Group Policy Problem
Posted on 2004-11-04
I have a group policy that was previously working prior to using the Active Driectory Migration Wizzard to move a group of computers to a new domain.
Here is the error I receive in the applicaiton log:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Time: 4:30:46 AM
User: NT AUTHORITY\SYSTEM
Description: The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (3).
Microsoft state the following below as possible resolutions to this, but the question I have, what system to I need to investigate for these registry entries? I have checked the domain controller where the policy sits, no setting, and checked the local PC for these key entries with no result. Any one else expereinced this?
The \\Active Directory Domain Name\Sysvol share is a special share that requires the distributed file system (DFS) client to make a connection, and a valid Domain name record in DNS. If the DFS client is disabled, the domain records are missing, or the DNS records are not being registered properly, the error messages are generated.
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
Check the following registry value:
DisableDFS: REG_DWORD: range: 0 or 1
0 = enabled; 1 = disabled
Make sure that the value is set to 0, enabling the Dfs client. Also, File and Printer Sharing for Microsoft Networks must be enabled on the interface.
Verify the DNS Forward Lookup Zone has the correct A records for the domain name and domain controllers. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
258213 Registration of gc._msdcs.DnsForestName Records Is Required
To ensure the DNS Records are being registered, verify the following registry setting:
Data type: REG_DWORD
Default value: 1 (1=Enabled, 0=Disabled)