I am soo glad I found this post!!!!

I too am having the exact same problem. I had users that were disjoined from
the Domain when we opened up an outstation. After all my searching for a
problem I was convinced it had to be something specific with the "other"
network they are now on. I am going to start wading through your fixes and
see where I get.

There was definately a business reason for removing the computers from the
Domain and I would DEFINATELY call this a BUG...

Thanks again!

"Jeff Vandervoort" wrote:

> That didn't happen on my test system, but I don't like that workaround
> anyway...too many side-effects. So I've only done it on one system, just to
> confirm PSS's results.
>
> My suggestion is to create a Startup Script that adds the Restricted Groups
> to the local SAM instead of using the AD Restricted Groups feature.
>
> Also, an update for all lurkers...make sure to append your "me too" message
> to this thread and keep it alive. I just received a call from MS PSS and
> they are evaluating the cost-effectiveness of fixing this issue. The guy I
> spoke to was skeptical that it affected many people...his reasoning was,
> "How many people disjoin a computer from a domain?". My client has a good
> reason to do so...how about you? I've given the Google Search URL for this
> thread to them and have reason to believe it's being monitored. I'm going to
> forward it again to the PSS contact who's preparing the business case for
> fixing it. So keep posting, folks!
>
> --
> Jeff Vandervoort
> JRVsystems
> "DSipp" <DSipp@discussions.microsoft.com> wrote in message
> news:25CAB71F-2D03-404E-84A2-8FCB2DD9BBB0@microsoft.com...
> > How do I move those files? The system says they are locked and in safe
> > mode
> > they are gone?
> >
> > "Jeff Vandervoort" wrote:
> >
> >> We're seeing the same thing here; I can confirm the results. And since
> >> Tomas
> >> posted a reply here, I thought I should too!
> >>
> >> Tomas' workaround worked for me, too, but while it fixes the ESENT.DLL
> >> crash, it has side effects you need to be aware of. If there are other
> >> security policies in GPO, they will not be removed when the computer is
> >> removed from the domain. The SceCli and Userenv errors will continue
> >> (although the SceCli one will change a bit).
> >>
> >> The only complete solution I know of is not to use Restricted Groups that
> >> have domain accounts among their members in a GPO that is in scope for a
> >> computer that will be removed from a domain. Fortunately, that was an
> >> option
> >> for us in this case, with only modest hardship. I haven't done this, yet,
> >> but will likely substitute a startup script that adds the group for me
> >> and
> >> the hardship will disappear; I don't care if the group doesn't get
> >> removed
> >> when the machine is removed from the domain.
> >>
> >> On a related note, I opened a Microsoft PSS incident for this. They have
> >> reproduced the behavior in their lab. PSS carefully avoided giving me any
> >> information about whether they intended to develop a fix; hopefully they
> >> will. This strikes me as a significant bug.
> >>
> >> --
> >> Jeff Vandervoort
> >> JRVsystems
> >> "T0MAS" <T0MAS.1q1k2c@> wrote in message
> >> news:fPKdndBzirQPjz3fRVn_vg@giganews.com...
> >> >
> >> > I have solved same problem with crashing services.exe.
> >> >
> >> > User on bussiness trip removed his notebook from domain.
> >> > He reports problem with error message :
> >> > Title of window : Services and Controller app
> >> > in error message: Error signature szAppName: Services.exe .....
> >> > in event log was event 1000 Faulting application services.exe, version
> >> > 5.1.2600.2180, faulting module esent.dll, version 5.1.2600.2180, fault
> >> > address 0x0002334c.
> >> > After clicking on Close button apears automatic shutdown counter and in
> >> > 30 seconds system was restarted.
> >> > This same behaviour repeated several times.
> >> > In evet log I found misc. events with probably related with this
> >> > problem:
> >> >
> >> > The Group Policy client-side extension Security failed to execute
> >> > (event 1085)
> >> > Faulting application services.exe
> >> > Security policies were propagated with warning. 0x428 (event 1202)
> >> >
> >> > in winlogon.log (I have enabled debug for that purpose) I found:
> >> > ----Configure Group Membership...
> >> > Configure Administrators.
> >> > Error 1332: No mapping between account names and security IDs was
> >> > done.
> >> > Error occurred during lookup of all accounts.
> >> >
> >> > It was seems that some domain policy that contains Restricted group
> >> > feature remains on notebook and periodically in moment when policy was
> >> > refreshed caused error with services.exe. I knew that when notebook was
> >> > removed from domain then domain policy cannot applied to non-member
> >> > computer.
> >> > I made several actions : I again joined notebook to domain(then
> >> > restart) and again I removed it and problem occured again and again. I
> >> > disabled background policy refresh, I set refresh interval to max value
> >> > 45 days and nothing helps. When automatic shutdown apears I stoped it
> >> > every time by command shutdown /a.
> >> > Every time I found in winlogon.log that some policy tryed manage
> >> > membership in groups and ends with error because probably did not have
> >> > access to domain (notebook was removed from domain).
> >> >
> >> > I have tryed to check consistency od secedit.sdb by esentutl /g
> >> > %windir%\Security\Database\Secedit.sdb and all was OK.
> >> > Excuse my english.
> >> > After that i crossed my mind that it may not caused by deffective
> >> > remained domain policy but it may caused by local group policy which
> >> > contain domain accounts (SIDs). Thats my deduction.
> >> > After that I moved c:\WINDOWS\security\Database\secedit.sdb and
> >> > c:\WINDOWS\security\*edb* and c:\WINDOWS\security\*.log to backup
> >> > folder and after restart local group policy was reseted and after that
> >> > user confirmed that error never apears and all works fine.
> >> >
> >> > In my case (case of one of my users) problem with crashing services.exe
> >> > and periodical restarts was solved by reseting local group policy (by
> >> > removing database and related files).
> >> >
> >> > When I begin solving of this problem I spent to much time with
> >> > searching similar problem on Internet but I din't found equal. This
> >> > page was not usefull exactly in my cause but everytime when I searching
> >> > on Inet by using misc. search engines I everytime get this page
> >> > therefore I decided to write my solution here.
> >> > I have writed in this my article too much informations because each
> >> > user searching this problem on Internet with miscelaneous with keywords
> >> > and therefore I writed so much (for search engines too).
> >> >
> >> > I hope that same case may happen to someone and my story may helps
> >> > him.
> >> >
> >> > Admin from Slovak Republic (Slovakia not Slovenia)
> >> >
> >> >
> >> > --
> >> > T0MASPosted from http://www.pcreview.co.uk/ newsgroup access
> >> >
> >>
> >>
> >>
>
>
>

