JSI Tip 7690. You cannot open Active Directory Users and Computers in Windows 2000, and LDAP queries fail?

Jerold Schulman

January 25, 2004

1 Min Read
ITPro Today logo in a gray background | ITPro Today

If you experience either of the subject conditions, your event logs may contain:

Event ID: 1003
Description: Policy change from LSA/SAM can't be saved in the policy storage. Error 5 to save policy change for account S-1-1-0 in the default GPOs. For more debugging information, please look securitylogsscepol.log under Windows root.

Event ID: 1
Description: The FireDaemon service has started.

Event ID: 116
Description: Subprocess monitoring failed due to subprocess is no longer active. The subprocess is probably dead. Restarting the process. Error detail: Overlapped I/O operation is in progress.

The %SystemRoot%SecurityLogsWinLogon.log file may contain:

----Un-initialize configuration engine... -------------------------------------------MM/DD/YYYY HH:MM:SSAdministrative privileged user logged on.----Configuration engine is initialized successfully.--------Reading Configuration template info...----Configure User Rights...Ignore *S-1-5-32-551.Ignore *S-1-5-32-544.Ignore *S-1-5-32-551..... There are pending user right changes from downlevel APIs. Some of the account rights are not removed by policy engine.Configure S-1-5-32-544.Ignore S-1-5-32-544 because there are pending user right changes for this account from downlevel APIs.Configure S-1-5-32-551.Ignore S-1-5-32-551 because there are pending user right changes for this account from downlevel APIs.

The above items will occur when a virus runs the FireDaemon program as a service on your computer, which changes the default domain controller security policy to deny users the Access this computer from the network right.

To fix this problem:

1. Start / Run / Services.msc / OK.

2. Right-click any offending FireDaemon service and press Properties.

   Look for:              FireDaemon Service: scvhost              FireDaemon Service: scvhostlog              FireDaemon Service: secure

3. On the General tab, set Startup type to Disabled.

4. Press Apply.

5. Press Stop.

6 Press OK.

7. Verify / reset the Access this computer from the network User Rights Assignment.

NOTE: If you cannot Stop the service, restart your computer.

NOTE: See FireDaemon for WinNT/2K/XP/2K3/Longhorn.



Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like