I’ve seen this error many times. It’s not always an easy fix but I’ve found one fix that eliminates most of the complex instructions below. Search for all files named secsetup.sdb, delete them all and reboot. This database will be recreated on bootup and your errors should be gone. To confirm open a dos window and run “gpupdate /force”, check the logs, seccli should work with no error or warning message.
If this doesn’t work continue to the text below.
The 0x4b8 error is generic and can be caused by a number of different problems. To troubleshoot these errors, follow these steps:
- Enable debug logging for the Security Configuration client-side extension. To do this:
•Start Registry Editor (regedit).
•Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F7 9F83A}•On the Edit menu, click Add Value, and then add the following registry value:
Value name: ExtensionDebugLevel
Data type: DWORD
Value data: 2
•Quit Registry Editor. - Refresh the policy settings to reproduce the failure. To refresh the policy settings, type the following at the command prompt, and then press ENTER:
secedit /refreshpolicy machine_policy /enforce. This creates a file that is named Winlogon.log in the %SYSTEMROOT%\Security\Logs folder. - Rename the log file C:\Windows\security\edb.log to edb.org.
- See the following Microsoft Knowledge Base articles. These articles describe known issues that cause the 0x4b8 error. Click the following article numbers to view the articles in the Microsoft Knowledge Base:
260715 (http://support.microsoft.com/kb/260715/EN-US/ ) Event ID 1000 and 1202 After Configuring Policies
278316 (http://support.microsoft.com/kb/278316/ ) ESENT Event IDs 1000, 1202, 412, and 454 Are Logged Repeatedly in the Application Event Log