Well, my "grass roots" campaign has failed. Only 1 "me too". Whether that
had anything to do with the outcome or not, I don't know, but the response I
just received from Microsoft is that they have no current plans to fix this
bug. It has been submitted as a change request for future consideration.

Folks, it's official: We're on our own. Good luck!

--
Jeff Vandervoort
JRVsystems

"Bosmm" <Bosmm@discussions.microsoft.com> wrote in message
news:19D71B2A-80BA-4117-AD65-493841DB511F@microsoft.com...
>I am soo glad I found this post!!!!
>
> I too am having the exact same problem. I had users that were disjoined
> from
> the Domain when we opened up an outstation. After all my searching for a
> problem I was convinced it had to be something specific with the "other"
> network they are now on. I am going to start wading through your fixes and
> see where I get.
>
> There was definately a business reason for removing the computers from the
> Domain and I would DEFINATELY call this a BUG...
>
> Thanks again!
>
> "Jeff Vandervoort" wrote:
>
>> That didn't happen on my test system, but I don't like that workaround
>> anyway...too many side-effects. So I've only done it on one system, just
>> to
>> confirm PSS's results.
>>
>> My suggestion is to create a Startup Script that adds the Restricted
>> Groups
>> to the local SAM instead of using the AD Restricted Groups feature.
>>
>> Also, an update for all lurkers...make sure to append your "me too"
>> message
>> to this thread and keep it alive. I just received a call from MS PSS and
>> they are evaluating the cost-effectiveness of fixing this issue. The guy
>> I
>> spoke to was skeptical that it affected many people...his reasoning was,
>> "How many people disjoin a computer from a domain?". My client has a good
>> reason to do so...how about you? I've given the Google Search URL for
>> this
>> thread to them and have reason to believe it's being monitored. I'm going
>> to
>> forward it again to the PSS contact who's preparing the business case for
>> fixing it. So keep posting, folks!
>>
>> --
>> Jeff Vandervoort
>> JRVsystems
>> "DSipp" <DSipp@discussions.microsoft.com> wrote in message
>> news:25CAB71F-2D03-404E-84A2-8FCB2DD9BBB0@microsoft.com...
>> > How do I move those files? The system says they are locked and in safe
>> > mode
>> > they are gone?
>> >
>> > "Jeff Vandervoort" wrote:
>> >
>> >> We're seeing the same thing here; I can confirm the results. And since
>> >> Tomas
>> >> posted a reply here, I thought I should too!
>> >>
>> >> Tomas' workaround worked for me, too, but while it fixes the ESENT.DLL
>> >> crash, it has side effects you need to be aware of. If there are other
>> >> security policies in GPO, they will not be removed when the computer
>> >> is
>> >> removed from the domain. The SceCli and Userenv errors will continue
>> >> (although the SceCli one will change a bit).
>> >>
>> >> The only complete solution I know of is not to use Restricted Groups
>> >> that
>> >> have domain accounts among their members in a GPO that is in scope for
>> >> a
>> >> computer that will be removed from a domain. Fortunately, that was an
>> >> option
>> >> for us in this case, with only modest hardship. I haven't done this,
>> >> yet,
>> >> but will likely substitute a startup script that adds the group for me
>> >> and
>> >> the hardship will disappear; I don't care if the group doesn't get
>> >> removed
>> >> when the machine is removed from the domain.
>> >>
>> >> On a related note, I opened a Microsoft PSS incident for this. They
>> >> have
>> >> reproduced the behavior in their lab. PSS carefully avoided giving me
>> >> any
>> >> information about whether they intended to develop a fix; hopefully
>> >> they
>> >> will. This strikes me as a significant bug.
>> >>
>> >> --
>> >> Jeff Vandervoort
>> >> JRVsystems
>> >> "T0MAS" <T0MAS.1q1k2c@> wrote in message
>> >> news:fPKdndBzirQPjz3fRVn_vg@giganews.com...
>> >> >
>> >> > I have solved same problem with crashing services.exe.
>> >> >
