PKI Problem... again

[Alvey Robert W KPWA <AlveyRW () kpt nuwc navy mil>]

Okay, back with some more info.

System:
Windows 2000 w/ IIS 5.0

Here's the problem:
I've got a web server that I'm moving over to require PKI authentication to
access the web site.  However, when I do this the first time someone tries
to connect to the site, IIS hangs.  The Application Event Log says this is a
SCECLI 1202 event, which says I've got some user accounts (two in my case)
that no longer exist locally or on the domain, but do exist in some group
policy and because of that they can't be mapped to SIDs, which causes the
whole process to go kaput.

I can't reach a solution because I've followed the directions on Microsoft's
site (http://support.microsoft.com/default.aspx?scid=kb;en-us;324383), but
the user names that can't be mapped are not in any GPOs.  Anyone know how I
can get around this issue?

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------