Solved

Failed to open the Group Policy Object.

Posted on 2004-08-25
16
15,062 Views
Last Modified: 2011-08-18
Failed to open the Group Policy Object. You may not have appropriate rights.

Details:
Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied.

On a Win2003 with all HotFixes. I don't know how access would be denied, this is using the domain admin account.
0
Comment
Question by:8mathieu8
  • 8
  • 5
  • 2
  • +1
16 Comments
 
LVL 12

Expert Comment

by:ColinRoyds
Comment Utility
can you access the netlogon / sysvol shares on the DC when browsing the network?
0
 
LVL 82

Expert Comment

by:oBdA
Comment Utility
Are your DNS settings correct? Make sure that on your DC in the DNS settings of the TCP/IP properties, the only entry is the DC's IP address (not 127.0.0.1!). The same is true for all your domain members: the only DNS server to be used is the DC (assuming your DC is running DNS).

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036

HOW TO: Configure DNS for Internet Access in Windows Server 2003
http://support.microsoft.com/?kbid=323380
0
 
LVL 11

Expert Comment

by:kabaam
Comment Utility
http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21103017.html
Are you getting 1030 and 1058 in event viewer

I just had the same thing with My server 2003.  It was a fresh install so I decided to just reformat and start over.  
As oBda has mentioned... chances are it is DNS... I Think I had other problems but the link has good info for troubleshooting this.
good luck
0
 

Author Comment

by:8mathieu8
Comment Utility
Sysvol and NetLogong are accessible. Yes, I do get 1030 and 1058 event id.
I think that I reinstall like you did kabaam. This is only a test machine anyway!

thank you
0
 
LVL 82

Expert Comment

by:oBdA
Comment Utility
In that case, make sure that the DFS service (do I need to mention the netlogon service) is running, and try to run the dfsutil /PurgeMupCache command from the first article.
Then another question: what is the user name you're logging on with?

Group Policy processing fails with Events 1058 and 1030 in Windows Server 2003
http://support.microsoft.com/?kbid=830676

Group Policy processing does not work and events 1030 and 1058 are logged in the application log of a domain controller
http://support.microsoft.com/?kbid=842804
0
 

Author Comment

by:8mathieu8
Comment Utility
I read those KB but didn't help. I login on with administrator. DFS and netlogon are running.
I already started to reinstall the server. I going to keep that question opened until I reinstall everything in case it doesn't fix the problem.

thank you
0
 

Author Comment

by:8mathieu8
Comment Utility
Must be related with a DNS misconfiguration because it doesn't work either after complete reinstallation. Here is my setup...

I also have event id 2630 in my logs
see
http://www.eventid.net/display.asp?eventid=2630&source=
for a description.

I used the "Configure Your server Wizard". It installs AD, DNS and DHCP.

This computer has 2 NICs. One is connected to the Internet and the other is for the LAN.

The one connected to the LAN...

IP 192.168.0.1
Subnet Mask 255.255.255.0
Prefered Dns Server 192.168.0.1

The one connected to Internet

IP "public IP given by my ISP"
Subnet Mask 255.255.255.0
Default Gateway: "the router IP"
Prefered Dns Server: None

The DNS of my ISP are entered in the Forwarders.





0
 

Author Comment

by:8mathieu8
Comment Utility
It fixes the problem when I choose DHCP for the NIC connected to the Internet.
I must have a misconfiguration... do you see anything odd in the configuration of my 2 Nics?
The Internet does work on this machine ( on the client machine also).

0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 82

Accepted Solution

by:
oBdA earned 250 total points
Comment Utility
The two NICs might be the problem. On your external NIC, make sure that the "Register this connection's addresses in DNS" in the TCP/IP settings is unchecked. And just to be sure, in your DNS server's properties, make sure the DNS service only listens on your internal address.
Then check your forward lookup zone for leftover entries with your DC's name and the external address.
0
 

Author Comment

by:8mathieu8
Comment Utility
That fixed my problem. I should not have used the wizard in the first place! Now it makes sense.

thank you oBdA
0
 
LVL 11

Expert Comment

by:kabaam
Comment Utility
that makes good sence.. I can see how that would cause problems.  where were you guys last week when I was re-installing AD? hmmm
Oh well, glad you have it figured out and thanks for the lesson. :-)
0
 

Author Comment

by:8mathieu8
Comment Utility
Still have problem... I did remove the check to "Register this connection's addresses in DNS" but the external IP still registers in DNS. When that happens, I can't open Group Policy Object Edition. Still the same error. Another thing strang is that whenever the ip appears in dns, it links it to the name of the server. Meaning that if I ping server.domain.local, it'll resolve the external IP and not the internal.
0
 
LVL 82

Expert Comment

by:oBdA
Comment Utility
Seems to be stubborn one. Those might be of help:

Multiple IP Addresses Registered to Multiple Domains Under Dynamic DNS
http://support.microsoft.com/?kbid=254031

How to enable or disable dynamic DNS registrations in Windows 2000 and in Windows Server 2003
http://support.microsoft.com/?kbid=246804
0
 

Author Comment

by:8mathieu8
Comment Utility
The only time that GPOE works is when I disable the external NIC. At the same time, the A record for that external IP disapear. This is a test machine and I don't intend on using 2 NICs on my futher DC. So for now, it is a good alternative to disable the Nic whenever I need to go in GPOE.

0
 
LVL 82

Expert Comment

by:oBdA
Comment Utility
If the A record disappears once you disable the external NIC (and reappears once you enable it again), then dynamic registration is somehow still active for the adapter.
0
 

Author Comment

by:8mathieu8
Comment Utility
Then there is a problem with the "Register this connection's addresses in DNS" check box because it is uncheck!
I tried the different registry keys noted in the kb that you indentified but none of them fixed the problem.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now