>> >> > User on bussiness trip removed his notebook from domain.
>> >> > He reports problem with error message :
>> >> > Title of window : Services and Controller app
>> >> > in error message: Error signature szAppName: Services.exe .....
>> >> > in event log was event 1000 Faulting application services.exe,
>> >> > version
>> >> > 5.1.2600.2180, faulting module esent.dll, version 5.1.2600.2180,
>> >> > fault
>> >> > address 0x0002334c.
>> >> > After clicking on Close button apears automatic shutdown counter and
>> >> > in
>> >> > 30 seconds system was restarted.
>> >> > This same behaviour repeated several times.
>> >> > In evet log I found misc. events with probably related with this
>> >> > problem:
>> >> >
>> >> > The Group Policy client-side extension Security failed to execute
>> >> > (event 1085)
>> >> > Faulting application services.exe
>> >> > Security policies were propagated with warning. 0x428 (event 1202)
>> >> >
>> >> > in winlogon.log (I have enabled debug for that purpose) I found:
>> >> > ----Configure Group Membership...
>> >> > Configure Administrators.
>> >> > Error 1332: No mapping between account names and security IDs was
>> >> > done.
>> >> > Error occurred during lookup of all accounts.
>> >> >
>> >> > It was seems that some domain policy that contains Restricted group
>> >> > feature remains on notebook and periodically in moment when policy
>> >> > was
>> >> > refreshed caused error with services.exe. I knew that when notebook
>> >> > was
>> >> > removed from domain then domain policy cannot applied to non-member
>> >> > computer.
>> >> > I made several actions : I again joined notebook to domain(then
>> >> > restart) and again I removed it and problem occured again and again.
>> >> > I
>> >> > disabled background policy refresh, I set refresh interval to max
>> >> > value
>> >> > 45 days and nothing helps. When automatic shutdown apears I stoped
>> >> > it
>> >> > every time by command shutdown /a.
>> >> > Every time I found in winlogon.log that some policy tryed manage
>> >> > membership in groups and ends with error because probably did not
>> >> > have
>> >> > access to domain (notebook was removed from domain).
>> >> >
>> >> > I have tryed to check consistency od secedit.sdb by esentutl /g
>> >> > %windir%\Security\Database\Secedit.sdb and all was OK.
>> >> > Excuse my english.
>> >> > After that i crossed my mind that it may not caused by deffective
>> >> > remained domain policy but it may caused by local group policy which
>> >> > contain domain accounts (SIDs). Thats my deduction.
>> >> > After that I moved c:\WINDOWS\security\Database\secedit.sdb and
>> >> > c:\WINDOWS\security\*edb* and c:\WINDOWS\security\*.log to backup
>> >> > folder and after restart local group policy was reseted and after
>> >> > that
>> >> > user confirmed that error never apears and all works fine.
>> >> >
>> >> > In my case (case of one of my users) problem with crashing
>> >> > services.exe
>> >> > and periodical restarts was solved by reseting local group policy
>> >> > (by
>> >> > removing database and related files).
>> >> >
>> >> > When I begin solving of this problem I spent to much time with
>> >> > searching similar problem on Internet but I din't found equal. This
>> >> > page was not usefull exactly in my cause but everytime when I
>> >> > searching
>> >> > on Inet by using misc. search engines I everytime get this page
>> >> > therefore I decided to write my solution here.
>> >> > I have writed in this my article too much informations because each
>> >> > user searching this problem on Internet with miscelaneous with
>> >> > keywords
>> >> > and therefore I writed so much (for search engines too).
>> >> >
>> >> > I hope that same case may happen to someone and my story may helps
>> >> > him.
>> >> >
>> >> > Admin from Slovak Republic (Slovakia not Slovenia)
>> >> >
>> >> >
>> >> > --
>> >> > T0MASPosted from http://www.pcreview.co.uk/ newsgroup access
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>

