security IDs was done. For more information, see %windir%securitylogswinlogon.log on the target machine.»
So I open the winlogon.log file and find this:
—-Configure User Rights…
Configure S-1-5-32-545.
remove SeInteractiveLogonRight.
Configure S-1-5-21-1636102821-2938549717-216715030-501.
Configure S-1-5-32-551.
Configure Approved_Groups.
Error 1332: No mapping between account names and security IDs was done.
Cannot find Approved_Groups.
Configure S-1-5-32-544.
User Rights configuration was completed with one or more errors.
I have checked the other units winlogon.log file and it does not have an «Approved_Groups» that it is loading.
I have searched the web for info on this error and found the following:
http://support.microsoft.com/kb/2000705
http://support.microsoft.com/kb/977695/en-us
I have attempted to apply hotfixes mentioned but they say that I am trying to install them on unsupported platform.
All of the information I have found is related to Windows server and not windows 7. Most of the reports I see are also happening with groups of computers and not only one out of a hundred.
I finally gave up, thinking it was some sort of file corruption and I reimaged the unit, yet it still does it. I reset the computer account. I have removed the computer from the domain and readded it.
Again, no other computer that is applying the same policy is having this issue.
What am I missing? I would not think that it would be a problem on the AD end since it is limited to a single unit.
-
Moved by
Wednesday, September 11, 2013 9:06 AM
move to right forum -
Moved by
pbbergs [MSFT]
Thursday, September 12, 2013 12:02 PM
Содержание
- System error 1332 has occurred
- Answered by:
- Question
- Answers
- All replies
- System error 1332 has occurred
- Answered by:
- Question
- Answers
- System error 1332 has occurred
- Answered by:
- Question
- Answers
- System error 1332 has occurred
- Answered by:
- Question
- Answers
- All replies
- System error 1332 has occurred
- Answered by:
- Question
- Answers
- All replies
System error 1332 has occurred
This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.
Answered by:
Question
I am using NET SHARE to create file shares on a W1K12R2 server and getting the subject message with a component of the command. Command goes like this:
NET SHARE Engineering=E:DataEngineering /GRANT:»DOMAINGroupName with one space,CHANGE» /GRANT:»DOMAINGroupName with two spaces,READ» /GRANT:HOSTNAMEAdministrators,FULL
My issue is that the command works fine if I do not put in the /GRANT:»DOMAINGroupName with two spaces,READ» parameter. With it I get:
System error 1332 has occurred.
No mapping between account names and security IDs was done.
My head is highly scratched. Using Power Shell and New-SMBShare gives the same result.
Answers
Anyway, event logs are clean and I have solved my problem. While adding via GUI to determine if anything was different, I noticed that the GUI showed me the following for the group in question:
Group Name Read (DomainGroup Name Read Only), i.e., the SAM Account Name. For groups, I did not expect to find a difference between the common name and the SAM Account Name. Why the Powers That Be did that, is beyond me. I expect it for human names, but not for groups.
I have answered my own question. Darn!
This problem occurs because Windows cannot resolve security identifiers (SIDs) to names. An SID is a numeric value that identifies a user or group. For each access control entry (ACE), an SID identifies the user or the group for whom access is permitted, denied, or audited.
Please re-starting domain servers and restarting client machines check if could solve it.
In addition, please check the thread discussed before.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Here is an update after testing various configurations of the commands.
First, I have rebooted the local server; rebooting all the DCs in my domain is the province of my company’s domain admins and we have many DCs. They will not look kindly on me for that request.
After reboot, using «NET SHARE. » I find can assign rights to a group with more than one space. However, a using a particular group (the one I really want)results in Error 1788. «The trust relationship between the primary domain and the trusted domain failed.» This applies using both the command line and Powershell. Therefore, it is not a command parameter issue but a problem with the target group. So, now I have a different problem requiring resolution.
NLTEST results in:
C:Windowssystem32>nltest /server:,servername> /sc_verify:
Flags: b0 HAS_IP HAS_TIMESERV
Trusted DC Name \
Trusted DC Connection Status Status = 0 0x0 NERR_Success
Trust Verification Status = 0 0x0 NERR_Success
The command completed successfully
I also found that using «DOMAINGroup Name» results in 1332 errors for the domain that the server and I are members and for a domain that is trusted as well. I have to assume the commands only do look-ups in the «local» domain.
Using the GUI (ugh!), I can assign permissions to anyone I choose, so mapping between account name and SIDs is no issue there.
Источник
System error 1332 has occurred
This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.
Answered by:
Question
I have a tiny *.bat which deletes and share a certain folder on DC on WS 2012 Std.
net share FILEEXCHANGE /DELETE /YES
rmdir /s /q C:BATCHFileexchange
mkdir C:BATCHFileexchange
net share FILEEXCHANGE=C:BATCHFileexchange /Grant:Everyone,Full
Everything was OK on 2003, 2008 and 2008 R2, all DCs too.
