We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Userevn Problems

selhs
selhs asked
on
Medium Priority
465 Views
Last Modified: 2008-01-09
I'm getting 2 errors in my event log. I get a set of 2 that occur approximately once an hour.
Event ID: 1058
Source: Userevn
Type: Error
User: SELHS/Administrator

Windows cannot access the frile gpt.ini for GPO CN=[0324c4e7-e065-4281-b6b0-97f1db6dc35f],CN=policies,DC=selhs,dc=org.
The file must be present at the location <//selhs.org\sysvol\selhs.org\policies\[0324c4e7-e065-4281-b6b0-97f1db6dc35f]\gpt.ini>. (The specified user does not exist.) Group Policy processing aborted

Event ID: 1030
Source:Userevn
Type: Error
User:SELHS/administrator

Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

What is the cause and solution to this error?
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2013

Commented:
One possible cause is incorrectly configured DNS. Verify with an ' ipconfig  /all '  at the command line that your workstations point only to your DNS server an not to your ISP's DNS servers. The ISP's DNS servers should be added to your DNS server's Forwarders list.

If that is not the case, try running Microsoft's network test tool  netdiag.exe  It is available from the Windows Resource Kit or you can download from:
http://www3.ns.sympatico.ca/malagash/Downloads/Net/netdiag.exe
It will test numerous DNS, name resolution, and GP functions and report on each.

Author

Commented:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.SELHS.000>cd\

C:\>netdiag

....................................

    Computer Name: BDC
    DNS Host Name: bdc.selhs.org
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 15 Model 2 Stepping 7, GenuineIntel
    List of installed hotfixes :
        KB883939
        KB890046
        KB893756
        KB896358
        KB896422
        KB896424
        KB896428
        KB898715
        KB899587
        KB899588
        KB899589
        KB899591
        KB900725
        KB901017
        KB901214
        KB902400
        KB904706
        KB905414
        KB905915
        KB908519
        KB910437
        KB911564
        KB911927
        KB912919
        KB913446
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection 2

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : bdc.selhs.org
        IP Address . . . . . . . . : 10.0.0.209
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 10.0.0.1
        Dns Servers. . . . . . . . : 10.0.0.12


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{2A6A2A3F-EC58-4B2D-93C1-91689CD7ED47}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{2A6A2A3F-EC58-4B2D-93C1-91689CD7ED47}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{2A6A2A3F-EC58-4B2D-93C1-91689CD7ED47}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
    Secure channel for domain 'SELHS' is to '\\domainserv.selhs.org'.


Kerberos test. . . . . . . . . . . : Failed
        [FATAL] Kerberos does not have a ticket for host/bdc.selhs.org.


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
    Service status  is: Started
    Service startup is: Automatic
    IPSec service is available, but no policy is assigned or active
    Note: run "ipseccmd /?" for more detailed information


The command completed successfully

Here are my results. Everything appears to pass do you see anything out of the ordinary?

Author

Commented:
Kerberos test. . . . . . . . . . . : Failed
        [FATAL] Kerberos does not have a ticket for host/bdc.selhs.org.

How can this be fixed I should've stated?
CERTIFIED EXPERT
Top Expert 2013

Commented:
The kerberose test failure is not likely a problem. There is actually a "glitch" in the netdiag utility that often returns this. However if in doubt there are specific tools to test this. Have look at the following articles which explains the problem and where to find the other tools. I'll do a little digging in the mean time.
http://support.microsoft.com/?kbid=870692
http://www.jsifaq.com/SUBQ/tip8300/rh8319.htm
CERTIFIED EXPERT
Top Expert 2013

Commented:
Have you seen the link below? Seems there can be a lot of issues causing that combination of errors. Rather than posting it all here have a look:
http://www.eventid.net/display.asp?eventid=1058&eventno=1752&source=Userenv&phase=1

One thing I did notice is someone found MS patch KB899587 caused the problem. I notice you also have that patch installed on this system.

Author

Commented:
I removed the patch and did a few other adjustments and nothing. I'm wondering if i'm having a DNS problem. I have the Baseline Analyzer that I run on my server. It can't seem to resolve IP address's when it does a network scan. This use to work up until December. However I can ping by name. Is there something i'm missing in my DNS forwarders?
CERTIFIED EXPERT
Top Expert 2013
Commented:
can you resolve a name using at a command line?
nslookup  YourServerName

If not rather than forwarders it may be reverse lookup zones.
Though Reverse Lookup zones are not normally necessary it may be the issue. If you don't have any you can create by right clicking  on the reverse look up zones folder choose new, primary zone and enter the first three octets of your subnet such as 192.168.123  Choose all defaults and it will create the zone (reverses the IP) . Assuming you have dynamic updates enabled (you likely do) it will build the list of computers over the next hour. If you want to manual add the server or others to speed things up right click in the right hand window and add a new ptr record by entering the IP and ComputerName of the device.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\administrator.SELHS>nslookup domainserv
*** Can't find server name for address 10.0.0.12: Non-existent domain
*** Default servers are not available
Server:  UnKnown
Address:  10.0.0.12

Name:    domainserv.selhs.org
Address:  10.0.0.12


CERTIFIED EXPERT
Top Expert 2013

Commented:
Adding a reverse lookup zone for your domain should repair at least the above.

Author

Commented:
Nope still getting the same error and the reverse lookup looks correct. It added all the IP address's on my network
CERTIFIED EXPERT
Top Expert 2013

Commented:
Did it at least repair the nslookup results ?

I am about out of suggestions. I just uploaded DCDiag to the same location:
http://www3.ns.sympatico.ca/malagash/Downloads/DC/
You could try running either from the domain controller with simply DCDiag or from a workstation using
  dcdiag  /n:YourDomain.suffix
Not sure if there is a difference in the test if run on either. Results may be of some help.
CERTIFIED EXPERT
Top Expert 2013

Commented:
Thanks selhs,
--Rob
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.