And, at this writing at least, the bug still does not appear to be
documented on Microsoft's Knowledge Base. I've requested that it be
added...for whatever that's worth.

--
Jeff Vandervoort
JRVsystems
"Bosmm" <Bosmm@discussions.microsoft.com> wrote in message
news:19D71B2A-80BA-4117-AD65-493841DB511F@microsoft.com...
>I am soo glad I found this post!!!!
>
> I too am having the exact same problem. I had users that were disjoined
> from
> the Domain when we opened up an outstation. After all my searching for a
> problem I was convinced it had to be something specific with the "other"
> network they are now on. I am going to start wading through your fixes and
> see where I get.
>
> There was definately a business reason for removing the computers from the
> Domain and I would DEFINATELY call this a BUG...
>
> Thanks again!
>
> "Jeff Vandervoort" wrote:
>
>> That didn't happen on my test system, but I don't like that workaround
>> anyway...too many side-effects. So I've only done it on one system, just
>> to
>> confirm PSS's results.
>>
>> My suggestion is to create a Startup Script that adds the Restricted
>> Groups
>> to the local SAM instead of using the AD Restricted Groups feature.
>>
>> Also, an update for all lurkers...make sure to append your "me too"
>> message
>> to this thread and keep it alive. I just received a call from MS PSS and
>> they are evaluating the cost-effectiveness of fixing this issue. The guy
>> I
>> spoke to was skeptical that it affected many people...his reasoning was,
>> "How many people disjoin a computer from a domain?". My client has a good
>> reason to do so...how about you? I've given the Google Search URL for
>> this
>> thread to them and have reason to believe it's being monitored. I'm going
>> to
>> forward it again to the PSS contact who's preparing the business case for
>> fixing it. So keep posting, folks!
>>
>> --
>> Jeff Vandervoort
>> JRVsystems
>> "DSipp" <DSipp@discussions.microsoft.com> wrote in message
>> news:25CAB71F-2D03-404E-84A2-8FCB2DD9BBB0@microsoft.com...
>> > How do I move those files? The system says they are locked and in safe
>> > mode
>> > they are gone?
>> >
>> > "Jeff Vandervoort" wrote:
>> >
>> >> We're seeing the same thing here; I can confirm the results. And since
>> >> Tomas
>> >> posted a reply here, I thought I should too!
>> >>
>> >> Tomas' workaround worked for me, too, but while it fixes the ESENT.DLL
>> >> crash, it has side effects you need to be aware of. If there are other
>> >> security policies in GPO, they will not be removed when the computer
>> >> is
>> >> removed from the domain. The SceCli and Userenv errors will continue
>> >> (although the SceCli one will change a bit).
>> >>
>> >> The only complete solution I know of is not to use Restricted Groups
>> >> that
>> >> have domain accounts among their members in a GPO that is in scope for
>> >> a
>> >> computer that will be removed from a domain. Fortunately, that was an
>> >> option
>> >> for us in this case, with only modest hardship. I haven't done this,
>> >> yet,
>> >> but will likely substitute a startup script that adds the group for me
>> >> and
>> >> the hardship will disappear; I don't care if the group doesn't get
>> >> removed
>> >> when the machine is removed from the domain.
>> >>
>> >> On a related note, I opened a Microsoft PSS incident for this. They
>> >> have
>> >> reproduced the behavior in their lab. PSS carefully avoided giving me
>> >> any
>> >> information about whether they intended to develop a fix; hopefully
>> >> they
>> >> will. This strikes me as a significant bug.
>> >>
>> >> --
>> >> Jeff Vandervoort
>> >> JRVsystems
>> >> "T0MAS" <T0MAS.1q1k2c@> wrote in message
>> >> news:fPKdndBzirQPjz3fRVn_vg@giganews.com...
>> >> >
>> >> > I have solved same problem with crashing services.exe.
>> >> >
>> >> > User on bussiness trip removed his notebook from domain.
>> >> > He reports problem with error message :
>> >> > Title of window : Services and Controller app
>> >> > in error message: Error signature szAppName: Services.exe .....
>> >> > in event log was event 1000 Faulting application services.exe,
>> >> > version
>> >> > 5.1.2600.2180, faulting module esent.dll, version 5.1.2600.2180,
>> >> > fault
>> >> > address 0x0002334c.
>> >> > After clicking on Close button apears automatic shutdown counter and
>> >> > in
>> >> > 30 seconds system was restarted.
>> >> > This same behaviour repeated several times.
>> >> > In evet log I found misc. events with probably related with this
>> >> > problem:
>> >> >
>> >> > The Group Policy client-side extension Security failed to execute
>> >> > (event 1085)
>> >> > Faulting application services.exe
>> >> > Security policies were propagated with warning. 0x428 (event 1202)
>> >> >
>> >> > in winlogon.log (I have enabled debug for that purpose) I found:
>> >> > ----Configure Group Membership...
>> >> > Configure Administrators.
>> >> > Error 1332: No mapping between account names and security IDs was
>> >> > done.
>> >> > Error occurred during lookup of all accounts.
>> >> >
>> >> > It was seems that some domain policy that contains Restricted group
>> >> > feature remains on notebook and periodically in moment when policy
>> >> > was
>> >> > refreshed caused error with services.exe. I knew that when notebook
>> >> > was
>> >> > removed from domain then domain policy cannot applied to non-member
>> >> > computer.
>> >> > I made several actions : I again joined notebook to domain(then
>> >> > restart) and again I removed it and problem occured again and again.
>> >> > I
>> >> > disabled background policy refresh, I set refresh interval to max
>> >> > value
>> >> > 45 days and nothing helps. When automatic shutdown apears I stoped
>> >> > it
>> >> > every time by command shutdown /a.
>> >> > Every time I found in winlogon.log that some policy tryed manage
>> >> > membership in groups and ends with error because probably did not
>> >> > have
>> >> > access to domain (notebook was removed from domain).
>> >> >
>> >> > I have tryed to check consistency od secedit.sdb by esentutl /g
>> >> > %windir%\Security\Database\Secedit.sdb and all was OK.
>> >> > Excuse my english.
>> >> > After that i crossed my mind that it may not caused by deffective
>> >> > remained domain policy but it may caused by local group policy which
>> >> > contain domain accounts (SIDs). Thats my deduction.
>> >> > After that I moved c:\WINDOWS\security\Database\secedit.sdb and
>> >> > c:\WINDOWS\security\*edb* and c:\WINDOWS\security\*.log to backup
>> >> > folder and after restart local group policy was reseted and after
>> >> > that
>> >> > user confirmed that error never apears and all works fine.
>> >> >
>> >> > In my case (case of one of my users) problem with crashing
>> >> > services.exe
>> >> > and periodical restarts was solved by reseting local group policy
>> >> > (by
>> >> > removing database and related files).
>> >> >
>> >> > When I begin solving of this problem I spent to much time with
>> >> > searching similar problem on Internet but I din't found equal. This
>> >> > page was not usefull exactly in my cause but everytime when I
>> >> > searching
>> >> > on Inet by using misc. search engines I everytime get this page
>> >> > therefore I decided to write my solution here.
>> >> > I have writed in this my article too much informations because each
>> >> > user searching this problem on Internet with miscelaneous with
>> >> > keywords
>> >> > and therefore I writed so much (for search engines too).
>> >> >
>> >> > I hope that same case may happen to someone and my story may helps
>> >> > him.
>> >> >
>> >> > Admin from Slovak Republic (Slovakia not Slovenia)
>> >> >
>> >> >
>> >> > --
>> >> > T0MASPosted from http://www.pcreview.co.uk/ newsgroup access
>> >> >
>> >>
>> >>
>> >>
>>
>>
>>

