[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 15081
  • Last Modified:

Failed to open the Group Policy Object.

Failed to open the Group Policy Object. You may not have appropriate rights.

Details:
Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied.

On a Win2003 with all HotFixes. I don't know how access would be denied, this is using the domain admin account.
0
8mathieu8
Asked:
8mathieu8
  • 8
  • 5
  • 2
  • +1
1 Solution
 
ColinRoydsCommented:
can you access the netlogon / sysvol shares on the DC when browsing the network?
0
 
oBdACommented:
Are your DNS settings correct? Make sure that on your DC in the DNS settings of the TCP/IP properties, the only entry is the DC's IP address (not 127.0.0.1!). The same is true for all your domain members: the only DNS server to be used is the DC (assuming your DC is running DNS).

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036

HOW TO: Configure DNS for Internet Access in Windows Server 2003
http://support.microsoft.com/?kbid=323380
0
 
chadCommented:
http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21103017.html
Are you getting 1030 and 1058 in event viewer

I just had the same thing with My server 2003.  It was a fresh install so I decided to just reformat and start over.  
As oBda has mentioned... chances are it is DNS... I Think I had other problems but the link has good info for troubleshooting this.
good luck
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
8mathieu8Author Commented:
Sysvol and NetLogong are accessible. Yes, I do get 1030 and 1058 event id.
I think that I reinstall like you did kabaam. This is only a test machine anyway!

thank you
0
 
oBdACommented:
In that case, make sure that the DFS service (do I need to mention the netlogon service) is running, and try to run the dfsutil /PurgeMupCache command from the first article.
Then another question: what is the user name you're logging on with?

Group Policy processing fails with Events 1058 and 1030 in Windows Server 2003
http://support.microsoft.com/?kbid=830676

Group Policy processing does not work and events 1030 and 1058 are logged in the application log of a domain controller
http://support.microsoft.com/?kbid=842804
0
 
8mathieu8Author Commented:
I read those KB but didn't help. I login on with administrator. DFS and netlogon are running.
I already started to reinstall the server. I going to keep that question opened until I reinstall everything in case it doesn't fix the problem.

thank you
0
 
8mathieu8Author Commented:
Must be related with a DNS misconfiguration because it doesn't work either after complete reinstallation. Here is my setup...

I also have event id 2630 in my logs
see
http://www.eventid.net/display.asp?eventid=2630&source=
for a description.

I used the "Configure Your server Wizard". It installs AD, DNS and DHCP.

This computer has 2 NICs. One is connected to the Internet and the other is for the LAN.

The one connected to the LAN...

IP 192.168.0.1
Subnet Mask 255.255.255.0
Prefered Dns Server 192.168.0.1

The one connected to Internet

IP "public IP given by my ISP"
Subnet Mask 255.255.255.0
Default Gateway: "the router IP"
Prefered Dns Server: None

The DNS of my ISP are entered in the Forwarders.





0
 
8mathieu8Author Commented:
It fixes the problem when I choose DHCP for the NIC connected to the Internet.
I must have a misconfiguration... do you see anything odd in the configuration of my 2 Nics?
The Internet does work on this machine ( on the client machine also).

0
 
oBdACommented:
The two NICs might be the problem. On your external NIC, make sure that the "Register this connection's addresses in DNS" in the TCP/IP settings is unchecked. And just to be sure, in your DNS server's properties, make sure the DNS service only listens on your internal address.
Then check your forward lookup zone for leftover entries with your DC's name and the external address.
0
 
8mathieu8Author Commented:
That fixed my problem. I should not have used the wizard in the first place! Now it makes sense.

thank you oBdA
0
 
chadCommented:
that makes good sence.. I can see how that would cause problems.  where were you guys last week when I was re-installing AD? hmmm
Oh well, glad you have it figured out and thanks for the lesson. :-)
0
 
8mathieu8Author Commented:
Still have problem... I did remove the check to "Register this connection's addresses in DNS" but the external IP still registers in DNS. When that happens, I can't open Group Policy Object Edition. Still the same error. Another thing strang is that whenever the ip appears in dns, it links it to the name of the server. Meaning that if I ping server.domain.local, it'll resolve the external IP and not the internal.
0
 
oBdACommented:
Seems to be stubborn one. Those might be of help:

Multiple IP Addresses Registered to Multiple Domains Under Dynamic DNS
http://support.microsoft.com/?kbid=254031

How to enable or disable dynamic DNS registrations in Windows 2000 and in Windows Server 2003
http://support.microsoft.com/?kbid=246804
0
 
8mathieu8Author Commented:
The only time that GPOE works is when I disable the external NIC. At the same time, the A record for that external IP disapear. This is a test machine and I don't intend on using 2 NICs on my futher DC. So for now, it is a good alternative to disable the Nic whenever I need to go in GPOE.

0
 
oBdACommented:
If the A record disappears once you disable the external NIC (and reappears once you enable it again), then dynamic registration is somehow still active for the adapter.
0
 
8mathieu8Author Commented:
Then there is a problem with the "Register this connection's addresses in DNS" check box because it is uncheck!
I tried the different registry keys noted in the kb that you indentified but none of them fixed the problem.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

  • 8
  • 5
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now