But on WS 2012 I get the following error:
«System error 1332 has occurred. No mapping between account names and security IDs was done.»
What most likely could be the problem?
Many thanks in advance for any suggestions!
Answers
Which version of Exchange do you use on your Windows Server 2012?Is the Exchange newly installed on your Windows Server 2012?
And could you please tell me what do you mean by the first sentence “I have a tiny *.bat which deletes and share a certain folder on DC on WS 2012std”?
The error “ No mapping between account names and security IDs was done” could be caused by:
- An account does not exist on domain member computers.
- A SAM account name differs from its domain account name.
- A SAM account name was renamed on the client computers.
- The client is running a Multilingual User Interface Pack (MUI) that uses a different default language than the domain controller.
Here are some links may be useful to you:
No mapping between account names and security IDs was don
Command execution failed: No mapping between account names and security IDs was done. (Exception from HRESULT: 0x80070534)
«No mapping between account names and security IDs was done» error when deploying project
Event 1202 with status 0x534 logged on Windows Server 2008 R2 domain controllers after modifying security policy
Источник
System error 1332 has occurred
This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.
Answered by:
Question
I have a tiny *.bat which deletes and share a certain folder on DC on WS 2012 Std.
net share FILEEXCHANGE /DELETE /YES
rmdir /s /q C:BATCHFileexchange
mkdir C:BATCHFileexchange
net share FILEEXCHANGE=C:BATCHFileexchange /Grant:Everyone,Full
Everything was OK on 2003, 2008 and 2008 R2, all DCs too.
But on WS 2012 I get the following error:
«System error 1332 has occurred. No mapping between account names and security IDs was done.»
What most likely could be the problem?
Many thanks in advance for any suggestions!
Answers
Which version of Exchange do you use on your Windows Server 2012?Is the Exchange newly installed on your Windows Server 2012?
And could you please tell me what do you mean by the first sentence “I have a tiny *.bat which deletes and share a certain folder on DC on WS 2012std”?
The error “ No mapping between account names and security IDs was done” could be caused by:
- An account does not exist on domain member computers.
- A SAM account name differs from its domain account name.
- A SAM account name was renamed on the client computers.
- The client is running a Multilingual User Interface Pack (MUI) that uses a different default language than the domain controller.
Here are some links may be useful to you:
No mapping between account names and security IDs was don
Command execution failed: No mapping between account names and security IDs was done. (Exception from HRESULT: 0x80070534)
«No mapping between account names and security IDs was done» error when deploying project
Event 1202 with status 0x534 logged on Windows Server 2008 R2 domain controllers after modifying security policy
Источник
System error 1332 has occurred
This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.
Answered by:
Question
I am using NET SHARE to create file shares on a W1K12R2 server and getting the subject message with a component of the command. Command goes like this:
NET SHARE Engineering=E:DataEngineering /GRANT:»DOMAINGroupName with one space,CHANGE» /GRANT:»DOMAINGroupName with two spaces,READ» /GRANT:HOSTNAMEAdministrators,FULL
My issue is that the command works fine if I do not put in the /GRANT:»DOMAINGroupName with two spaces,READ» parameter. With it I get:
System error 1332 has occurred.
No mapping between account names and security IDs was done.
My head is highly scratched. Using Power Shell and New-SMBShare gives the same result.
Answers
Anyway, event logs are clean and I have solved my problem. While adding via GUI to determine if anything was different, I noticed that the GUI showed me the following for the group in question:
Group Name Read (DomainGroup Name Read Only), i.e., the SAM Account Name. For groups, I did not expect to find a difference between the common name and the SAM Account Name. Why the Powers That Be did that, is beyond me. I expect it for human names, but not for groups.
I have answered my own question. Darn!
This problem occurs because Windows cannot resolve security identifiers (SIDs) to names. An SID is a numeric value that identifies a user or group. For each access control entry (ACE), an SID identifies the user or the group for whom access is permitted, denied, or audited.
Please re-starting domain servers and restarting client machines check if could solve it.
In addition, please check the thread discussed before.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Here is an update after testing various configurations of the commands.
First, I have rebooted the local server; rebooting all the DCs in my domain is the province of my company’s domain admins and we have many DCs. They will not look kindly on me for that request.
After reboot, using «NET SHARE. » I find can assign rights to a group with more than one space. However, a using a particular group (the one I really want)results in Error 1788. «The trust relationship between the primary domain and the trusted domain failed.» This applies using both the command line and Powershell. Therefore, it is not a command parameter issue but a problem with the target group. So, now I have a different problem requiring resolution.