Thanks for all of your responses. I am getting this error too on a
laptop that was removed from the domain. There is a need to be able to
remove yourself from one domain and add to another, especially if you
travel to different companies and do consulting work. I have to change
my domain constantly. Perhaps Microsoft could change their app to allow
multiple domain connection configuration.... Oh well. Anyway thanks
for the fix ideas. I have tried them and am waiting to see if I still
get this message. Hopefully Microsoft will decide to put a fix out
there for this.
Jeff Vandervoort Wrote:
> And, at this writing at least, the bug still does not appear to be
> documented on Microsoft's Knowledge Base. I've requested that it be
> added...for whatever that's worth.
>
> --
> Jeff Vandervoort
> JRVsystems
> "Bosmm" Bosmm@discussions.microsoft.com wrote in message
> news:19D71B2A-80BA-4117-AD65-493841DB511F@microsoft.com...
> I am soo glad I found this post!!!!
>
> I too am having the exact same problem. I had users that were
> disjoined
> from
> the Domain when we opened up an outstation. After all my searching for
> a
> problem I was convinced it had to be something specific with the
> "other"
> network they are now on. I am going to start wading through your fixes
> and
> see where I get.
>
> There was definately a business reason for removing the computers from
> the
> Domain and I would DEFINATELY call this a BUG...
>
> Thanks again!
>
> "Jeff Vandervoort" wrote:
>
> That didn't happen on my test system, but I don't like that
> workaround
> anyway...too many side-effects. So I've only done it on one system,
> just
> to
> confirm PSS's results.
>
> My suggestion is to create a Startup Script that adds the Restricted
> Groups
> to the local SAM instead of using the AD Restricted Groups feature.
>
> Also, an update for all lurkers...make sure to append your "me too"
> message
> to this thread and keep it alive. I just received a call from MS PSS
> and
> they are evaluating the cost-effectiveness of fixing this issue. The
> guy
> I
> spoke to was skeptical that it affected many people...his reasoning
> was,
> "How many people disjoin a computer from a domain?". My client has a
> good
> reason to do so...how about you? I've given the Google Search URL for
> this
> thread to them and have reason to believe it's being monitored. I'm
> going
> to
> forward it again to the PSS contact who's preparing the business case
> for
> fixing it. So keep posting, folks!
>
> --
> Jeff Vandervoort
> JRVsystems
> "DSipp" DSipp@discussions.microsoft.com wrote in message
> news:25CAB71F-2D03-404E-84A2-8FCB2DD9BBB0@microsoft.com...
> How do I move those files? The system says they are locked and in
> safe
> mode
> they are gone?
>
> "Jeff Vandervoort" wrote:
>
> We're seeing the same thing here; I can confirm the results. And
> since
> Tomas
> posted a reply here, I thought I should too!
>
> Tomas' workaround worked for me, too, but while it fixes the
> ESENT.DLL
> crash, it has side effects you need to be aware of. If there are
> other
> security policies in GPO, they will not be removed when the computer
> is
> removed from the domain. The SceCli and Userenv errors will continue
> (although the SceCli one will change a bit).
>
> The only complete solution I know of is not to use Restricted Groups
> that
> have domain accounts among their members in a GPO that is in scope
> for
> a
> computer that will be removed from a domain. Fortunately, that was
> an
> option
> for us in this case, with only modest hardship. I haven't done this,
> yet,
> but will likely substitute a startup script that adds the group for
> me
> and
> the hardship will disappear; I don't care if the group doesn't get
> removed
> when the machine is removed from the domain.
>
> On a related note, I opened a Microsoft PSS incident for this. They
> have
> reproduced the behavior in their lab. PSS carefully avoided giving
> me
> any
> information about whether they intended to develop a fix; hopefully
> they
> will. This strikes me as a significant bug.
>
> --
> Jeff Vandervoort
> JRVsystems
> "T0MAS" T0MAS.1q1k2c@ wrote in message
> news:fPKdndBzirQPjz3fRVn_vg@giganews.com...
>
> I have solved same problem with crashing services.exe.
>
> User on bussiness trip removed his notebook from domain.
> He reports problem with error message :
> Title of window : Services and Controller app
> in error message: Error signature szAppName: Services.exe .....
> in event log was event 1000 Faulting application services.exe,
> version
> 5.1.2600.2180, faulting module esent.dll, version 5.1.2600.2180,
> fault
> address 0x0002334c.
> After clicking on Close button apears automatic shutdown counter
> and
> in
> 30 seconds system was restarted.
> This same behaviour repeated several times.
> In evet log I found misc. events with probably related with this
> problem:
>
> The Group Policy client-side extension Security failed to execute
> (event 1085)
> Faulting application services.exe
> Security policies were propagated with warning. 0x428 (event 1202)
>
> in winlogon.log (I have enabled debug for that purpose) I found:
> ----Configure Group Membership...
> Configure Administrators.
> Error 1332: No mapping between account names and security IDs was
> done.
> Error occurred during lookup of all accounts.
>
> It was seems that some domain policy that contains Restricted group
> feature remains on notebook and periodically in moment when policy
> was
> refreshed caused error with services.exe. I knew that when notebook
> was
> removed from domain then domain policy cannot applied to non-member
> computer.
> I made several actions : I again joined notebook to domain(then
> restart) and again I removed it and problem occured again and
> again.
> I
> disabled background policy refresh, I set refresh interval to max
> value
> 45 days and nothing helps. When automatic shutdown apears I stoped
> it
> every time by command shutdown /a.
> Every time I found in winlogon.log that some policy tryed manage
> membership in groups and ends with error because probably did not
> have
> access to domain (notebook was removed from domain).
>
> I have tryed to check consistency od secedit.sdb by esentutl /g
> %windir%\Security\Database\Secedit.sdb and all was OK.
> Excuse my english.
> After that i crossed my mind that it may not caused by deffective
> remained domain policy but it may caused by local group policy
> which
> contain domain accounts (SIDs). Thats my deduction.
> After that I moved c:\WINDOWS\security\Database\secedit.sdb and
> c:\WINDOWS\security\*edb* and c:\WINDOWS\security\*.log to backup
> folder and after restart local group policy was reseted and after
> that
> user confirmed that error never apears and all works fine.
>
> In my case (case of one of my users) problem with crashing
> services.exe
> and periodical restarts was solved by reseting local group policy
> (by
> removing database and related files).
>
> When I begin solving of this problem I spent to much time with
> searching similar problem on Internet but I din't found equal. This
> page was not usefull exactly in my cause but everytime when I
> searching
> on Inet by using misc. search engines I everytime get this page
> therefore I decided to write my solution here.
> I have writed in this my article too much informations because each
> user searching this problem on Internet with miscelaneous with
> keywords
> and therefore I writed so much (for search engines too).
>
> I hope that same case may happen to someone and my story may helps
> him.
>
> Admin from Slovak Republic (Slovakia not Slovenia)
>
>
> --
> T0MASPosted from http://www.pcreview.co.uk/ newsgroup access
>
>
>
>
>
>
>


