callworth
asked on
1030, 1058 errors and SYSVOL share permissions problem
When I try to access the SYSVOL share I end up withthe following:
\\server\SYSVOL - Connects to the server and files are all there
\\domain.org\SYSVOL - This way gives me the following error:
\\domain.org\SYSVOL is not accessible. You might not have permission to use this network resource. Contact the administrator of the server to find out if you have access permissions.
Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied.
Event Log Errors
User: NT AUTHORITY\SYSTEM
Event ID: 1058
Windows cannot access the file gpt.ini for GPO cn={CBA46A00-FCD6-4AF5-8CB 9-6002AEC0 F377},cn=p olicies,cn =system,DC =DOMAIN,DC =ORG. The file must be present at the location <\\DOMAIN.ORG\sysvol\DOMAI N.ORG\Poli cies\{CBA4 6A00-FCD6- 4AF5-8CB9- 6002AEC0F3 77}\gpt.in i>. (Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. ). Group Policy processing aborted.
User: NT AUTHORITY\SYSTEM
Event ID: 1030
Windows cannot query for the list of Group Policy objects. Check the event
log for possible messages previously logged by the policy engine that
describes the reason for this.
I have tried using DCGPOFIX but it didnt help. Ive gone through too many Microsoft KB articles to remember! What I have done is to add the SYSTEM account to the SYSVOL share permissions and that fixed things. However Microsoft doesnt recommend the SYSTEM account be included in the permissions on the folder. Ive repeatedly verified the permissions on the NTFS level and the share level. Any ideas on how to properly fix this?
\\server\SYSVOL - Connects to the server and files are all there
\\domain.org\SYSVOL - This way gives me the following error:
\\domain.org\SYSVOL is not accessible. You might not have permission to use this network resource. Contact the administrator of the server to find out if you have access permissions.
Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied.
Event Log Errors
User: NT AUTHORITY\SYSTEM
Event ID: 1058
Windows cannot access the file gpt.ini for GPO cn={CBA46A00-FCD6-4AF5-8CB
User: NT AUTHORITY\SYSTEM
Event ID: 1030
Windows cannot query for the list of Group Policy objects. Check the event
log for possible messages previously logged by the policy engine that
describes the reason for this.
I have tried using DCGPOFIX but it didnt help. Ive gone through too many Microsoft KB articles to remember! What I have done is to add the SYSTEM account to the SYSVOL share permissions and that fixed things. However Microsoft doesnt recommend the SYSTEM account be included in the permissions on the folder. Ive repeatedly verified the permissions on the NTFS level and the share level. Any ideas on how to properly fix this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I ended up contacting Microsoft to resolve this. Your troubleshooting made the call easier as I'd already ruled many things out. Thanks guys!
ThanQ
ASKER
DFS is running and set to automatic.
TCP/IP NetBIOS Helper is running and set to automatic.
bypass traverse checking is set for Everyone, Administrators, Authenticated Users
Anti-Virus doesn't scan the SYSVOL folders (I've also tried removing AntiVirus just to be sure)
I've verified that authenticated users have Read and Execute, List Folder Contents and Read all of the GPO folders within the SYSVOL
I've reset the policies and started from scratch. We still get the same error.
I have not yet tried to remove TCP/IP but I'll have to give that a shot tonight. Thanks for suggestions!