How to solve EVENT ID 1202 SceCli 0x57 Parameter is incorrect

Customer is repeatedly getting this Event ID on all Servers and Clients, especially on the Domain Controllers being logged every 5 minute.

Searching for that Error gives thousands of results, most less helpful.The way I solved this problem was like this.

  1. On one of the servers having the problem, run RSOP.MSC
  2. Resultant Set of Policies showed a Warning on the Computer policies. Selecting properties there showed the same error as in our Event Log.
  3. Browsing the Tree showed that there were a problem in the Password Policy section, from the Default Domain Policy.
  4. Which were also visible in GPMC (Group Policy Management Console)
  5. By modifying the Default Domain Policy and fixing the bad entries (no clue how they got there). The Error message (and problem) is now gone.

 

 

 

 

 

How to delete files in a userprofile with Group Policy Preferences

As a follow up to my post about How to automatically Hide “Configure this local server” in Server Manager. I mentioned it’s possible to remove the individual user.config files in various ways to reset the behavior and hide the Welcome Tile. You can easily do that with a GPO like this;

Paths:

It’s a Group Policy being applied to all Server Admins utilizing Group Policy Preferences to delete two files (one for Windows Server 2012R2 and one for Windows Server 2016). But it’s only doing it once to make sure that if a admin does any changes to the file it won’t be deleted again. The idea is that it will be deleted once to reset settings to the one in ServerManager.exe.config but not repeatedly after that if the administrator saves any other changes.

 

Reduce DNS Client Cache in Windows Server 2012 R2

I’m often using Remote Desktop Gateways to connect to various environments, including our Private Cloud. One challenge arises when I change IP-address or network settings on a computer through SCVMM. As the RDGW has cached the DNS entry and IP Address, it takes a while until that information is cleared and I’m able to eastablish a connection. Or to be fair, what I usually do is RDP into the RDGW and does a “ipconfig /flushdns” and then reconnect the first server.
It does work, but wouldn’t it be better if that was kind of done automatically. Well, I guess you could schedule a “ipconfig /flushdns” every X minutes and get the desired result.

A better solution is to reduce the DNS Cache timeout on the RDGW server! I’ve modified mine to cache entries for just 10 seconds, and then do a new DNS query.  10 Seconds might be a bit too aggressive though it works fine for me.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters  maxcacheTTL
HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters
maxcacheTTL

Use this registry key to set the DNS Client Cache timeout;

Restart the “DNS Client” service to take effect. (net stop dnscache & net start dnscache).
I’ve only tried this on Windows Server 2012 R2, but I guess it should also work on Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012.

Personally, I’ve set this key through Group Policy Preferences to make sure it’s always done, even if the RDGW Server is reinstalled.

The other two values; MaxCacheEntryTtlLimit and MaxNegativeCacheTtl are leftovers from my testing, it seems those values worked for “Windows 2000” and are not used anymore.