--
rfrendreiss

You could try NetSwitcher?
http://www.netswitcher.com/


--
************************************************** ****
Most learned on these newsgroups
Tumppi, Helsinki, FINLAND
(translations from/to FI not always accurate)
************************************************** ****




"rfrendreiss" <rfrendreiss.1zl0lz@pcbanter.net> kirjoitti
viestissä:rfrendreiss.1zl0lz@pcbanter.net...
>
> Thanks for all of your responses. I am getting this error too on a
> laptop that was removed from the domain. There is a need to be able to
> remove yourself from one domain and add to another, especially if you
> travel to different companies and do consulting work. I have to change
> my domain constantly. Perhaps Microsoft could change their app to allow
> multiple domain connection configuration.... Oh well. Anyway thanks
> for the fix ideas. I have tried them and am waiting to see if I still
> get this message. Hopefully Microsoft will decide to put a fix out
> there for this.
> Jeff Vandervoort Wrote:
>> And, at this writing at least, the bug still does not appear to be
>> documented on Microsoft's Knowledge Base. I've requested that it be
>> added...for whatever that's worth.
>>
>> --
>> Jeff Vandervoort
>> JRVsystems
>> "Bosmm" Bosmm@discussions.microsoft.com wrote in message
>> news:19D71B2A-80BA-4117-AD65-493841DB511F@microsoft.com...
>> I am soo glad I found this post!!!!
>>
>> I too am having the exact same problem. I had users that were
>> disjoined
>> from
>> the Domain when we opened up an outstation. After all my searching for
>> a
>> problem I was convinced it had to be something specific with the
>> "other"
>> network they are now on. I am going to start wading through your fixes
>> and
>> see where I get.
>>
>> There was definately a business reason for removing the computers from
>> the
>> Domain and I would DEFINATELY call this a BUG...
>>
>> Thanks again!
>>
>> "Jeff Vandervoort" wrote:
>>
>> That didn't happen on my test system, but I don't like that
>> workaround
>> anyway...too many side-effects. So I've only done it on one system,
>> just
>> to
>> confirm PSS's results.
>>
>> My suggestion is to create a Startup Script that adds the Restricted
>> Groups
>> to the local SAM instead of using the AD Restricted Groups feature.
>>
>> Also, an update for all lurkers...make sure to append your "me too"
>> message
>> to this thread and keep it alive. I just received a call from MS PSS
>> and
>> they are evaluating the cost-effectiveness of fixing this issue. The
>> guy
>> I
>> spoke to was skeptical that it affected many people...his reasoning
>> was,
>> "How many people disjoin a computer from a domain?". My client has a
>> good
>> reason to do so...how about you? I've given the Google Search URL for
>> this
>> thread to them and have reason to believe it's being monitored. I'm
>> going
>> to
>> forward it again to the PSS contact who's preparing the business case
>> for
>> fixing it. So keep posting, folks!
>>
>> --
>> Jeff Vandervoort
>> JRVsystems
>> "DSipp" DSipp@discussions.microsoft.com wrote in message
>> news:25CAB71F-2D03-404E-84A2-8FCB2DD9BBB0@microsoft.com...
>> How do I move those files? The system says they are locked and in
>> safe
>> mode
>> they are gone?
>>
>> "Jeff Vandervoort" wrote:
>>
>> We're seeing the same thing here; I can confirm the results. And
>> since
>> Tomas
>> posted a reply here, I thought I should too!
>>
>> Tomas' workaround worked for me, too, but while it fixes the
>> ESENT.DLL
>> crash, it has side effects you need to be aware of. If there are
>> other
>> security policies in GPO, they will not be removed when the computer
>> is
>> removed from the domain. The SceCli and Userenv errors will continue
>> (although the SceCli one will change a bit).
>>
>> The only complete solution I know of is not to use Restricted Groups
>> that
>> have domain accounts among their members in a GPO that is in scope
>> for
>> a
>> computer that will be removed from a domain. Fortunately, that was
>> an
>> option
>> for us in this case, with only modest hardship. I haven't done this,
>> yet,
>> but will likely substitute a startup script that adds the group for
>> me
>> and