NLTEST results in:
C:Windowssystem32>nltest /server:,servername> /sc_verify:
Flags: b0 HAS_IP HAS_TIMESERV
Trusted DC Name \
Trusted DC Connection Status Status = 0 0x0 NERR_Success
Trust Verification Status = 0 0x0 NERR_Success
The command completed successfully
I also found that using «DOMAINGroup Name» results in 1332 errors for the domain that the server and I are members and for a domain that is trusted as well. I have to assume the commands only do look-ups in the «local» domain.
Using the GUI (ugh!), I can assign permissions to anyone I choose, so mapping between account name and SIDs is no issue there.
Источник
System error 1332 has occurred
This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.
Answered by:
Question
I am using NET SHARE to create file shares on a W1K12R2 server and getting the subject message with a component of the command. Command goes like this:
NET SHARE Engineering=E:DataEngineering /GRANT:»DOMAINGroupName with one space,CHANGE» /GRANT:»DOMAINGroupName with two spaces,READ» /GRANT:HOSTNAMEAdministrators,FULL
My issue is that the command works fine if I do not put in the /GRANT:»DOMAINGroupName with two spaces,READ» parameter. With it I get:
System error 1332 has occurred.
No mapping between account names and security IDs was done.
My head is highly scratched. Using Power Shell and New-SMBShare gives the same result.
Answers
Anyway, event logs are clean and I have solved my problem. While adding via GUI to determine if anything was different, I noticed that the GUI showed me the following for the group in question:
Group Name Read (DomainGroup Name Read Only), i.e., the SAM Account Name. For groups, I did not expect to find a difference between the common name and the SAM Account Name. Why the Powers That Be did that, is beyond me. I expect it for human names, but not for groups.
I have answered my own question. Darn!
This problem occurs because Windows cannot resolve security identifiers (SIDs) to names. An SID is a numeric value that identifies a user or group. For each access control entry (ACE), an SID identifies the user or the group for whom access is permitted, denied, or audited.
Please re-starting domain servers and restarting client machines check if could solve it.
In addition, please check the thread discussed before.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Here is an update after testing various configurations of the commands.
First, I have rebooted the local server; rebooting all the DCs in my domain is the province of my company’s domain admins and we have many DCs. They will not look kindly on me for that request.
After reboot, using «NET SHARE. » I find can assign rights to a group with more than one space. However, a using a particular group (the one I really want)results in Error 1788. «The trust relationship between the primary domain and the trusted domain failed.» This applies using both the command line and Powershell. Therefore, it is not a command parameter issue but a problem with the target group. So, now I have a different problem requiring resolution.
NLTEST results in:
C:Windowssystem32>nltest /server:,servername> /sc_verify:
Flags: b0 HAS_IP HAS_TIMESERV
Trusted DC Name \
Trusted DC Connection Status Status = 0 0x0 NERR_Success
Trust Verification Status = 0 0x0 NERR_Success
The command completed successfully
I also found that using «DOMAINGroup Name» results in 1332 errors for the domain that the server and I are members and for a domain that is trusted as well. I have to assume the commands only do look-ups in the «local» domain.
Using the GUI (ugh!), I can assign permissions to anyone I choose, so mapping between account name and SIDs is no issue there.
Источник
I have small application that attempts to get SID for a given user on Windows 7 64 bit. The application is compiled as 64 bit.
PSID Sid;
DWORD cbReferencedDomainName, cbSid;
LPTSTR ReferencedDomainName;
SID_NAME_USE eUse;
DWORD dwRc = 0;
printf("Lookup %sn",lpszAccountName);
cbReferencedDomainName = cbSid = 0;
if (LookupAccountName(NULL, lpszAccountName, 0, &cbSid,
0, &cbReferencedDomainName, &eUse)) {
printf("LookupAccountName passedn");
return 0;
}
dwRc = GetLastError();
printf("LookupAccountName RC (%d)n",dwRc);
I am passing the user name in uid@hostname format. The API fails for every user that’s present on the machine with GetLastError returning 1332 — «No mapping between account names and security IDs was done.». Please help.
asked Mar 13, 2014 at 9:17
5
A colleague and myself revisited this problem. We found that the problem was due to the Character Set used in the Visual Studio Project Settings. Visual Studio by default, sets character set to Use Unicode Character Set. However our application needs to use ASCII character set as our application needs to read input from command line. So the input read from command line was ASCII but we were passing that input to Wide character version of LookupAccountName API i.e. LookupAccountNameW. This caused API to return 1332 error code.
So we changed the Character Set to «Not Set» and recompiled the application. This ensured that correct form of the API, LookupAccountNamA, is used. This resolved the problem. I believe setting Character Set to «» will also solve the problem.
Hope this will be useful.
answered Mar 9, 2016 at 11:08
ShashiShashi
14.9k2 gold badges32 silver badges50 bronze badges