Event 1202 with status 0x534 logged on Windows Server 2008 R2 domain controllers after modifying security policy

When modifying any security setting in the Default Domain Controllers Policy using the Group Policy Management Console (GPMC) from the console of a Windows Server 2008 R2 domain controller, GPMC incorrectly translates the SID for the Wdiservice account in the policy to a user name which is not recognized by the local machines where the policy is enforced.

This issue also occurs when a Windows 7 or Windows Server 2008 R2 member computer modifies any security setting in the Default Domain Controllers Policy on a Windows Server 2008 R2 domain controller.

Edit the %SystemRoot%\Sysvol\domain\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\MACHINE\Microsoft\Windows NT\SecEdit\GPTTMPL.INF file:

Replace the value of a SeSystemProfilePrivilege: *S-1-5-32-544,NT Service\WdiServiceHost (initial value: *S-1-5-32-544,WdiServiceHost).

If you use IIS on server:
Add the “IIS AppPool\” prefix to ‘DefaultAppPool’ and ‘Classic .NET AppPool’ object.

Windows 8 CP: error parsing c:\windows\microsoft.NET\framework\v2.0.50727\config\machine.config parser returned error 0xC00CE556

In Windows 8 DP, .NET 2.0 application running, the following error message:
error parsing c:\windows\microsoft.NEt\framework\v2.0.50727\config\machine.config parser returned error 0xC00CE556

Solution:
Go in the “c:\windows\microsoft.NET\framework\v2.0.50727\config” directory, and renamed the “machine.config” to “machine.config.backup”, and then copied the “machine.config.default” to “machine.config”, worked fine.

Prerequisites in IIS for installing the SCOM 2012 Web Console

Web Server (IIS) role with the follow server role services:
(http://technet.microsoft.com/en-us/library/hh205990.aspx#BKMK_RBF_WebConsole)

Static Content
Default Document
Directory Browsing
HTTP Errors
HTTP Logging
Request Monitor
Request Filtering
Static Content Compression
Web Server (IIS) Support
IIS 6 Metabase Compatibility
ASP.NET
Windows Authentication

If you already installed .net 4.0 then you will need to run this command to register IIS with .net 4.0

c:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -r

System Center Operations Manager 2012 fresh install, Server Error in ‘/’ Application (Could not load type ‘System.ServiceModel.Activation.HttpModule’ from assembly ‘System.ServiceModel, Version=3.0.0.0, Culture=neutral…)

Bad (or missing) ASP.NET registration map in IIS.
When multiple versions of the .NET Framework are executing side-by-side on a single computer, the ASP.NET ISAPI version mapped to an ASP.NET application determines which version of the common language runtime is used for the application. The ASP.NET IIS Registration tool (Aspnet_regiis.exe) allows an administrator or installation program to easily update the script maps for an ASP.NET application to point to the ASP.NET ISAPI version associated with the tool. The tool can also be used to display the status of all installed versions of ASP. NET, register the ASP.NET version coupled with the tool, create client-script directories, and perform other configuration operations.

To do:

aspnet_regiis.exe –iru

(from systemroot\Microsoft.NET\Framework\versionNumber (for example: 4.xxxx))

If you use IIS install after installing .NET Framework 4

You must install IIS before installing .NET Framework 4. If you installed IIS after installing .NET Framework 4, you must register ASP.NET 4.0 with IIS. Open a Command prompt window by using the Run As Administrator option and then run the following command:

%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -r 

Update: Installation of the web console stuffs requires that ISAPI and CGI Restrictions in IIS be enabled for ASP.NET 4. To enable this, select the web server in IIS, and then double-click ISAPI and CGI Restrictions.
Select ASP.NET v4.0.30319, and then click Allow.