Scecli.dll errors occur when opening Account Policies or Local Policies

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Scecli.dll errors may occur when you open Account Policies or Local Policies in Local Computer Policy.

Cause

When you attempt to open Account Policies or Local Policies in Local Computer Policy, you may receive the following error messages:

• “Windows cannot open the local policy database. An unknown error occurred when attempting to open the database.”

• SceCli Event ID 1202: “Security policies are propagated with warning 0x4b8: An extended error has occurred.”

This error message can occur if the Local Group Policy log files are corrupted. This usually indicates that the secedit.sdb file is corrupted.

Solution

To verify and restore secedit.sdb

1. Determine if secedit.sdb is corrupt by running esentutl /g %windir%\security\database\secedit.sdb.

2. Try to restore secedit.sdb from a backup before the problem started.

3. If secedit.sdb is corrupt, attempt a soft recovery first by running esentutl /r edb in the %windir%\security directory.

4. If soft recovery fails, attempt a repair with esentutl /p %windir%\security\Database\secedit.sdb. Then delete the log files %windir%\security\*edb* and %windir%\security\*log.

5. Rebuild secedit.sdb. Delete the following files: %windir%\security\*edb*, %windir%\security\*log, and %windir%\security\database\secedit.sdb.

6. Restart the computer.

For more information, see the following articles which describe other known issues that can cause the 0x4b8 error, see the following:

• Event ID 1000 and 1202 After Configuring Policies on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=39982).

• ESENT Event IDs 1000, 1202, 412, and 454 Are Logged Repeatedly in the Application Event Log on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=39984).