UserEnv experienced an error applying Group Policy to the domain controller. Group Policy must be applied successfully for domain controllers to function properly because domain controllers get several critical permissions, such as Access this computer from network, through policy.

Because of the architecture of UserEnv, Microsoft Operations Manager (MOM) is unable to directly report the specific problem.

If you are seeing "The Group Policy client-side extension Security was passed flags(17) and returned a failure status code of (1332)," the problem is a Group Policy object (GPO) that is referring to a user or group in the Active Directory® directory service that has been deleted.

To enable userenv logging, see Knowledge Base article 221833, “How to Enable User Environment Debug Logging in Retail Builds of Windows,” at http://go.microsoft.com/fwlink/?LinkId=25636. The log file provides details for the specific error.

For information on how to interpret the flags and status code fields, see Knowledge Base article 312164, "How to interpret USERENV 1000 events," at http://go.microsoft.com/fwlink/?LinkId=30521.

Knowledge Base article 221833, “How to Enable User Environment Debug Logging in Retail Builds of Windows,” at http://go.microsoft.com/fwlink/?LinkId=25636.

Knowledge Base article 312164, “How to Interpret USERENV 1000 Events” at http://go.microsoft.com/fwlink/?LinkId=30521.

For more information, see:

• Microsoft Help and Support for Microsoft Windows Server 2008 and above

• Microsoft Knowledge Base