Solved

Failed to open the Group Policy Object.

Posted on 2004-08-25
16
15,066 Views
Last Modified: 2011-08-18
Failed to open the Group Policy Object. You may not have appropriate rights.

Details:
Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied.

On a Win2003 with all HotFixes. I don't know how access would be denied, this is using the domain admin account.
0
Comment
Question by:8mathieu8
  • 8
  • 5
  • 2
  • +1
16 Comments
 
LVL 12

Expert Comment

by:ColinRoyds
ID: 11897200
can you access the netlogon / sysvol shares on the DC when browsing the network?
0
 
LVL 84

Expert Comment

by:oBdA
ID: 11897557
Are your DNS settings correct? Make sure that on your DC in the DNS settings of the TCP/IP properties, the only entry is the DC's IP address (not 127.0.0.1!). The same is true for all your domain members: the only DNS server to be used is the DC (assuming your DC is running DNS).

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036

HOW TO: Configure DNS for Internet Access in Windows Server 2003
http://support.microsoft.com/?kbid=323380
0
 
LVL 11

Expert Comment

by:kabaam
ID: 11898737
http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21103017.html
Are you getting 1030 and 1058 in event viewer

I just had the same thing with My server 2003.  It was a fresh install so I decided to just reformat and start over.  
As oBda has mentioned... chances are it is DNS... I Think I had other problems but the link has good info for troubleshooting this.
good luck
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:8mathieu8
ID: 11904070
Sysvol and NetLogong are accessible. Yes, I do get 1030 and 1058 event id.
I think that I reinstall like you did kabaam. This is only a test machine anyway!

thank you
0
 
LVL 84

Expert Comment

by:oBdA
ID: 11904263
In that case, make sure that the DFS service (do I need to mention the netlogon service) is running, and try to run the dfsutil /PurgeMupCache command from the first article.
Then another question: what is the user name you're logging on with?

Group Policy processing fails with Events 1058 and 1030 in Windows Server 2003
http://support.microsoft.com/?kbid=830676

Group Policy processing does not work and events 1030 and 1058 are logged in the application log of a domain controller
http://support.microsoft.com/?kbid=842804
0
 

Author Comment

by:8mathieu8
ID: 11904337
I read those KB but didn't help. I login on with administrator. DFS and netlogon are running.
I already started to reinstall the server. I going to keep that question opened until I reinstall everything in case it doesn't fix the problem.

thank you
0
 

Author Comment

by:8mathieu8
ID: 11906666
Must be related with a DNS misconfiguration because it doesn't work either after complete reinstallation. Here is my setup...

I also have event id 2630 in my logs
see
http://www.eventid.net/display.asp?eventid=2630&source=
for a description.

I used the "Configure Your server Wizard". It installs AD, DNS and DHCP.

This computer has 2 NICs. One is connected to the Internet and the other is for the LAN.

The one connected to the LAN...

IP 192.168.0.1
Subnet Mask 255.255.255.0
Prefered Dns Server 192.168.0.1

The one connected to Internet

IP "public IP given by my ISP"
Subnet Mask 255.255.255.0
Default Gateway: "the router IP"
Prefered Dns Server: None

The DNS of my ISP are entered in the Forwarders.





0
 

Author Comment

by:8mathieu8
ID: 11915767
It fixes the problem when I choose DHCP for the NIC connected to the Internet.
I must have a misconfiguration... do you see anything odd in the configuration of my 2 Nics?
The Internet does work on this machine ( on the client machine also).

0
 
LVL 84

Accepted Solution

by:
oBdA earned 250 total points
ID: 11916559
The two NICs might be the problem. On your external NIC, make sure that the "Register this connection's addresses in DNS" in the TCP/IP settings is unchecked. And just to be sure, in your DNS server's properties, make sure the DNS service only listens on your internal address.
Then check your forward lookup zone for leftover entries with your DC's name and the external address.
0
 

Author Comment

by:8mathieu8
ID: 11916778
That fixed my problem. I should not have used the wizard in the first place! Now it makes sense.

thank you oBdA
0
 
LVL 11

Expert Comment

by:kabaam
ID: 11917137
that makes good sence.. I can see how that would cause problems.  where were you guys last week when I was re-installing AD? hmmm
Oh well, glad you have it figured out and thanks for the lesson. :-)
0
 

Author Comment

by:8mathieu8
ID: 11932141
Still have problem... I did remove the check to "Register this connection's addresses in DNS" but the external IP still registers in DNS. When that happens, I can't open Group Policy Object Edition. Still the same error. Another thing strang is that whenever the ip appears in dns, it links it to the name of the server. Meaning that if I ping server.domain.local, it'll resolve the external IP and not the internal.
0
 
LVL 84

Expert Comment

by:oBdA
ID: 11936268
Seems to be stubborn one. Those might be of help:

Multiple IP Addresses Registered to Multiple Domains Under Dynamic DNS
http://support.microsoft.com/?kbid=254031

How to enable or disable dynamic DNS registrations in Windows 2000 and in Windows Server 2003
http://support.microsoft.com/?kbid=246804
0
 

Author Comment

by:8mathieu8
ID: 11943001
The only time that GPOE works is when I disable the external NIC. At the same time, the A record for that external IP disapear. This is a test machine and I don't intend on using 2 NICs on my futher DC. So for now, it is a good alternative to disable the Nic whenever I need to go in GPOE.

0
 
LVL 84

Expert Comment

by:oBdA
ID: 11943088
If the A record disappears once you disable the external NIC (and reappears once you enable it again), then dynamic registration is somehow still active for the adapter.
0
 

Author Comment

by:8mathieu8
ID: 11943174
Then there is a problem with the "Register this connection's addresses in DNS" check box because it is uncheck!
I tried the different registry keys noted in the kb that you indentified but none of them fixed the problem.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question