Solved

Failed to open the Group Policy Object.

Posted on 2004-08-25
16
15,067 Views
Last Modified: 2011-08-18
Failed to open the Group Policy Object. You may not have appropriate rights.

Details:
Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied.

On a Win2003 with all HotFixes. I don't know how access would be denied, this is using the domain admin account.
0
Comment
Question by:8mathieu8
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
  • 2
  • +1
16 Comments
 
LVL 12

Expert Comment

by:ColinRoyds
ID: 11897200
can you access the netlogon / sysvol shares on the DC when browsing the network?
0
 
LVL 84

Expert Comment

by:oBdA
ID: 11897557
Are your DNS settings correct? Make sure that on your DC in the DNS settings of the TCP/IP properties, the only entry is the DC's IP address (not 127.0.0.1!). The same is true for all your domain members: the only DNS server to be used is the DC (assuming your DC is running DNS).

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036

HOW TO: Configure DNS for Internet Access in Windows Server 2003
http://support.microsoft.com/?kbid=323380
0
 
LVL 11

Expert Comment

by:kabaam
ID: 11898737
http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21103017.html
Are you getting 1030 and 1058 in event viewer

I just had the same thing with My server 2003.  It was a fresh install so I decided to just reformat and start over.  
As oBda has mentioned... chances are it is DNS... I Think I had other problems but the link has good info for troubleshooting this.
good luck
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:8mathieu8
ID: 11904070
Sysvol and NetLogong are accessible. Yes, I do get 1030 and 1058 event id.
I think that I reinstall like you did kabaam. This is only a test machine anyway!

thank you
0
 
LVL 84

Expert Comment

by:oBdA
ID: 11904263
In that case, make sure that the DFS service (do I need to mention the netlogon service) is running, and try to run the dfsutil /PurgeMupCache command from the first article.
Then another question: what is the user name you're logging on with?

Group Policy processing fails with Events 1058 and 1030 in Windows Server 2003
http://support.microsoft.com/?kbid=830676

Group Policy processing does not work and events 1030 and 1058 are logged in the application log of a domain controller
http://support.microsoft.com/?kbid=842804
0
 

Author Comment

by:8mathieu8
ID: 11904337
I read those KB but didn't help. I login on with administrator. DFS and netlogon are running.
I already started to reinstall the server. I going to keep that question opened until I reinstall everything in case it doesn't fix the problem.

thank you
0
 

Author Comment

by:8mathieu8
ID: 11906666
Must be related with a DNS misconfiguration because it doesn't work either after complete reinstallation. Here is my setup...

I also have event id 2630 in my logs
see
http://www.eventid.net/display.asp?eventid=2630&source=
for a description.

I used the "Configure Your server Wizard". It installs AD, DNS and DHCP.

This computer has 2 NICs. One is connected to the Internet and the other is for the LAN.

The one connected to the LAN...

IP 192.168.0.1
Subnet Mask 255.255.255.0
Prefered Dns Server 192.168.0.1

The one connected to Internet

IP "public IP given by my ISP"
Subnet Mask 255.255.255.0
Default Gateway: "the router IP"
Prefered Dns Server: None

The DNS of my ISP are entered in the Forwarders.





0
 

Author Comment

by:8mathieu8
ID: 11915767
It fixes the problem when I choose DHCP for the NIC connected to the Internet.
I must have a misconfiguration... do you see anything odd in the configuration of my 2 Nics?
The Internet does work on this machine ( on the client machine also).

0
 
LVL 84

Accepted Solution

by:
oBdA earned 250 total points
ID: 11916559
The two NICs might be the problem. On your external NIC, make sure that the "Register this connection's addresses in DNS" in the TCP/IP settings is unchecked. And just to be sure, in your DNS server's properties, make sure the DNS service only listens on your internal address.
Then check your forward lookup zone for leftover entries with your DC's name and the external address.
0
 

Author Comment

by:8mathieu8
ID: 11916778
That fixed my problem. I should not have used the wizard in the first place! Now it makes sense.

thank you oBdA
0
 
LVL 11

Expert Comment

by:kabaam
ID: 11917137
that makes good sence.. I can see how that would cause problems.  where were you guys last week when I was re-installing AD? hmmm
Oh well, glad you have it figured out and thanks for the lesson. :-)
0
 

Author Comment

by:8mathieu8
ID: 11932141
Still have problem... I did remove the check to "Register this connection's addresses in DNS" but the external IP still registers in DNS. When that happens, I can't open Group Policy Object Edition. Still the same error. Another thing strang is that whenever the ip appears in dns, it links it to the name of the server. Meaning that if I ping server.domain.local, it'll resolve the external IP and not the internal.
0
 
LVL 84

Expert Comment

by:oBdA
ID: 11936268
Seems to be stubborn one. Those might be of help:

Multiple IP Addresses Registered to Multiple Domains Under Dynamic DNS
http://support.microsoft.com/?kbid=254031

How to enable or disable dynamic DNS registrations in Windows 2000 and in Windows Server 2003
http://support.microsoft.com/?kbid=246804
0
 

Author Comment

by:8mathieu8
ID: 11943001
The only time that GPOE works is when I disable the external NIC. At the same time, the A record for that external IP disapear. This is a test machine and I don't intend on using 2 NICs on my futher DC. So for now, it is a good alternative to disable the Nic whenever I need to go in GPOE.

0
 
LVL 84

Expert Comment

by:oBdA
ID: 11943088
If the A record disappears once you disable the external NIC (and reappears once you enable it again), then dynamic registration is somehow still active for the adapter.
0
 

Author Comment

by:8mathieu8
ID: 11943174
Then there is a problem with the "Register this connection's addresses in DNS" check box because it is uncheck!
I tried the different registry keys noted in the kb that you indentified but none of them fixed the problem.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question