Event 1202 with status 0x534 logged on Windows Server 2008 R2 domain controllers after modifying security policy

When modifying any security setting in the Default Domain Controllers Policy using the Group Policy Management Console (GPMC) from the console of a Windows Server 2008 R2 domain controller, GPMC incorrectly translates the SID for the Wdiservice account in the policy to a user name which is not recognized by the local machines where the policy is enforced.

This issue also occurs when a Windows 7 or Windows Server 2008 R2 member computer modifies any security setting in the Default Domain Controllers Policy on a Windows Server 2008 R2 domain controller.

Edit the %SystemRoot%\Sysvol\domain\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\MACHINE\Microsoft\Windows NT\SecEdit\GPTTMPL.INF file:

Replace the value of a SeSystemProfilePrivilege: *S-1-5-32-544,NT Service\WdiServiceHost (initial value: *S-1-5-32-544,WdiServiceHost).

If you use IIS on server:
Add the “IIS AppPool\” prefix to ‘DefaultAppPool’ and ‘Classic .NET AppPool’ object.

Prerequisites in IIS for installing the SCOM 2012 Web Console

Web Server (IIS) role with the follow server role services:

Static Content
Default Document
Directory Browsing
HTTP Errors
HTTP Logging
Request Monitor
Request Filtering
Static Content Compression
Web Server (IIS) Support
IIS 6 Metabase Compatibility
Windows Authentication

If you already installed .net 4.0 then you will need to run this command to register IIS with .net 4.0

c:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -r

System Center Operations Manager 2012 fresh install, Server Error in ‘/’ Application (Could not load type ‘System.ServiceModel.Activation.HttpModule’ from assembly ‘System.ServiceModel, Version=, Culture=neutral…)

Bad (or missing) ASP.NET registration map in IIS.
When multiple versions of the .NET Framework are executing side-by-side on a single computer, the ASP.NET ISAPI version mapped to an ASP.NET application determines which version of the common language runtime is used for the application. The ASP.NET IIS Registration tool (Aspnet_regiis.exe) allows an administrator or installation program to easily update the script maps for an ASP.NET application to point to the ASP.NET ISAPI version associated with the tool. The tool can also be used to display the status of all installed versions of ASP. NET, register the ASP.NET version coupled with the tool, create client-script directories, and perform other configuration operations.

To do:

aspnet_regiis.exe –iru

(from systemroot\Microsoft.NET\Framework\versionNumber (for example: 4.xxxx))

If you use IIS install after installing .NET Framework 4

You must install IIS before installing .NET Framework 4. If you installed IIS after installing .NET Framework 4, you must register ASP.NET 4.0 with IIS. Open a Command prompt window by using the Run As Administrator option and then run the following command:

%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -r 

Update: Installation of the web console stuffs requires that ISAPI and CGI Restrictions in IIS be enabled for ASP.NET 4. To enable this, select the web server in IIS, and then double-click ISAPI and CGI Restrictions.
Select ASP.NET v4.0.30319, and then click Allow.

Exchange 2010 service ‘/Autodiscover/autodiscover.xml’ error: Event ID 3, WebHost failed to process a request.

Error datas:

Log Name: Application
Source: System.ServiceModel
Event ID: 3
Task Category: WebHost
Level: Error
Keywords: Classic
WebHost failed to process a request.
Sender Information: System.ServiceModel.ServiceHostingEnvironment+HostingManager/32001227
Exception: System.ServiceModel.ServiceActivationException: The service ‘/Autodiscover/autodiscover.xml’ cannot be activated due to an exception during compilation. The exception message is: This collection already contains an address with scheme http. There can be at most one address per scheme in this collection.
Parameter name: item. —> System.ArgumentException: This collection already contains an address with scheme http. There can be at most one address per scheme in this collection.
Parameter name: item
at System.ServiceModel.UriSchemeKeyedCollection.InsertItem(Int32 index, Uri item)
at System.Collections.Generic.SynchronizedCollection`1.Add(T item)
at System.ServiceModel.UriSchemeKeyedCollection..ctor(Uri[] addresses)
at System.ServiceModel.ServiceHost..ctor(Type serviceType, Uri[] baseAddresses)
at System.ServiceModel.Activation.ServiceHostFactory.CreateServiceHost(Type serviceType, Uri[] baseAddresses)
at System.ServiceModel.Activation.ServiceHostFactory.CreateServiceHost(String constructorString, Uri[] baseAddresses)
at System.ServiceModel.ServiceHostingEnvironment.HostingManager.CreateService(String normalizedVirtualPath)
at System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateService(String normalizedVirtualPath)
at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)
— End of inner exception stack trace —
at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)
at System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast(String relativeVirtualPath)
Process Name: w3wp
Process ID: 7440


IIS look at the bindings, and you should clarify. For example:

Type: http – Hostname: FQDN_SERVERNAME – Port: 80 – IP: *
Type: http – Hostname: blank – Port: 80 – IP: *
Type: http – Hostname: blank – Port: – IP:
Type: https – Hostname: blank – Port: 443 – IP: *
Type: https – Hostname: blank – Port: 443 – IP:

Not need all (most), just enough to cover the following:

Type: https – Hostname: blank – Port: 443 – IP: *
Type: http – Hostname: blank – Port: 80 – IP: *

Manually remove Exchange 2010 Virtual Directory

  • Open IIS manager, and remove the Autodiscover Virtual Directory.
  • Remove the Autodiscover objects in AD:
  • Open ADSIEDIT.msc:
    Configuration–>CN=Services–>CN=Microsoft Exchange–>CN=Organization–>CN=Administrative Groups–>CN=Exchange Administrative Groups–>CN=Servers–>CN=Exchange–>CN=Protocols–>CN=HTTP
  • Check whether the CN=Autodiscover (Default Web Site) is present. If so, please remove it.
  • Delete the autodiscover in metabase: