Default Domain Policy Errors

Posted on 2005-05-06
Last Modified: 2012-08-13
I'm having an issue right now with the Default Domain Policy not applying correctly to my XP and 2003 machines. I am having no issues with my W2K Servers. Upon reboot, all the machines log the following errors:

Event Type:      Error
Event Source:      Application Management
Event Category:      None
Event ID:      108
Date:            5/6/2005
Time:            12:18:52 PM
User:            NT AUTHORITY\SYSTEM
Computer:      COMPUTERNAZI1
Failed to apply changes to software installation settings.  Software changes could not be applied.  A previous log entry with details should exist.  The error was : There is no software installation data object in the Active Directory.

For more information, see Help and Support Center at

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1085
Date:            5/6/2005
Time:            12:18:52 PM
User:            NT AUTHORITY\SYSTEM
Computer:      COMPUTERNAZI1
The Group Policy client-side extension Software Installation failed to execute. Please look for any errors reported earlier by that extension.

For more information, see Help and Support Center at

I used verbose logging to create an appmgmt.log. I received the following results:

05-06 12:18:52:593
Software installation extension has been called for foreground synchronous policy refresh.
The following policies are to be applied, flags are 1.
    Default Domain Policy (unique identifier {31B2F340-016D-11D2-945F-00C04FB984F9})
        System volume path = \\\sysvol\\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine
        Active Directory path = LDAP://CN=Machine,CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=AIRQCCORP,DC=com
Set the Active Directory path to LDAP://CN=Class Store,CN=Machine,CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=AIRQCCORP,DC=com;.
Enumerating applications in the Active Directory for computer COMPUTERNAZI1 with flags 5.
Cannot bind to the Active Directory to enumerate applications, error code 80040169.
Failed to apply changes to software installation settings.  Software changes could not be applied.  A previous log entry with details should exist.  The error was : %2147746153

Software installation extension returning with final error code 2147746153.

So I realized it was my default domain policy and I do not have any software installation in that or any GPO.

I ran RSOP to see what GPOs were being applied to what computers and I received an error that under Default Domain Policy - Software Installation Status was Pending and here is the error code:
Friday, May 06, 2005 2:12:42 PM

Software Installation did not complete policy processing because a system restart is required for the settings to be applied.  Group Policy will attempt to apply the settings the next time the computer is restarted.

All computers have been restarted multiple times including the DCs so this is not an issue.

Here is some background that I think is pertinent. 3 months ago, I had a catastrophic hardware failure on my W2K PDC,RID DC over a weekend and it propigated to my other Dcs. I had to seize roles and do a Authoritative System State restore.Did have a GPO with Software deployment with the share on the server that went belly up. Removed that GPO both link and object. Had no errors on any of my W2k DCs (didn't check my XP machines - kicking myself as we speak). I have been adding 2003 member server to the domain since then....and in the last month, promoted 2 of them to DCs. No errors during adprep. Dcpromo ran smoothly. I do have some different issues concerning the DC promo of the Win2003 servers but I want to take care of this first and maybe it will alleviate the others.

These errors are not affecting anyone's abilities to log on or access network resources. Currently, they are not affecting any day to day. Just worried they might!

Thanks in advance! You guys have helped me out tremendously in the past by just reading your posts so I decided to throw this one out there for you.

Question by:mickilu
    LVL 20

    Accepted Solution

    Hopefully these will guide you to a fix...

    Possible causes:

    Identifying Group Policy Client-Side Extensions -;en-us;Q216357
    Troubleshooting Group Policy Client-Side Extension Behavior -;en-us;Q216358

    Other Possibilties:

    Event ID 1091 and Event ID 1085 Appear in the Application Event Log -;en-us;Q823608
    Group Policy could not apply one of the client-side extensions. As a result, the extension settings have been only partially applied -

    And lastly...

    Packages Assigned to Computers with Group Policy Are Not Installed -;en-us;Q278472

    Per Microsoft: “This behavior may occur if you have a Microsoft Windows 2000 domain that includes Windows Server 2003-based servers, and you apply Internet Protocol security (IPSec) policies by using Group Policy. These event messages appear in the Application event log every time that these policies are applied on the Windows Server 2003-based servers”. See Q823608 to fix this problem".;en-us;Q823608

    See the link to "Microsoft event 1085 from source Userenv" for additional information on this event.

    Author Comment


    Thanks for the response. I was fighting a really nasty bug this weekend so I didn't have a chance to try the information you sent. Will work on it this AM and let you know how my progress.

    Again thanks,
    LVL 20

    Expert Comment

    Not sure what happened to his problem.. But the links should have been able to guide him to a fix

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Suggested Solutions

    Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now