>> the hardship will disappear; I don't care if the group doesn't get
>> removed
>> when the machine is removed from the domain.
>>
>> On a related note, I opened a Microsoft PSS incident for this. They
>> have
>> reproduced the behavior in their lab. PSS carefully avoided giving
>> me
>> any
>> information about whether they intended to develop a fix; hopefully
>> they
>> will. This strikes me as a significant bug.
>>
>> --
>> Jeff Vandervoort
>> JRVsystems
>> "T0MAS" T0MAS.1q1k2c@ wrote in message
>> news:fPKdndBzirQPjz3fRVn_vg@giganews.com...
>>
>> I have solved same problem with crashing services.exe.
>>
>> User on bussiness trip removed his notebook from domain.
>> He reports problem with error message :
>> Title of window : Services and Controller app
>> in error message: Error signature szAppName: Services.exe .....
>> in event log was event 1000 Faulting application services.exe,
>> version
>> 5.1.2600.2180, faulting module esent.dll, version 5.1.2600.2180,
>> fault
>> address 0x0002334c.
>> After clicking on Close button apears automatic shutdown counter
>> and
>> in
>> 30 seconds system was restarted.
>> This same behaviour repeated several times.
>> In evet log I found misc. events with probably related with this
>> problem:
>>
>> The Group Policy client-side extension Security failed to execute
>> (event 1085)
>> Faulting application services.exe
>> Security policies were propagated with warning. 0x428 (event 1202)
>>
>> in winlogon.log (I have enabled debug for that purpose) I found:
>> ----Configure Group Membership...
>> Configure Administrators.
>> Error 1332: No mapping between account names and security IDs was
>> done.
>> Error occurred during lookup of all accounts.
>>
>> It was seems that some domain policy that contains Restricted group
>> feature remains on notebook and periodically in moment when policy
>> was
>> refreshed caused error with services.exe. I knew that when notebook
>> was
>> removed from domain then domain policy cannot applied to non-member
>> computer.
>> I made several actions : I again joined notebook to domain(then
>> restart) and again I removed it and problem occured again and
>> again.
>> I
>> disabled background policy refresh, I set refresh interval to max
>> value
>> 45 days and nothing helps. When automatic shutdown apears I stoped
>> it
>> every time by command shutdown /a.
>> Every time I found in winlogon.log that some policy tryed manage
>> membership in groups and ends with error because probably did not
>> have
>> access to domain (notebook was removed from domain).
>>
>> I have tryed to check consistency od secedit.sdb by esentutl /g
>> %windir%\Security\Database\Secedit.sdb and all was OK.
>> Excuse my english.
>> After that i crossed my mind that it may not caused by deffective
>> remained domain policy but it may caused by local group policy
>> which
>> contain domain accounts (SIDs). Thats my deduction.
>> After that I moved c:\WINDOWS\security\Database\secedit.sdb and
>> c:\WINDOWS\security\*edb* and c:\WINDOWS\security\*.log to backup
>> folder and after restart local group policy was reseted and after
>> that
>> user confirmed that error never apears and all works fine.
>>
>> In my case (case of one of my users) problem with crashing
>> services.exe
>> and periodical restarts was solved by reseting local group policy
>> (by
>> removing database and related files).
>>
>> When I begin solving of this problem I spent to much time with
>> searching similar problem on Internet but I din't found equal. This
>> page was not usefull exactly in my cause but everytime when I
>> searching
>> on Inet by using misc. search engines I everytime get this page
>> therefore I decided to write my solution here.
>> I have writed in this my article too much informations because each
>> user searching this problem on Internet with miscelaneous with
>> keywords
>> and therefore I writed so much (for search engines too).
>>
>> I hope that same case may happen to someone and my story may helps
>> him.
>>
>> Admin from Slovak Republic (Slovakia not Slovenia)
>>
>>
>> --
>> T0MASPosted from http://www.pcreview.co.uk/ newsgroup access
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> rfrendreiss

