I have three domain controllers that were getting Event 1202, source SceCli every five minutes with the error: "no mapping between account names and security IDs was done". I followed other recommendations and edited the gpttmpl.inf and added the prefixes "NT Service" and "IIS AppPool" to the corresponding accounts as suggested. This fixed my problem on both Windows 2008 DC's. However on my last DC which is Windows 2003 SP2, this did not resolve the problem. Now instead of "cannot find mssqlserver" the winlogon.log shows "cannot find nt service\mssqlserver", for example. The only suggestion I have seen for Windows 2003 was to remove the accounts from Group Policy for any with a Red X in RSOP. (The hotfix for this was only for Windows 2008 R2. )
The GPO is the default domain controllers. The accounts that are causing my problem are the mssqlserver, sqlserveragent, Mssqlfdlauncher, defaultapppool and class .net apppool. I'm pretty certain that I can't remove mssqlserver from "logon as a service" which is one of the user rights with a Red X (in RSOP on the Windows 2003 DC) as Sql Server is running on this DC. That may not be good practice but I don't have a choice in this matter.
I've read all the posts about this and am just not seeing another option for resolving this in Windows Server 2003. Am I just stuck with these continuing warnings filling up my application event log?