When installing Sophos Anti-Virus for Windows 2000+, you see one or more errors:
Error 1332: No mapping between account names and security IDs was done
Windows error 0x534: No mapping between account names and security IDS was done.
First seen in
Sophos Anti-Virus for Windows 2000+ 7.6.21
What to do
If you are unable to confirm the user account generating this error, follow the steps below :
- Open Notepad and open the file at %systemroot%\security\logs\winlogon.log - members of the Windows Server 2003 family and computers running Windows XP create this file by default during policy propagation
- Search for error 1332 - this indicates the account names that could not be resolved.
- Remove the unresolved account names from policies in your domain.
If the accounts are in the Default Domain or Domain Controller Group Policy objects, you can edit the policies in the Security Settings node of Group Policy to remove these account names. If the accounts exist elsewhere, you may have to browse through all Group Policy objects that are defined in the domain and remove them individually.
- Open Windows Control panel.
- Double-click 'Administrative Tools', and then double-click 'Local Security Policy'.
- Click 'Local Policies'|'User Rights Assignment'.
- Double-click each item under 'User Rights Assignments' to see whether the item contains the Power Users group. When you find a policy item that contains the Power Users group, deselect the Power Users check box, and then click 'OK'.
- Restart the computer and review the Winlogon.log file and Event Viewer to make sure that the error messages no longer occur.
If the issue is not resolved then run a repair from Add/Remove Programs/ Programs and Features to reset the accounts used by Sophos.
In some cases the following Windows error is displayed 0x534: No mapping between account names and security IDS was done.
This is usually caused because the security policy grants rights to user or group accounts which no longer exist to check which accounts are invalid.
For example if a customer has created a user called SophosUpdater which has a unique identifier of 1, and the system has lost the association between the two.
Another example is if the server has been promoted or demoted