Hmm, well that's just too simple. Thanks, I think I will try that!

Thomas Wendell Wrote:
> You could try NetSwitcher?
> http://www.netswitcher.com/
>
>
> --
> ************************************************** ****
> Most learned on these newsgroups
> Tumppi, Helsinki, FINLAND
> (translations from/to FI not always accurate)
> ************************************************** ****
>
>
>
>
> "rfrendreiss" rfrendreiss.1zl0lz@pcbanter.net kirjoitti
> viestissä:rfrendreiss.1zl0lz@pcbanter.net...
>
> Thanks for all of your responses. I am getting this error too on a
> laptop that was removed from the domain. There is a need to be able
> to
> remove yourself from one domain and add to another, especially if you
> travel to different companies and do consulting work. I have to
> change
> my domain constantly. Perhaps Microsoft could change their app to
> allow
> multiple domain connection configuration.... Oh well. Anyway thanks
> for the fix ideas. I have tried them and am waiting to see if I still
> get this message. Hopefully Microsoft will decide to put a fix out
> there for this.
> Jeff Vandervoort Wrote:
> And, at this writing at least, the bug still does not appear to be
> documented on Microsoft's Knowledge Base. I've requested that it be
> added...for whatever that's worth.
>
> --
> Jeff Vandervoort
> JRVsystems
> "Bosmm" Bosmm@discussions.microsoft.com wrote in message
> news:19D71B2A-80BA-4117-AD65-493841DB511F@microsoft.com...
> I am soo glad I found this post!!!!
>
> I too am having the exact same problem. I had users that were
> disjoined
> from
> the Domain when we opened up an outstation. After all my searching
> for
> a
> problem I was convinced it had to be something specific with the
> "other"
> network they are now on. I am going to start wading through your
> fixes
> and
> see where I get.
>
> There was definately a business reason for removing the computers
> from
> the
> Domain and I would DEFINATELY call this a BUG...
>
> Thanks again!
>
> "Jeff Vandervoort" wrote:
>
> That didn't happen on my test system, but I don't like that
> workaround
> anyway...too many side-effects. So I've only done it on one system,
> just
> to
> confirm PSS's results.
>
> My suggestion is to create a Startup Script that adds the Restricted
> Groups
> to the local SAM instead of using the AD Restricted Groups feature.
>
> Also, an update for all lurkers...make sure to append your "me too"
> message
> to this thread and keep it alive. I just received a call from MS PSS
> and
> they are evaluating the cost-effectiveness of fixing this issue. The
> guy
> I
> spoke to was skeptical that it affected many people...his reasoning
> was,
> "How many people disjoin a computer from a domain?". My client has a
> good
> reason to do so...how about you? I've given the Google Search URL for
> this
> thread to them and have reason to believe it's being monitored. I'm
> going
> to
> forward it again to the PSS contact who's preparing the business case
> for
> fixing it. So keep posting, folks!
>
> --
> Jeff Vandervoort
> JRVsystems
> "DSipp" DSipp@discussions.microsoft.com wrote in message
> news:25CAB71F-2D03-404E-84A2-8FCB2DD9BBB0@microsoft.com...
> How do I move those files? The system says they are locked and in
> safe
> mode
> they are gone?
>
> "Jeff Vandervoort" wrote:
>
> We're seeing the same thing here; I can confirm the results. And
> since
> Tomas
> posted a reply here, I thought I should too!
>
> Tomas' workaround worked for me, too, but while it fixes the
> ESENT.DLL
> crash, it has side effects you need to be aware of. If there are
> other
> security policies in GPO, they will not be removed when the computer
> is
> removed from the domain. The SceCli and Userenv errors will continue
> (although the SceCli one will change a bit).
>
> The only complete solution I know of is not to use Restricted Groups
> that
> have domain accounts among their members in a GPO that is in scope
> for
> a
> computer that will be removed from a domain. Fortunately, that was
> an
> option
> for us in this case, with only modest hardship. I haven't done this,
> yet,
> but will likely substitute a startup script that adds the group for
> me
> and
> the hardship will disappear; I don't care if the group doesn't get
> removed
> when the machine is removed from the domain.
>
> On a related note, I opened a Microsoft PSS incident for this. They
> have
> reproduced the behavior in their lab. PSS carefully avoided giving
> me
> any
> information about whether they intended to develop a fix; hopefully
> they
> will. This strikes me as a significant bug.
>
> --
> Jeff Vandervoort
> JRVsystems
> "T0MAS" T0MAS.1q1k2c@ wrote in message
> news:fPKdndBzirQPjz3fRVn_vg@giganews.com...
>
> I have solved same problem with crashing services.exe.
>
> User on bussiness trip removed his notebook from domain.
> He reports problem with error message :
> Title of window : Services and Controller app
> in error message: Error signature szAppName: Services.exe .....
> in event log was event 1000 Faulting application services.exe,
> version
> 5.1.2600.2180, faulting module esent.dll, version 5.1.2600.2180,
> fault
> address 0x0002334c.
> After clicking on Close button apears automatic shutdown counter
> and
> in
> 30 seconds system was restarted.
> This same behaviour repeated several times.
> In evet log I found misc. events with probably related with this
> problem:
>
> The Group Policy client-side extension Security failed to execute
> (event 1085)
> Faulting application services.exe
> Security policies were propagated with warning. 0x428 (event 1202)
>
> in winlogon.log (I have enabled debug for that purpose) I found:
> ----Configure Group Membership...
> Configure Administrators.
> Error 1332: No mapping between account names and security IDs was
> done.
> Error occurred during lookup of all accounts.
>
> It was seems that some domain policy that contains Restricted group
> feature remains on notebook and periodically in moment when policy
> was
> refreshed caused error with services.exe. I knew that when notebook
> was
> removed from domain then domain policy cannot applied to non-member
> computer.
> I made several actions : I again joined notebook to domain(then
> restart) and again I removed it and problem occured again and
> again.
> I
> disabled background policy refresh, I set refresh interval to max
> value
> 45 days and nothing helps. When automatic shutdown apears I stoped
> it
> every time by command shutdown /a.
> Every time I found in winlogon.log that some policy tryed manage
> membership in groups and ends with error because probably did not
> have
> access to domain (notebook was removed from domain).
>
> I have tryed to check consistency od secedit.sdb by esentutl /g
> %windir%\Security\Database\Secedit.sdb and all was OK.
> Excuse my english.
> After that i crossed my mind that it may not caused by deffective
> remained domain policy but it may caused by local group policy
> which
> contain domain accounts (SIDs). Thats my deduction.
> After that I moved c:\WINDOWS\security\Database\secedit.sdb and
> c:\WINDOWS\security\*edb* and c:\WINDOWS\security\*.log to backup
> folder and after restart local group policy was reseted and after
> that
> user confirmed that error never apears and all works fine.
>
> In my case (case of one of my users) problem with crashing
> services.exe
> and periodical restarts was solved by reseting local group policy
> (by
> removing database and related files).
>
> When I begin solving of this problem I spent to much time with
> searching similar problem on Internet but I din't found equal. This
> page was not usefull exactly in my cause but everytime when I
> searching
> on Inet by using misc. search engines I everytime get this page
> therefore I decided to write my solution here.
> I have writed in this my article too much informations because each
> user searching this problem on Internet with miscelaneous with
> keywords
> and therefore I writed so much (for search engines too).
>
> I hope that same case may happen to someone and my story may helps
> him.
>
> Admin from Slovak Republic (Slovakia not Slovenia)
>
>
> --
> T0MASPosted from http://www.pcreview.co.uk/ newsgroup access
>
>
>
>
>
>
>
>
>
> --
> rfrendreiss


--
rfrendreiss